Representative offices: 

Request callback
btn

Another revolution in cybersecurity from CrowdStrike: top 5 important things to know about Managed XDR (MXDR)

News

CrowdStrike, a leading provider of cloud-based endpoint and workload security solutions, is creating new opportunities for partners with an expanded detection and response offering that builds on its popular Managed Detection and Response service, CrowdStrike CEO Daniel Bernard told CRN.


End-To-End XDR

The improvements that endpoint detection and response (EDR) has brought to cybersecurity are unmistakable. Simply put, attacks against endpoint devices such as laptops are getting detected far more often and much faster than they were even just a few years ago. At the same time, today’s threat actors don’t limit themselves to endpoint devices, and are known to move between environments as a standard tactic of modern cyberattacks.

The need to bring detection capabilities to all of an organization’s systems has produced the fast-growing category of XDR, or extended detection and response. XDR aims to improve security by correlating data from across an organization’s environments, and then prioritize the most critical threats for a response. Among the foremost vendors in the XDR market is CrowdStrike, a company that initially made its name on EDR. On Wednesday, the cybersecurity giant announced its next major foray in the XDR space with the unveiling of Falcon Complete XDR, a new managed XDR offering that aims to make the technology applicable to more customers and partners than it has been to date.

In short, XDR can “become the control plane that they use to manage cybersecurity end-to-end,” said CrowdStrike’s chief business officer, Daniel Bernard, in an interview with CRN. “That’s revolutionary in the market. But also, folks need help doing it.”

As a managed XDR (MXDR) offering, Falcon Complete XDR follows the model of CrowdStrike’s popular managed detection and response (MDR) service. CrowdStrike’s MDR offering has provided 24/7 management of the vendor’s EDR technology to customers that lack the resources to do so themselves (which is not at all a rarity, amid the massive talent shortage in cybersecurity). In the same way, the CrowdStrike MXDR aims to offer management of the vendor’s XDR platform to make the technology relevant to more customers and partners, including resellers and managed service providers, Bernard said.

As EDR was getting established, “MDR became something that really helped a lot of organizations move into EDR,” he said. “And likewise, managed XDR becomes an offering that’s really compelling for organizations looking to get into XDR or get the full value out of XDR.”

Below are five key things to know about CrowdStrike's new Managed XDR offering.


Extending Beyond The Endpoint

In addition to the fact that CrowdStrike’s MDR service has primarily focused on management of endpoints, the service has also only worked with CrowdStrike tools, Bernard said. With the debut of CrowdStrike’s managed XDR offering, the company will enable partners and customers to leverage tools from other vendors, as well.

Falcon Complete XDR will integrate tools from vendors in the CrowdXDR Alliance in key segments such as security service edge (Cloudflare, Netskope, Zscaler, Skyhigh Security, Menlo Security); identify security (Okta, ForgeRock, Microsoft Azure Active Directory, Ping Identity); email security (Mimmie, Ping Identity); network detection and response (Corelight, ExtraHop, Vectra); and firewalls (all the major firewall vendors, Bernard said, including Palo Alto Networks and Cisco).

The combining of data feeds from so many major security tools on a single platform, via XDR, is “what we’re delivering the service on top of — and that’s what our partners are able to leverage, too,” Bernard said. In addition to 24/7 management of the XDR platform, the MXDR service also includes threat hunting, monitoring and remediation, CrowdStrike said.


Improving Security

For partners and customers, CrowdStrike’s managed XDR offering ultimately promises improved security outcomes, Bernard told CRN. He offered an example, in the critical area of email security, for how the MXDR offering could enable better cyberdefense. Business email compromise remains a “major attack vector,” Bernard said. Previously, however, “email wasn’t something that was really integrated into the Falcon platform — we’re not an email security vendor.”

“What managed XDR lets us do — and lets our partners do — is, in an integrated fashion from the Falcon console, be able to deal with the telemetry, triage those alerts, take actions. It’s not just ’data in,’ it’s also actioning those alerts for our customers,” he said. “So it limits the amount of time you’ve got to spend into multiple dashboards, it limits the clicks, which ultimately results in faster mean time to detect, faster mean time to respond — which is what customers are really looking for.”


Key Differentiators

Because CrowdStrike’s managed XDR offering works with third-party security tools, Bernard said it will likely have broader appeal among partners and customers than other managed XDR options that are available. Partners and customers that choose Falcon Complete XDR “will not find themselves in a walled garden,” he said. “If you look at a lot of the other vendors in the market, whether it’s an operating system vendor or a firewall vendor, you end up in a walled garden, you have to live in their world.”

“But with CrowdStrike, you can choose the best of breed email security vendor. You can choose us for cloud, you can choose others for cloud,” Bernard said. “You’re able to deliver for your customers the benefits of XDR on your terms — flexibly — and you’re not limited to consuming it in one way.”

