National Cyber Warfare Foundation (NCWF)

CrowdStrike Drives Cybersecurity Forward with New Innovations Spanning AI, Cloud, Next-Gen SIEM and Identity Protection


0 user ratings
2024-09-20 14:56:17
milo
Blue Team (CND)

 - archive -- 
Today’s threat landscape is defined by adversaries’ increasing speed and quickly evolving tactics. Now more than ever, it is imperative organizations unify and accelerate their security operations to detect, identify and respond to threats at the rapid pace of the adversary. This isn’t always straightforward. Security teams are often burdened by complex technology deployments, siloed […

Today’s threat landscape is defined by adversaries’ increasing speed and quickly evolving tactics. Now more than ever, it is imperative organizations unify and accelerate their security operations to detect, identify and respond to threats at the rapid pace of the adversary.


This isn’t always straightforward. Security teams are often burdened by complex technology deployments, siloed data, blind spots and manual processes, which slow their ability to respond and allow adversaries to operate undetected. To fight modern threats, organizations require a unified cybersecurity platform that empowers them to operate with speed and precision.


CrowdStrike is resolute in our commitment to unifying every step of security operations — from risk assessment, to threat detection, to remediation and response — through the AI-native CrowdStrike Falcon® cybersecurity platform. We are constantly innovating to provide the data, visibility and protection our customers need to stop modern adversaries.


At this week’s Fal.Con conference, we are excited to announce a multitude of innovations built to unify, automate and accelerate end-to-end security and IT operations on the Falcon platform. These updates extend to a broad range of Falcon platform modules including CrowdStrike Falcon® Cloud Security, CrowdStrike Falcon® Next-Gen SIEM, CrowdStrike® Charlotte AI™, CrowdStrike Falcon® for IT, CrowdStrike Falcon® Identity Protection and CrowdStrike Falcon® Exposure Management. The platform ties all of these capabilities together to create a cohesive user experience and robust defense needed to stop breaches.


The announcements we are sharing today demonstrate our intense focus on building a more resilient Falcon platform and addressing our customers’ greatest cybersecurity concerns. We continue to invest in growth and innovation to build cybersecurity’s most resilient AI-powered platform.


Let’s take a closer look at what’s new.


Project Kestrel: Breaking Down Silos with a Customized Platform Experience


Security teams often struggle with siloed data spread across products, forcing them to export and merge data in spreadsheets for a full view — a fragmented process that impedes analysis, stifles innovation and hinders operations.


Project Kestrel revolutionizes the Falcon platform by removing silos and unifying data from across multiple products to provide an all-in-one view of an organization’s security environment. This streamlined user interface provides insight into assets, vulnerabilities, misconfigurations and more to empower users to make faster and more informed decisions, improving security processes to help stop critical threats from going undetected.


Core to Project Kestrel is its clean, simple user experience. With customizable views and workflows, the platform ensures critical information is tailored to each user’s needs. Whether it’s a SOC analyst, threat hunter, engineer or executive, each user can access the most pertinent data and benefit from the personalized views that power quick, efficient action.


Cloud Security: Block Threats Across Cloud Infrastructure, Applications, Data and AI Models


Siloed security tools limit visibility, complicating threat management and driving the risk of missed vulnerabilities and poor breach prevention. Overwhelmed by excessive alerts from fragmented tools, security teams face alert fatigue and risk missing threats.


Unified security posture management (USPM) is integral to modern cybersecurity defense. Falcon Cloud Security’s latest advancements unite data security posture management (DSPM), application security posture management (ASPM) and AI security posture management (AI-SPM) to deliver comprehensive protection across key layers of your environment.


DSPM provides insight into where valuable data resides, how it’s accessed and where vulnerabilities exist. This data layer sharpens risk prioritization, enabling teams to defend critical assets with precision. ASPM, recently integrated into Falcon Cloud Security, extends this capability by providing full visibility into application security posture, identifying misconfigurations and vulnerabilities before they’re exploited. AI-SPM brings a critical layer of protection for AI models by detecting risks across platforms such as OpenAI, Amazon Bedrock and Vertex AI and helping prevent AI-specific threats.


