CrowdStrike Inc., the leader in cloud-delivered endpoint protection, announced new features and capabilities expanding the scope of the CrowdStrike Falcon platform as the most comprehensive endpoint protection solution available to customers. CrowdStrike released a new device control module to enable visibility and control into removable media activity, a critical functionality for organizations looking to replace their legacy antivirus with next-generation endpoint protection. Additionally, CrowdStrike has announced a new critical feature to secure Docker container environments and the adoption of MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework.
“The Falcon Platform continues to revolutionize the endpoint security industry as the most innovative cloud-native solution,” said Amol Kulkarni, chief product officer of CrowdStrike. “Today, we are announcing multiple critical feature enhancements to offer our customers increased visibility, control and threat prevention for various evolving attack vectors, all delivered from a single lightweight agent and managed through a single console.”
Falcon Device Control
USB devices are widely used but they can cause serious security risks, from carrying malware and exploits to leaking data outside of an environment.†Falcon Device Control†enables the safe utilization of USB devices across organizations by uniquely providing both extensive visibility and granular control over those devices. It offers security and IT operations teams full understanding of how devices are being used and the ability to precisely control and manage that usage. Seamlessly integrated into the Falcon agent, it provides unparalleled device control efficiency paired with full endpoint detection and response (EDR) capabilities.
Customers using Falcon Device Control have unprecedented visibility into detailed device information and history, increased control on mass storage devices, and greater context into host activity to see what’s happening in environments. This offers administrators the ability to implement insightful controls to protect critical data.
Securing Docker Containers
Organizations are increasingly adopting container technology such as Docker in their data centers, to help drive efficiency and agility. As they do so, a new attack surface has emerged that lacks visibility. Existing point solutions can be cumbersome to deploy and monitor, and require additional agents and infrastructure for organizations to maintain.
CrowdStrike is extending the protection of†Falcon Insight†to introduce compatibility with Docker, ensuring deep visibility and protection across this emerging critical platform. With this new capability, the Falcon Agent extends visibility to cover not only Windows, Mac, and Linux endpoints, but also threats within Docker containers. By leveraging artificial intelligence (AI) and advanced analytics to detect and respond to threats within Docker containers, Falcon Insight closes a critical security gap for enterprises — requiring no additional infrastructure, maintenance, or cost. CrowdStrike’s cloud-native platform provides the industry’s broadest protection, covering both desktops and data centers, with a single agent, single console and no on-premise infrastructure.
Adopting the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework
Alerts and detections in the†CrowdStrike Falcon†platform now map to MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework. MITRE ATT&CK is an independent industry standard that categorizes attackers’ behavior into the objectives, the tactics and the techniques that they employ and is based on millions of observed real-life attacks.
The adoption of the MITRE framework in Falcon’s detections accelerates alert triage and shortens incident analysis time. It allows security analysts and incident responders to immediately grasp the impact and risks associated with alerts, instantly see which stage of the attack the adversary is on, and quickly answer key questions.
Previously, CrowdStrike Falcon was validated for its successful completion of an evaluation by†MITRE’s Leveraging External Transformational Solutions (LETS) program†in its ability to detect attack techniques employed by GOTHIC PANDA (also known as APT3), a sophisticated adversary with ties to the Chinese government. CrowdStrike continues to openly submit to third-party tests, as these validate CrowdStrike’s technology capabilities and provide an opportunity to work with current and prospective customers to ensure they are receiving the most comprehensive protection possible.
There is no shortage of third-party validation for the CrowdStrike Falcon platform. Recently, CrowdStrike was positioned highest for its ability to execute and furthest to the right for its completeness of vision in the Visionaries quadrant in†Gartner’s 2018 Magic Quadrant for Endpoint Protection Platforms.†In addition, Forrester Research, Inc. named CrowdStrike as a Leader in†The Forrester Wave: Endpoint Security Suites, Q2 2018 report.