Another major differentiator is the way that CrowdStrike’s MXDR platform is integrated, he said. Competing offerings include “an operating system vendor with nine consoles, or 12 consoles” and a “hardware vendor that’s cobbling together multiple products, and they’re all still separate.” With CrowdStrike’s MXDR platform, however, “it’s all part of the Falcon platform and it’s all in an easy to consume UI,” Bernard said. “I think in terms of actually delivering XDR, we’re leaps and bounds ahead of where the market is.”


Partner Opportunities

Bernard, who is responsible for overseeing CrowdStrike's channel partner efforts, said that with Falcon Complete XDR , there are many opportunities for partners. For MSPs, for example, providing managed services to customers in addition to CrowdStrike's managed XDR offering is a good example, he said. "The innovation around XDR is the ability to collect all the data in one place and also take action on those products and do it on the Falcon platform. So, if you're a partner, you can do a lot more."

And “not only is it more capability, it’s also a lot easier for partners to do that, versus building a bunch of custom tooling to try and do that themselves” Bernard said. “So that’s really the exciting piece here — partners are able to manage more offerings and do more across these different tools, faster — because it’s all consolidated.”

The bottom line is that with the CrowdStrike MXDR offering, partners “can customize it for end customers — and ultimately sell more products, sell more services and produce better cybersecurity outcomes.”


XDR For The SMB

While extended detection and response has not typically been thought of as accessible for smaller businesses, CrowdStrike is aiming to change that with Falcon Complete XDR, Bernard said. The managed XDR offering “fits perfectly in [the SMB] world,” he said.

In part, that’s because for SMBs, it’s even more difficult to hire individuals with cybersecurity skills and buy cyber defense products, Bernard noted. All in all, SMBs want to “make it easy to cover their entire organization, and automate as much as possible, and produce a cybersecurity outcome — that they’re not breached,” he said. With CrowdStrike’s focus on making cybersecurity easy, “we are the best positioned to stop the breach for the SMB,” Bernard said.

And when it comes to how CrowdStrike will be looking to deliver that outcome for SMBs going forward, increasingly, managed XDR will become the “how,” he said. “It’s offerings like these that enable us to do it.”


iIT Distribution specializes in distributing only the best security solutions! We are an official distributor of CrowdStrike and provide promotion of its solutions in Ukraine, Kazakhstan, Georgia, Azerbaijan, Estonia, Kyrgyzstan, Latvia, Lithuania, Moldova, Poland, Tajikistan and Uzbekistan, as well as professional support for design and implementation of these solutions.

Back

Falcon Prevent (Next-Generation Antivirus)

Defend your business against advanced threats with world-class AI and adversary-focused intelligence.

Request a demo

Falcon Prevent key features

Advanced prevention


Next-generation antiviruses use state-of-the-art artificial intelligence, advanced behavioral analysis with attack indicators (IOA), high-performance memory scanning and exploit elimination to detect sophisticated and unknown threats, including fileless attacks.

Protection everywhere


Deploy instant, comprehensive protection from the sensor to the cloud, with full coverage across major operating systems — Windows, macOS, and Linux — and operational online and offline for round-the-clock protection and peace of mind in the off-hours.

Simple, fast, and lightweight


The cloud-native CrowdStrike Falcon® platform enables the industry’s fastest deployment and instant protection. Leverage a single, lightweight, unified agent to protect cloud, identity, and endpoint workloads across your estate. Seamlessly manage day-to-day operations without constant signature updates, reboots, complex integrations, or on-premises equipment.

Full attack visibility at a glance


Get unparalleled attack visibility with an easy-to-grasp process tree that unravels entire attacks and enriches them with contextual threat intelligence and maps adversary behaviors to familiar MITRE ATT&CK® terminology.

Extend to the world’s best endpoint detection and response (EDR)


Easily get the industry’s leading EDR by turning on Falcon Insight XDR from the same unified agent and console to unlock deep visibility, lightning fast investigation, and rapid response across the entire enterprise.

Why choose Falcon Prevent?

State-of-the-art prevention

Stop attacks with the power of cutting-edge AI/ML — from commodity malware to fileless and zero-day attacks. Our elite threat intelligence, industry-first indicators of attack, script control, and advanced memory scanning detect and block malicious behaviors earlier in the kill chain.

Secure your estate

Activate instant protection across your enterprise with our lightweight agent that requires zero reboots and no complex tuning. With complete coverage for all major operating systems, whether they are online or offline, CrowdStrike Falcon® Prevent gives teams peace of mind.

Streamline operations and boost productivity

Maximize efficiency with high-fidelity alerts, integrated threat intelligence, and automated workflows that free up time for more business critical tasks. CrowdStrike’s cloud-native architecture eliminates obtrusive signature updates and closes gaps from legacy AV, while maximizing local resources to turbocharge user productivity.