As we expand the range of controls with DSPM, ASPM and AI-SPM, we’re also deepening it across existing assets. Falcon Cloud Security’s real-time asset inventory acts as your GPS, continuously tracking assets across AWS, Azure, Google Cloud and VMware. This live monitoring, now generally available, provides an up-to-date view of misconfigurations and potential attack paths, empowering security teams to prioritize risks and swiftly respond.


Read our deep-dive blog to learn more about the latest Falcon Cloud Security innovations.


Next-Gen SIEM: Detect and Respond to Threats Faster Than Ever


As organizations grow more complex and data sources proliferate, teams spend more time setting up, managing and extracting value from their SIEMs rather than focusing on breach prevention.


The future of security demands next-gen SIEM technology built for scale and speed. Today we are announcing AI and workflow automation breakthroughs, new defenses to detect and stop threats, and advancements to aid the migration from legacy SIEM to Falcon Next-Gen SIEM.


New CrowdStrike Falcon® Fusion SOAR enhancements empower teams to quickly stop attacks by automating nearly any task. Featuring a modern user experience and a new content library with an expanding set of prebuilt workflows and 300+ actions — including 200 new third-party actions — Falcon Fusion SOAR provides unmatched automation, orchestration and response capabilities to CrowdStrike customers at no extra cost.


To outsmart today’s adversaries, organizations need full threat visibility and accurate detections. Detection Posture Management maps active detection rules to MITRE ATT&CK® techniques to provide a clear view of detection coverage. Teams can use this to evaluate detection capabilities across data sources, including Falcon and third-party data, all in one place.


Falcon Next-Gen SIEM simplifies collecting and processing data from any source, even if a prebuilt parser doesn’t exist, with our new AI-generated parsers. By analyzing sample logs with multiple large language models, Falcon Next-Gen SIEM can classify log structure and contents to build parsers, saving hours of busywork. Users can review and update AI-generated parsers with a flexible parser editor.


Read our deep-dive blog to learn more about the new capabilities in Falcon Next-Gen SIEM.


AI Innovations: Accelerated Operations and Upgraded Analyst Experience


Security teams are under mounting scrutiny to detect, triage and respond to threats with greater speed, efficiency and scale – without compromising on precision or accuracy.


Beyond AI-generated parsers, we’re announcing three additional innovations that harness the power of AI. These capabilities are built to shatter persistent barriers to effective threat response and help teams move at the pace of the adversary.


Attack Path Analysis (APA), delivered through Falcon Exposure Management, empowers security teams overwhelmed by long lists of vulnerabilities to predict, map and visualize how attackers could navigate their asset environment to target critical systems. Utilizing proprietary ExPRT.AI trained on threat intelligence, APA maps cross-domain paths between cloud and on-premises environments and highlights both CVEs and cloud misconfigurations. It also generates low-effort, high-impact remediation recommendations so teams can take precise and targeted actions to quickly prevent breaches when minutes matter.


CrowdStrike Signal, a new AI-powered engine for CrowdStrike Falcon® Insight XDR, accelerates threat detection by generating and prioritizing automated leads. CrowdStrike Signal reduces noise and provides a starting point for investigations, enhancing analyst efficiency. This AI-driven approach identifies potential threats early, surfacing leads that streamline triage and speed up response times.


Charlotte AI’s new detection triage capability will further compress investigation and response times by helping teams rapidly discern between true and false positives, provide recommended triage actions and report its assessments. This feature will enable Charlotte AI users to apply the world-class detection triage guidance of CrowdStrike experts across incoming detections with the speed, consistency and scale of AI.


Read our deep-dive blog for more details on the AI innovations announced today.


Identity Protection: New Capabilities for Entra ID and Privileged Access


Adversaries often use identity-based techniques, targeting identity provider misconfigurations and weak MFA processes. For organizations with multiple identity providers, restricting lateral movement between them is critical.


Falcon Identity Protection delivers real-time threat prevention for Microsoft Entra ID to stop adversaries before they strike. Powered by advanced user behavior analytics and risk-based access decisions, it operates inline with every Entra ID authentication flow to block unauthorized devices and prevent identity-based attacks. Falcon Identity Protection uses the Falcon platform to assess user risk and device trust, as well as third-party sources like Intune and Entra ID, enabling real-time decisions to grant, block or enforce conditional access.


Falcon Identity Protection integrates seamlessly with Microsoft Entra ID through the External Authentication Method (EAM). By combining CrowdStrike’s threat intelligence with Falcon risk scores and device trust data, organizations can make dynamic, real-time access decisions to prevent attacks before they happen.


