CrowdStrike has announced enhancements to four of its security products–Falcon Insight, CrowdStrike Cloud Security, Humio, and Falcon Discover. The new features include XDR (extended detection and response), enhanced zero trust, new log management, and IoT security capabilities.
The first new offering is an extension to Crowdstrike’s Falcon Insight by including XDR capabilities. CrowdStrike will now allow all its EDR customers to activate XDR capabilities within Falcon Insight XDR through connector packs that unlock cross-domain detections, investigations and response actions across all key security domains from a unified console.
However, customers will have to pay an additional charge for the new features.
XDR or extended detection and response is an approach to threat detection and response that provides holistic protection against cyber attacks, unauthorised access and misuse. EDR on the other hand refers to endpoint detection and response. Falcon Insight XDR would be a combination of native XDR as well as hybrid XDR.
Native XDR refers to integrating first-party data i.e data that Falcon has from endpoint, cloud, identity, and mobile and co-relating that with detections and incidents that span across these domains.
“Our XDR strategy has been clear from the beginning: bring the right information into the Falcon platform at the right time," said Michael Sentonas, CTO at CrowdStrike in a press note.
"With the introduction of Falcon Insight XDR, CrowdStrike is making it easier than ever for our customers to implement XDR and get EDR-like benefits from native integrations of other Falcon modules from the Falcon platform."
Hybrid XDR will take data from third parties including cloud XDR alliance partners and third-party vendors to create detections that span across the telemetry within these domains.
CrowdStrike is also integrating third-party telemetry from CrowdXDR Alliance partners, which now include Cisco, ForgeRock and Fortinet as new members, and third-party vendors, which now include Microsoft and Palo Alto Networks.
These additional integrations will be available in the fourth quarter of the fiscal year 2023, Crowdstrike said.
“With the introduction of additional third-party integrations, we are empowering our customers to effectively and elegantly enrich a variety of data sources,” Sentonas said. “By combining first-party and third-party integrations, security teams can create a detailed storyline on how an attack develops and progresses from detection to remediation."
Enhancing Zero Trust capabilities
Crowdstrike is also adding Cloud Infrastructure Entitlement Manage (CIEM) capabilities to its Cloud Security offering.
“To maintain zero trust, it is critical that identities are managed with the least privileges from an entitlement and access perspective," Amol Kulkarni, chief product and engineering officer at CrowdStrike said at the company’s press conference. "To make sure that security teams can effectively manage the security posture."
To achieve this, Crowdstrike is taking two steps. First, it is expanding its cloud-native application protection platform capabilities for CrowdStrike Cloud Security to add Cloud Infrastructure Entitlement Manage or CIEM capabilities.
Second, it is integrating CrowdStrike Cloud Security with the CrowdStrike Asset Graph. The asset graph will provide cloud asset visualisations and visibility into the attack surface in the cloud across hosts, configurations, identities and applications to stop breaches.
“CIEM capabilities enable organisations to prevent identity-based threats resulting from improperly configured cloud entitlements across Amazon Web Services (AWS) and Microsoft Azure,” Kulkarni said.
Improving traditional log management
To expand its observability capabilities to help organisations leverage their data for security and non-security use cases, the company announced two new products based on the Humio technology it acquired in March, 2021.
The first product is Falcon LogScale available as a standalone module that enables organisations to ingest, search, transform and retain all of their log data and get answers in real-time. The second product is Falcon Complete LogScale, which is a new fully managed service offering that combines the effectiveness of Falcon LogScale with CrowdStrike’s dedicated team of service professionals.
“Log management has been a long and essential process for IT and security teams, and it is critical this is simplified. There are lot of inefficiencies here in the process and modules and Falcon LogScale with its efficient connection, index free storage and immediate time to value enables reducing that complexity to a large extent,” said Kulkarni.
Using these two modern log management systems security teams, can search data with sub-second latency to find patterns, and apply analytics to address cybersecurity challenges.
“For DevOps and ITOps teams, they can use data to have real-time visibility of the health and performance of their infrastructure and applications,” the company said.
Securing key infrastructure
The fourth major announcement was an update to CrowdStrike’s security and IT operations product suite Falcon Discover.
The enhancements include a new module (Falcon Discover for IoT) to provide organisations with visibility for Internet of Things (IoT) and operational technology (OT) environments, and new capabilities for the Falcon Discover (Security Hygiene) module to help IT and security leaders holistically understand and minimise an organisation’s attack surface to reduce the risk of a potential breach.
“Universally, Falcon Discover and Falcon Discover for IoT will be applicable for any organisation whether they are advanced in their maturity lifecycle or very early on their journey in managing security. As it is the first step, visibility first, be it in runtime security or active security or proactive security,” Kulkarni said.