Falcon Prevent by the numbers


Delivering unparalleled protection to customers of all sizes.

  • #1 Ranked next-gen NGAV in G2 customer reviews;
  • 100K+ Agents deployed in one day;
  • ROI realization takes <1 year.

Falcon Insight (XDR)

Extended Detection and Response (XDR) collects threat intelligence from previously disparate security tools across an organization's technology stack, making it easier and faster to investigate, find, and respond to threats. The XDR platform can collect security telemetry from endpoints, cloud workloads, network email, and more.

Request a demo

The next frontier for threat detection and response

Effectively detect and respond to threats across your enterprise. With CrowdStrike's industry-leading EDR at its core, you can now easily synthesize cross-domain telemetry and activate advanced capabilities from a single, threat-focused command console.

Extended

Take detection and response to the next level with tight integration and cross-domain telemetry from Falcon modules and third-party sources. The more telemetry and security solutions Falcon Insight XDR consumes and commands - the more efficient your security operations become.

Detection

Activate CrowdStrike’s elite threat expertise beyond the endpoint to turn previously siloed data into high-fidelity, cross-domain attack indicators, insights and alerts to surface the most sophisticated threats

Response

Turn XDR insight into action. Trigger integrated response actions across the Falcon platform and third-party security products to shutdown the most advanced attacks - all from one command console.

Features

Secure better outcomes


Extend industry-leading EDR outcomes across all key security domains

  • Create a cohesive, more effective cybersecurity ecosystem: Surface actionable insights by combining previously siloed data into one single source of security truth — a central repository for cross-domain telemetry.
  • Gather, aggregate and normalize threat data with ease: Purpose-built XDR integrations and a common data schema combine to funnel cross-domain security data at massive scale, ensuring security teams have the visibility they need across their environment.
  • Deep, native telemetry: CrowdStrike Falcon® platform domains: EDR, cloud, identity, mobile and more.
  • Break down vendor silos Third-party integrations across key security domains from CrowdXDR Alliance partners and industry-leading vendors.

Optimize security operations


Accelerate multi-domain threat analysis, detection, investigation and hunting from a single console — a force multiplier for analyst efficiency.

  • Surface attacks missed by siloed approaches: Detect stealthy cross-domain attacks when the world’s richest threat intelligence, advanced analytics and artificial intelligence are working across your diverse ecosystem. Out-of-the-box and custom detection capabilities give you the power and flexibility you need.
  • Investigate cross-domain threats like never before: Pivot from both CrowdStrike-generated and custom detections to a graph explorer, viewing the entire cross-domain attack path and rich context, for quick understanding and confident response.
  • Streamline triage and investigation: Prioritized alerts, rich context, and detailed detection information mapped to the MITRE ATT&CK framework help analysts quickly understand and act on threats. The intuitive Falcon console lets you quickly tailor views, filter and pivot across data sets with ease.

Harmonize and simplify response across the enterprise


Speed response times and orchestrate action against sophisticated attacks

  • Respond decisively: Detailed attack information and context - from impacted hosts and users to root cause, indicators and timelines - guide remediation. Powerful response actions allow you to eradicate threats with surgical precision.
  • Take action across the ecosystem: Trigger response actions across Falcon protected hosts and third-party products. One unified command console empowers analysts — from containing a host under attack to automatically enforcing more restrictive user access policies based on detection criticality through third-party solutions.
  • Orchestrate and automate workflows: CrowdStrike Falcon® Fusion streamlines tasks - from notifications and repetitive tasks to complex workflows - dramatically improving the efficiency of your SOC teams.

Extend XDR further with purpose-built integrations and a universal XDR language for data sharing designed with industry-leading security and IT partners.

How does XDR work?

XDR brings together data from isolated security solutions so they can work together to improve threat visibility and reduce the time it takes to detect and respond to an attack. XDR enables advanced forensic investigation and threat hunting across multiple domains from a single console.

Here's a simple step-by-step explanation of how XDR works:

  • Step 1. Transfer: Transfer and normalize data volumes from endpoints, cloud workloads, identity, email, network traffic, virtual containers, and more.
  • Step 2. Detection: Analyze and correlate data to automatically detect hidden threats using advanced artificial intelligence (AI) and machine learning (ML).
  • Step 3. Respond: Prioritize threat data by severity so threat investigators can quickly analyze and triage new events and automate investigations and responses.

