Crowdstrike EDR

The CrowdStrike Falcon® platform delivers next-generation, advanced endpoint protection with unrivaled speed.

Traditional endpoint security tools have blind spots, making them unable to see and stop advanced threats. CrowdStrike Falcon Insight™ endpoint detection and response (EDR) solves this by delivering complete endpoint visibility across your organization. Falcon Insight continuously monitors all endpoint activity and analyzes the data in real time to automatically identify threat activity, enabling it to both detect and prevent advanced threats as they happen. All endpoint activity is also streamed to the CrowdStrike Falcon® platform so that security teams can rapidly investigate incidents, respond to alerts and proactively hunt for new threats.

Falcon Insight acts like a DVR on the endpoint, recording activity to catch incidents that evaded prevention measures. It ensures customers have comprehensive, real-time visibility into everything that is happening on their endpoints from a security perspective —  eliminating the risk of “silent failure,” which allows intruders to remain in your environment undetected. Falcon Insight detects indicators of attack (IOAs) that might have evaded other defenses and enables proactive threat hunting, both in real time and historically, across an entire environment. Beyond detecting sophisticated modern attacks quickly, Falcon Insight also helps you respond to and remediate threats effectively, getting you back to business quickly.

Benefits

Unparalleled Visibility

Endpoint visibility is a critical component of an EDR solution. While blocking malicious files is important, reliance on anti-virus alone can mask larger issues and allow certain types of attacks to go undetected. Falcon Insight monitors endpoint activity and captures real time event data across all managed devices. As a cloud delivered solution, CrowdStrike collects detailed endpoint event data regardless of physical location. With support for Windows, Mac, Linux, CrowdStrike provides unparalleled EDR visibility for hosts that are on or off the corporate network across home offices, datacenters and public clouds. This ensures complete visibility and leaves attackers with no place to hide

High Fidelity Event Data

The raw endpoint event data collected by CrowdStrike describes the processes and activities that have happened on an endpoint in great detail. This heightened level of visibility fills in all the gaps left by legacy security vendors and allows security teams to perform proactive threat hunting. Falcon Insight includes an Investigate feature that enables Splunk like search capability to quickly and efficiently hunt through your event data

Detections and Indicators of Attack

Pairing full endpoint visibility with indicators of attack (IOAs), CrowdStrike’s threat graph analyzes events in real time using behavioral analytics to automatically detect traces of suspicious behavior. Falcon Insight displays attacks in an easy-to-read process tree. This provides full attack details and puts them in context for faster and easier investigations. In cases where lateral movement is detected, CrowdStrike also provides a visual presentation of the original incident as well as the path to other, impacted hosts.
Being able to take action and respond to an event is another critical component of EDR. With CrowdStrike, there are two primary tools for managing and remediating hosts.
1. Network Containment – Provides the ability to limit connectivity of a host to avoid lateral movement or Internet communications. It is an important tool that allows investigations to continue while minimizing exposure.
2. Real Time Response – Allows access to run commands, executables and scripts on remote hosts. Leveraging the detailed event data available in Falcon Insight, Real Time Response gives the responder the flexibility to completely remediate systems. In addition, it can also be used for a number of other use cases including registry edits, software deployments and memory dump retrievals

Situational Awareness

Endpoint visibility, detection and response are all key aspects of EDR. CrowdStrike delivers on all of those capabilities while also correlating that information to help organizations see the big picture. Falcon Insight customers also benefit from CrowdScore – a simple metric that provides a real time assessment of the organizational threat level. Using the metric and monitoring trends can help engage responders and drive strategic decisions on resource engagement as needed.