CrowdStrike on Tuesday announced enhancements to four of its security products–Falcon Insight, CrowdStrike Cloud Security, Humio, and Falcon Discover. The new features include XDR (extended detection and response), enhanced zero trust, new log management, and IoT security capabilities.
The first new offering is an extension to Crowdstrike’s Falcon Insight that will include XDR capabilities. CrowdStrike will now allow all its EDR (endpoint detection and response) customers to activate XDR capabilities within Falcon Insight through connector packs that unlock cross-domain detections, investigations and response actions across all key security domains from a unified console. However, customers will have to pay an additional charge for the new features.
XDR is an approach to threat detection and response that provides holistic protection against cyberattacks, unauthorized access and misuse. Falcon Insight XDR would be a combination of native XDR as well as hybrid XDR.
Native XDR refers to integrating first-party data—data that Falcon has from endpoints, cloud infrastructure, and identity capabilities—and co-relating that with detections and incidents that span across these domains.
Hybrid XDR will take data from third parties including cloud XDR alliance partners and third-party vendors to create detections that span across the telemetry among these domains.
“Our XDR strategy has been clear from the beginning: bring the right information into the Falcon platform at the right time. With the introduction of Falcon Insight XDR, CrowdStrike is making it easier than ever for our customers to implement XDR and get EDR-like benefits from native integrations of other Falcon modules from the Falcon platform,” said Michael Sentonas, chief technology officer at CrowdStrike, in a press note.
CrowdStrike is integrating third-party telemetry from CrowdXDR Alliance partners, which now include Cisco, ForgeRock and Fortinet as new members, and third-party vendors, which now include Microsoft and Palo Alto Networks.
These additional integrations will be available in the fourth quarter of the fiscal year 2023, Crowdstrike said.
“With the introduction of additional third-party integrations, we are empowering our customers to effectively and elegantly enrich a variety of data sources,” Sentonas said. “By combining first-party and third-party integrations, security teams can create a detailed storyline on how an attack develops and progresses from detection to remediation.”
Enhancing Zero Trust capabilities
Crowdstrike is also adding Cloud Infrastructure Entitlement Manage (CIEM) capabilities to its Cloud Security offering.
“To maintain zero trust, it is critical that identities are managed with the least privileges from an entitlement and access perspective. To make sure that security teams can effectively manage the security posture,” said Amol Kulkarni, chief product & engineering officer at CrowdStrike, at the company’s press conference on Tuesday.
To achieve this, Crowdstrike is taking two steps. First, it is expanding its cloud-native application protection platform capabilities for CrowdStrike Cloud Security to add CIEM capabilities.
Second, it is integrating CrowdStrike Cloud Security with the CrowdStrike Asset Graph. The asset graph will provide cloud asset visualizations and visibility into the attack surface in the cloud across hosts, configurations, identities and applications to stop breaches.
“CIEM capabilities enable organizations to prevent identity-based threats resulting from improperly configured cloud entitlements across Amazon Web Services (AWS) and Microsoft Azure,” Kulkarni said.
Improving traditional log management
To expand its observability capabilities to help organizations leverage their data for security and non-security use cases, the company announced two new products based on the Humio technology it acquired in March, 2021.
The first product is Falcon LogScale, available as a standalone module that enables organizations to ingest, search, transform and retain all of their log data and get answers in real-time. The second product is Falcon Complete LogScale, which is a new fully managed service offering that combines Falcon LogScale with CrowdStrike’s dedicated team of service professionals.
“Log management has been a long and essential process for IT and security teams, and it is critical this is simplified. There are lot of inefficiencies here in the process and modules and Falcon LogScale with its efficient connection, index free storage and immediate time to value enables reducing that complexity to a large extent,” said Kulkarni.
Using these two modern log management systems, security teams can search data with subsecond latency to find patterns, and apply analytics to address cybersecurity challenges.
“For DevOps and ITOps teams, they can use data to have real-time visibility of the health and performance of their infrastructure and applications,” the company said.
Securing key infrastructure
The fourth major announcement was an update to CrowdStrike’s security and IT operations product suite, Falcon Discover.
The enhancements include a new module (Falcon Discover for IoT) to provide organizations with visibility for IoT systems and operational technology (OT) environments, and new capabilities for the Falcon Discover (Security Hygiene) module to help IT and security leaders holistically understand and minimize an organization’s attack surface to reduce the risk of a potential breach.
“Universally, Falcon Discover and Falcon Discover for IoT will be applicable for any organization whether they are advanced in their maturity lifecycle or very early on their journey in managing security. As it is the first step, visibility first, be it in runtime security or active security or proactive security,” Kulkarni said.