Three advantages of XDR security:


XDR coordinates and extends the value of disparate security tools by unifying and streamlining the analysis, investigation, and remediation of security threats. As a result, XDR provides the following benefits:

  • Consolidated threat visibility: XDR provides granular visibility across multiple layers, collecting and correlating data from email, endpoints, servers, cloud workloads, and networks.
  • Seamless detection and investigation: Analysts and threat hunters can focus on high-priority threats as XDR weeds out anomalies identified as minor from the alert stream. And with advanced analytics and correlative content built into the tool, XDR automatically detects hidden threats, virtually eliminating the need for security teams to spend time constantly writing, configuring, and managing threat detection rules.
  • End-to-end coordination and response: Detailed cross-domain context and telemetry of threats-from affected hosts and root cause to indicators and timelines-drives the entire investigation and remediation process. Automated alerts and powerful response actions can trigger complex multi-tool workflows to dramatically improve SOC efficiency and rapidly neutralize threats.

Falcon Insight (EDR)

Falcon Insight provides continuous, comprehensive endpoint visibility that encompasses detection, response and forensics to ensure that nothing is missed and potential violations are stopped.

Request a demo
Why pay attention to Falcon Insight?

Unrivaled visibility

Unrivaled visibility

Continuous monitoring captures endpoint activity so you know exactly what's happening-from threats on an individual endpoint to threats across the organization.

Protect against breaches

Protect against breaches

Falcon Insight provides transparency and deep analysis to automatically detect suspicious activity and prevent stealth attacks and data breaches.

Maximize efficiency

Maximize efficiency

Falcon Insight accelerates security operations by enabling users to minimize the effort spent on alert processing and quickly investigate and respond to attacks.

TECHNICAL FEATURES

Full spectrum of real-time visibility

  • Continuous recording of raw events provides unparalleled visibility.
  • Proactive and guided threat hunting with complete information about endpoint activity.
  • Complete attack analysis in a simple Incident Workbench interface enriched with contextual and threat intelligence data.
  • A complete picture in real time. Provides situational awareness of the current threat level in the organization and its changes over time.

Simplify threat detection and resolution

  • Intelligent EDR automatically detects and intelligently prioritizes malicious actions and activity.
  • Powerful response measures allow you to localize and investigate compromised systems, including remote access on the fly for immediate action.
  • Quick search returns threat hunting and investigation results in five seconds or less.
  • Correlation of alerts with the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) system helps you understand even the most complex detections at a glance.

Maximize security system efficiency

  • Improve response times by eliminating information overload and breaking down threat alerts into incidents, reducing alert fatigue by 90% or more.
  • Smart prioritization automates triage and shows you what deserves attention first.
  • Speed up investigations with rich context, intelligent visualizations, and collaboration.
  • A wide range of easy-to-use APIs ensure compatibility with other security platforms and tools.

Benefits of cloud computing

  • Reduce costs and complexity by eliminating the need for constant signature updates, on-premises infrastructure, or complex integrations.
  • Crowd protection allows you to protect everyone from threats wherever they occur.
  • Restore endpoint performance through installation and daily operation that has no impact on endpoints - even during analysis and search.
  • Up and running from day one - deploy and go live in minutes. Automatically scales for growth and change.

Consider EDR if your organization:

  • Wants to improve endpoint security posture and capabilities beyond NGAV.
  • Has an Infosec team that can act on the alerts and recommendations generated by the EDR solution.
  • Is in the early stages of developing a comprehensive cybersecurity strategy and wants to lay the groundwork for a scalable security architecture.

Falcon OverWatch (Proactive Threat Hunting)

CrowdStrike® Falcon OverWatch™ is an always-on service comprised of highly skilled threat hunters who relentlessly scour for unknown and advanced threats targeting your organization. Stay vigilant with a threat hunting operation that never sleeps. Uncover stealthy, menacing attacks and leave adversaries with nowhere to hide.

Request a demo

How does Falcon OverWatch work?

Hunting advanced threats at speed and scale


Every security professional knows that no security technology will ever be 100% fail-proof. Adversaries test and innovate. Tactics evolve. And so does Falcon OverWatch.

CrowdStrike’s global threat hunting service operates around-the-clock to unearth advanced threats wherever they operate. Falcon OverWatch continuously innovates and evolves — ensuring that the methods, systems and tools it uses are faster and stealthier than any adversary. With the visibility and vigilance of Falcon OverWatch, your adversaries have nowhere to hide.

24/7 human vigilance


There’s a huge difference between triaging an alert and proactively hunting for unknown and advanced attacks. True threat hunting requires skilled experts who apply complex statistical methods, examining outliers, frequency analysis and hypothesis testing to determine where and how attackers conceal their operations.

  • Diverse, highly skilled expertise. Falcon OverWatch hires and trains elite threat hunting experts from a wide range of backgrounds, including government, law enforcement, commercial enterprise, the intelligence community and defense.
  • Full attack context. Before you can take action against an adversary, you need to fully understand the threat. As soon as a hands-on-keyboard intrusion is discovered, Falcon OverWatch begins to comprehensively reconstruct the attack for analysis.
  • Immediate, actionable alerts. Get results in a flash. Receive alerts to novel and emerging attacks with deep context and tactical recommendations that enable you and your team to act swiftly and confidently.

