CrowdStrike Holdings Inc. today introduced new features for its Falcon extended defense and response platform and has expanded its CrowdXDR Alliance with new key strategic partners.
The first release is the CrowdStrike Asset Graph, a new graph database powered by the CrowdStrike Security Cloud that provides information technology and security leaders with a 360-degree view of assets and attack surfaces. The coverage includes both managed and unmanaged assets across devices, users, accounts, applications, cloud workloads and operational technology to simplify IT operations and stop breaches.
CrowdStrike Asset Graph addresses the problem where digital transformation has expanded attack surfaces. That has dramatically increased the risk exposure to adversaries who are discovering and exploiting soft targets and vulnerabilities faster than they can be detected. Asset Graph provides a single holistic view of the risk posed by assets, including graphic visualizations of the relationships among all assets and the rich context necessary for security hygiene and proactive security posture management.
The new service will enable new CrowdStrike Falcon modules and features to be built on top of it to define, monitor and explore the relationships between assets in the organization. The first Falcon module to use Asset Graph is Falcon Discover (Security Hygiene), which includes third-party data integration with ServiceNow Inc.
The second release is Humio for Falcon, a new capability that extends data retention of CrowdStrike Falcon telemetry for one year or longer. Since it can store the data for a more extended period, threat analytics and hunting abilities for organizations are enhanced while helping them meet compliance requirements.
Humio for Falcon combines CrowdStrike Falcon with the search capabilities of CrowdStrike’s centralized logging offering Humio. The service helps security teams analyze and act on real-time and historic data in their environment. With longer data retention, security teams can uncover and detect potential threats with deep, contextual analytics and sub-second search results at any scale through index-free architecture.
“While the data available to threat hunters and incident responders grows at an exponential rate, they are routinely forced to reduce the duration they can store this information,” Michael Sentonas, chief technology officer at CrowdStrike, said in a statement. “Humio for Falcon solves this problem by delivering scalable and cost-effective data retention that enables threat hunters and incident responders to look back and see if and when an adversary was active in an IT environment and reconcile every system they touched.”
CrowdStrike additionally added new features to “supercharge” threat detection, investigation, response and hunting in Falcon XDR.
The new capabilities include Falcon Fusion workflows based on XDR detections, automating numerous workflows directly from Falcon XDR. These include ticket creation through ServiceNow, notifications through email, Slack or webhook, and incident details from status changes to team assignments and comments.
A new XDR detections event timeline speeds triage and investigation with a view that displays key detection events in chronological order to understand how activity progresses. Graph visualization of customer XDR detections can be created from custom queries written to hunt for threats in the environment.
Finally, CrowdStrike announced new partners for its CrowdXDR alliance. The alliance brings together industry-leading security and IT solutions to enable unified threat detection and response.
Joining the alliance are Menlo Security Inc., Ping Identity Corp. and Vectra AI Inc. Existing members include Cloudflare Inc., Okta Inc., Google Cloud, ServiceNow Inc., Zscaler Inc., Proofpoint Inc. and Mimecast Inc.