We are also excited to introduce new privileged access innovations that reduce the identity attack surface by enforcing just-in-time access for privileged administrator roles. Unlike traditional PAM products that can take months or years to realize a return on investment, Falcon Privileged Access leverages the existing Falcon sensor and cloud connectors to deliver rapid ROI.


Read our deep-dive blog to learn more about today’s Falcon Identity Protection updates.


Falcon for IT: Now with Enhanced Queries and Automated Workflows


Organizations struggle to maintain complete and accurate visibility of all of their assets across the enterprise, hindering their ability to effectively respond to an incident.


Falcon for IT unifies security and IT with real-time visibility and automated remediation at scale. Teams can now use customizable queries to gather extended asset context with the Falcon agent and achieve full visibility across their entire IT estate. Falcon for IT interrogates assets in real time to gather context beyond standard security telemetry to support investigation and response activities and streamline IT operations.


Real-time extended asset context is made more powerful with real-time response. Admins can now create custom response actions in addition to built-in quick actions for limitless remediation workflows. This visibility-to-action loop closes the exposure gap to harden enterprise assets.


Falcon for IT’s automated tasks empower admins to create scheduled queries in Falcon for IT and define a corresponding set of automated responses to promptly resolve compliance or configuration issues, apply emergency patches and proactively address issues that might impact end user productivity.


CrowdStrike Financial Services: Streamlined Access to the Falcon Platform


CrowdStrike is streamlining access to the Falcon platform and Fal.Con 2024 innovations with CrowdStrike Financial Services, tailored financing solutions to align with business needs.


CrowdStrike Financial Services will make loans available to customers to help them purchase CrowdStrike products and services with greater ease. It will include custom payment options, transparent terms, competitive rates and exceptional hands-on customer service from our team of experienced financing professionals.1 When paired with CrowdStrike Falcon® Flex, customers can get ultimate flexibility and financial visibility to stay ahead of adversaries and better manage financial resources.


The Power of a Unified Platform to Defeat Adversaries


Organizations have long been piecing together their security posture with disparate data, technologies and teams. For too long, adversaries have been exploiting the gaps between point tools and siloed operations, hiding in these gaps undetected and using them to their advantage.


A unified cybersecurity platform addresses these gaps to create a robust and impenetrable defense against today’s threat actors. With the single-agent, cloud- and AI-native Falcon platform, the whole is more than the sum of its parts. Innovations to each module support the other modules to work better together, strengthen end-to-end security operations and achieve the outcome that matters most — stopping breaches.


CrowdStrike has consistently been recognized for our industry-leading cybersecurity platform and the individual modules and capabilities that are part of it. The new innovations we have announced today demonstrate our commitment to staying ahead of modern threats and building the technology our customers need to defeat today’s adversaries.


Forward Looking Statements


This blog includes forward-looking statements including, but not limited to, statements concerning the expected timing of product and feature availability, the benefits and capabilities of our current and future products and services, and our strategic plans and objectives. Such statements are subject to numerous risks and uncertainties and actual results could differ from those statements. Any future products, functionality and services may be abandoned or delayed, and customers should make decisions to purchase products and services based on features that are currently available. These and other risk factors are described in the “Risk Factors” section of our most recent Form 10-Q filed with the Securities and Exchange Commission.


Any forward-looking statements made in this document are based on our beliefs and assumptions that we believe to be reasonable as of the date of the presentation. You should not rely upon forward-looking statements as predictions of future events. Except to the extent required by law, we undertake no obligation to update these forward-looking statements to reflect new information or future events.



  1. Financing solutions are offered by CrowdStrike Financial Services, Inc. and its affiliates or designees (collectively, “CrowdStrike Financial Services”). All financing is subject to credit approval and execution of CrowdStrike Financial Services documentation and may be subject to additional terms and conditions. Not all applicants will qualify. Offerings are available only in the United States. Offerings, including rates and terms, are subject to change without notice. Offerings may vary based on applicant’s creditworthiness, market conditions, CrowdStrike Financial Services’ policies and other factors. Other restrictions may apply.



Source: CrowdStrike
Source Link: https://www.crowdstrike.com/blog/driving-cybersecurity-forward-new-innovations-fal-con-2024/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Blue Team (CND)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.