Power of the CrowdStrike security cloud

  • Cloud-scale telemetry. The light weight CrowdStrike Falcon® sensor covers hundreds of event types from millions of endpoints around the world. Cloud-scale data empowers Falcon OverWatch to hunt threats proactively at unprecedented speed and scale.
  • Patented and proprietary tooling. All of this is underpinned by the Falcon OverWatch team’s proprietary tools and processes, which ensures every hunt is optimized for maximum efficiency.
  • Unrivaled threat intelligence. Get up-to-the-minute intel on the unique behaviors of more than 180 adversary groups, including in-depth working knowledge of their current tactics, techniques and procedures (TTPs).
  • Always sharp. Falcon OverWatch’s continuous, proactive operation delivers results every minute of every day. Falcon OverWatch threat hunters are always on top of their game, finely tuning their skills as they handle each new threat.
Why Choose Falcon OverWatch

Detect and disrupt hidden advanced attacks

Falcon OverWatch hunts relentlessly to intercept the stealthiest and most sophisticated attacks: the 1% of the 1% of threats that go undetected.

Exceed the limits of autonomous solutions

Falcon OverWatch threat hunters are masters of their craft. With the power of the CrowdStrike Security Cloud, proprietary hunting methodologies and unmatched expertise, machine learning becomes just one of many weapons in the threat hunting arsenal.

Add skilled, always-on threat hunting — not the overhead

Deploy an elite team of threat hunters — without the significant time, resources and tooling needed to staff, train and scale a global, 24/7 threat hunting operation.

Falcon Complete (MDR)

Managed detection and response (MDR) is a cybersecurity service that combines technology and human expertise to find, monitor, and respond to threats. The main advantage of MDR is that it helps to quickly identify and limit the impact of threats without the need for additional staff.

Request a demo

HOW DOES MDR WORK?

MDR remotely monitors, detects, and responds to threats detected in your organization. An endpoint detection and response (EDR) tool typically provides the necessary visibility into endpoint security events.


Relevant threat data, advanced analytics, and forensic data are shared with analysts who triage alerts and determine appropriate responses to reduce the impact and risk of positive incidents. Finally, through a combination of human and machine capabilities, the threat is eliminated and the affected endpoint is restored to its pre-infection state.


The main capabilities of MDR are:

1. Prioritization

Managed prioritization helps organizations that struggle with the daily effort of sifting through their massive volume of alerts determine which to address first. Often referred to as “managed EDR,” managed prioritization applies automated rules and human inspection to distinguish benign events and false positives from true threats. The results are enriched with additional context, and distilled into a stream of high-quality alerts.

2. Threat Hunting

Behind every threat is a human being who’s thinking about how to avoid being caught by their targets’ countermeasures. While machines are very smart, machines are not wily: a human mind is needed to add the element that no automated detection system can provide. Human threat hunters with extensive skills and expertise identify and alert on the stealthiest and most evasive threats in order to catch what the layers of automated defenses missed.

3. Investigation

Managed investigation services help organizations understand threats faster by enriching security alerts with additional context. Organizations are able to more completely understand what happened, when it happened, who was affected, and how far the attacker went. With that information, they can plan an effective response.

4. Guided Response

Guided response delivers actionable advice on the best way to contain and remediate a specific threat. Organizations are advised on activities as fundamental as whether to isolate a system from the network to the most sophisticated, such as how to eliminate a threat or recover from an attack on a step-by-step basis.

5. Remediation

The final step in any incident is recovery. If this step is not performed properly, then the organization’s entire investment in its endpoint protection program is wasted. Managed remediation restores systems to their pre-attack state by removing malware, cleaning the registry, ejecting intruders, and removing persistence mechanisms. Managed remediation ensures that the network is returned to a known good state and further compromise is prevented.

The advantage of Falcon Complete MDR

Instant ROI

Instant ROI

Designed to be up and running in hours, not days or weeks, providing multi-layered protection managed by experts with 24/7 MDR operations worldwide.

Active, practical liquidation

Active, practical liquidation

The industry's only operational tool capable of complete threat elimination, including full cleanup and recovery, without costly re-imaging and downtime.

Adapting to your environment

Adapting to your environment

Deep insight into your unique environment through continuous platform management, agent service, and strict configuration and optimization controls at no additional cost.

CrowdStrike MDR is a leader in MITRE ATT&CK's 2022 Engenuity Assessments



CrowdStrike Falcon Complete MDR achieved the highest detection rate, accurately and reliably reporting 99% of hacker techniques in MITRE Engenuity ATT&CK's 2022 Security Service Provider Assessments.

Falcon Cloud Security: Container Security and Kubernetes Protection

Cloud security is a set of technologies, policies, services, and security controls to protect an organization's sensitive data, applications, and environments in cloud computing systems.


Stop hacking with the world's most comprehensive agentless and agentless cloud application security platform (CNAPP) for multi-cloud environments.

Request a demo
KEY FEATURES OF FALCON CLOUD SECURITY

One platform: from endpoint to cloud

The only cybersecurity platform that instantly detects and stops breaches, whether they start at the endpoint or in the cloud, all from a single user interface.

100% visibility for hybrid and multi-cloud environments

The industry's only CNAPP that provides unified visibility and security for multi-cloud and hybrid environments through a single platform.

Prevent misconfigurations and runtime gaps

Robust protection that protects 1.5 billion containers every day with 550+ compromise and tampering indicators that can stop a breach and prevent vulnerabilities and misconfigurations that can cause damage.

Cloud security multiplier

CrowdStrike delivers an ROI of 403% with the industry's first 24/7 managed detection and response, and threat intelligence for cloud workloads and containers.

Why implement Falcon Cloud Security?

Industry-leading cloud threat detection and response solution


Empower security teams with incredible speed and accuracy with continuous threat intelligence from 200+ adversaries, highly accurate cloud threat detection and remediation, ready to use in the security control center.

Perfect protection for the cloud


The world's only CNAPP with unified visibility and security for hybrid and multi-cloud environments on a single platform. Protect workloads, containers, and serverless environments with one-click deployment using a unified agent and agentless platform.

Highest security value


Get the industry's highest ROI on cloud security by leveraging your existing investment with pre-integration with AWS, Google Cloud, and Azure; 15+ code repositories; and dozens of security solution providers through the CrowdStrike Store ecosystem and built-in orchestration platform.

Container and Kubernetes Security features

CrowdStrike Cloud Security protects containers, Kubernetes, and hosts from build to runtime on AWS, Azure, and Google Cloud.

Benefits

Identify vulnerabilities from development to launch for any cloud

Secure cloud applications and reduce the attack surface by detecting vulnerabilities, hidden malware, secrets/keys, regulatory violations, and more-from build to launch, ensuring that only compliant containers go into production.

"Shift-left security into the CI/CD pipeline and DevSecOps automation

Integrate frictionless security early in the Continuous Integration/Continuous Delivery (CI/CD) pipeline and automate security to enable DevSecOps to deliver production-ready applications without impacting build cycles.

Protect against attacks when containers are most vulnerable - at runtime

Build and run applications knowing they are protected. Get access to automated detection, runtime protection, continuous threat detection and response for cloud workloads and containers, and managed cloud threat hunting in one platform.

Special features

Vulnerability scanning and management

  • Improve decision making: Gather insights and details about your cloud workload, and container — images, registries, libraries and containers spun from those images.
  • Uncover hidden threats: Find hidden malware, embedded secrets, configuration issues and more in your images to help reduce the attack surface.
  • Gain visibility into container environments: Get full visibility into running containers to uncover details surrounding file access, network communications and process activity.
  • Identify vulnerabilities faster: Save valuable time with pre-built image scanning policies enabling you to quickly catch vulnerabilities, misconfigurations, and more.
  • Eliminate threats prior to production: Block exploitable vulnerabilities based on IOAs before runtime, eliminating headaches for security teams.
  • Continuously monitor: Identify new vulnerabilities at runtime, alert and take action without having to rescan images.

Automated CI/CD pipeline security

  • Accelerate delivery: Create verified image policies to ensure that only approved images are allowed to progress through your pipeline and run in your hosts or Kubernetes clusters.
  • Identify threats earlier: Continuously scan container images for known vulnerabilities, secrets/keys, and configuration issues.
  • Assess the vulnerability posture of your pipeline: Uncover malware missed by static scanners before containers are deployed.
  • Improve security operations: Streamline visibility for security operations by providing insights and context for misconfigurations and compliance violations.
  • Integrate with developer toolchains: Seamlessly integrate with Jenkins, Bamboo, GitLab, and more to remediate and respond faster within the DevOps tool sets you already use.
  • Enable DevSecOps: Reporting and dashboards drive alignment and a shared understanding across security operations, DevOps and infrastructure teams.

Runtime protection

  • Secure hosts and containers: Falcon runtime protection defends containers against active attacks.
  • Get broad container support: Falcon supports containers running on Linux and is deployed in Kubernetes environments such as EKS. It also supports containers as a service (CaaS) such as Fargate, providing the same level of security. The technology preview is available for AKS, GKE, and Red Hat OpenShift.
  • Use leading security technologies: Machine learning (ML), artificial intelligence (AI), IOA, and hash blocking automatically protect against malware and sophisticated threats targeting containers.
  • ML and AI: Falcon uses ML and AI to detect known and unknown malware in containers without the need for scanning or signatures.
  • IOA: Falcon uses IOA to detect threats based on behavior. Understanding the sequence of behavior allows Falcon to stop attacks that go beyond malware, including fileless attacks.
  • Stop malicious behavior: Behavioral profiling allows you to block policy violating activities without affecting the legitimate operation of the container.
  • Detect unauthorized containers: Maintain an up-to-date inventory as containers are deployed and decommissioned, detect and scan unauthorized images, and identify and stop containers that are running as privileged or writable.
  • Prevent container drift: Ensure container integrity by detecting new binaries created and executed inside containers.
  • Investigate container incidents faster: Easily investigate incidents when discoveries are related to a specific container rather than host events.
  • See everything: Capture information about container startup, stop, image, and runtime, as well as all events generated within a container, even if it's only running for a few seconds.
  • Seamless deployment with Kubernetes: Easily deploy at scale by including it as part of a Kubernetes cluster.
  • Improve container orchestration: Capture Kubernetes namespace, container metadata, processes, files, and network events.

Incident response and forensics for workloads and containers

  • Real-time visibility: Stream container information and activity to the Falcon platform in real time for in-depth analysis, enabling security teams to detect hidden threats and track and investigate incidents.
  • Powerful search: Filter events within containers from the workstation and search based on container metadata such as image, mode, configuration type, and more.
  • Proactive threat hunting: Once deployed, Falcon records container data and activity, enabling proactive threat hunting where security teams can hunt, get query results in seconds, and easily move from one lead to the next.
  • Continuous availability: Event details provide forensic evidence and a complete set of advanced data, even for ephemeral containers after they have been decommissioned.
  • Ability to unravel attack targets on a single screen: An easy-to-read process tree provides complete attack information in context for faster and easier investigations.

Simplicity and performance

  • Simplify DevSecOps deployments: Reduce the overhead, friction, and complexity associated with securing cloud workloads, containers, and serverless environments.
  • Single transparent dashboard: A single console provides centralized visibility into the security posture of your cloud, workloads, and containers, regardless of location.
  • Full policy flexibility: Apply policies at the individual workload, container, and group level and unify them across on-premises and multi-cloud deployments.
  • Scale on demand: No need to change your architecture or build additional infrastructure.
  • Extensive platform support: The Falcon platform supports Open Container Initiative (OCI)-based containers such as Docker and Kubernetes, as well as self-managed and hosted orchestration platforms such as GKE (Google Kubernetes Engine), EKS (Amazon Elastic Kubernetes Service), ECS (Amazon Elastic Container Service), AKS (Azure Kubernetes Service), and OpenShift.

CrowdStrike cloud security solutions


CrowdStrike has redefined security with the world's most advanced cloud-based platform that protects and supports the people, processes, and technologies that drive the modern enterprise. The industry continues to recognize CrowdStrike as a leader, most recently being named by CRN as the winner of the 2022 Tech Innovator Award for Best Cloud Security.


Powered by CrowdStrike Security Cloud, the CrowdStrike Falcon® platform leverages real-time attack indicators, threat intelligence, attacker evolution, and advanced telemetry from across the enterprise to deliver ultra-precise detection, automated defense and remediation, elite threat hunting, and prioritization.

CrowdStrike Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers

News

On March 29, 2023, CrowdStrike observed unexpected malicious activity emanating from a legitimate, signed binary, 3CXDesktopApp — a softphone application from 3CX. The malicious activity includes beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and, in a small number of cases, hands-on-keyboard activity.

The CrowdStrike Falcon® platform has behavioral preventions and atomic indicator detections targeting the abuse of 3CXDesktopApp. In addition, CrowdStrike® Falcon OverWatch™ helps customers stay vigilant against hands-on-keyboard activity.

The 3CXDesktopApp is available for Windows, macOS, Linux and mobile. At this time, activity has been observed on both Windows and macOS.

CrowdStrike Intelligence has assessed there is suspected nation-state involvement by the threat actor LABYRINTH CHOLLIMA. CrowdStrike Intelligence customers received an alert this morning on this active intrusion.


CrowdStrike Falcon Detection and Protection

The CrowdStrike Falcon platform protects customers from this attack and has coverage utilizing behavior-based indicators of attack (IOAs) and indicators of compromise (IOCs) based detections targeting malicious behaviors associated with 3CX on both macOS and Windows.

Customers should ensure that prevention policies are properly configured with Suspicious Processes enabled.

Figure 1. CrowdStrike’s indicator of attack (IOA) identifies and blocks the malicious behavior in macOS

Figure 2. CrowdStrike’s indicator of attack (IOA) identifies and blocks the malicious behavior in Windows


Hunting in the CrowdStrike Falcon Platform

Falcon Discover

CrowdStrike Falcon® Discover customers can use the following link: US-1 | US-2 | EU-1 | US-GOV-1 to look for the presence of 3CXDesktopApp in their environment.

Falcon Insight customers can assess if the 3CXDesktopApp is running in their environment with the following query:


Event Search — Application Search

event_simpleName IN (PeVersionInfo, ProcessRollup2) FileName IN ("3CXDesktopApp.exe", "3CX Desktop App")

| stats dc(aid) as endpointCount by event_platform, FileName, SHA256HashData


Falcon Long Term Repository — Application Search

#event_simpleName=/^(PeVersionInfo|ProcessRollup2)$/ AND (event_platform=Win ImageFileName=/\\3CXDesktopApp\.exe$/i) OR (event_platform=Mac ImageFileName=/\/3CX\sDesktop\sApp/i)| ImageFileName = /.+(\\|\/)(?.+)$/i| groupBy([event_platform, FileName, SHA256HashData], function=count(aid, distinct=true, as=endpointCount))


Atomic Indicators

The following domains have been observed beaconing, which should be considered an indication of malicious intent.

akamaicontainer[.]com
akamaitechcloudservices[.]com
azuredeploystore[.]com
azureonlinecloud[.]com
azureonlinestorage[.]com
dunamistrd[.]com
glcloudservice[.]com
journalide[.]org
msedgepackageinfo[.]com
msstorageazure[.]com
msstorageboxes[.]com
officeaddons[.]com
officestoragebox[.]com
pbxcloudeservices[.]com
pbxphonenetwork[.]com
pbxsources[.]com
qwepoi123098[.]com
sbmsa[.]wiki
sourceslabs[.]com
visualstudiofactory[.]com
zacharryblogs[.]com

CrowdStrike Falcon® Insight customers, regardless of retention period, can search for the presence of these domains in their environment spanning back one year using Indicator Graph: US-1 | US-2 | EU-1 | US-GOV-1.


Event Search — Domain Search

event_simpleName=DnsRequest DomainName IN (akamaicontainer.com, akamaitechcloudservices.com, azuredeploystore.com, azureonlinecloud.com, azureonlinestorage.com, dunamistrd.com, glcloudservice.com, journalide.org, msedgepackageinfo.com, msstorageazure.com, msstorageboxes.com, officeaddons.com, officestoragebox.com, pbxcloudeservices.com, pbxphonenetwork.com, pbxsources.com, qwepoi123098.com, sbmsa.wiki, sourceslabs.com, visualstudiofactory.com, zacharryblogs.com)| stats dc(aid) as endpointCount, earliest(ContextTimeStamp_decimal) as firstSeen, latest(ContextTimeStamp_decimal) as lastSeen by DomainName| convert ctime(firstSeen) ctime(lastSeen)


Falcon LTR — Domain Search

#event_simpleName=DnsRequest| in(DomainName, values=[akamaicontainer.com, akamaitechcloudservices.com, azuredeploystore.com, azureonlinecloud.com, azureonlinestorage.com, dunamistrd.com, glcloudservice.com, journalide.org, msedgepackageinfo.com, msstorageazure.com, msstorageboxes.com, officeaddons.com, officestoragebox.com, pbxcloudeservices.com, pbxphonenetwork.com, pbxsources.com, qwepoi123098.com, sbmsa.wiki, sourceslabs.com, visualstudiofactory.com, zacharryblogs.com])| groupBy([DomainName], function=([count(aid, distinct=true, as=endpointCount), min(ContextTimeStamp, as=firstSeen), max(ContextTimeStamp, as=lastSeen)]))| firstSeen := firstSeen * 1000 | formatTime(format="%F %T.%L", field=firstSeen, as="firstSeen")| lastSeen := lastSeen * 1000 | formatTime(format="%F %T.%L", field=lastSeen, as="lastSeen")| sort(endpointCount, order=desc)


File Details
SHA256Operating SystemInstaller SHA256Filename
dde03348075512796241389dfea5560c20 a3d2a2eac95c894e7bbed5e85a0accWindowsaa124a4b4df12b34e74ee7f6c683b2ebec4ce9a 8edcf9be345823b4fdcf5d8683cxdesktopapp-18.12.407.msi
fad482ded2e25ce9e1dd3d3ecc3227af714b dfbbde04347dbc1b21d6a3670405Windows59e1edf4d82fae4978e97512b0331b7eb21dd4 b838b850ba46794d9c7a2c09833cxdesktopapp-18.12.416.msi
92005051ae314d61074ed94a52e76b1c3e21 e7f0e8c1d1fdd497a006ce45fa61macOS5407cda7d3a75e7b1e030b1f33337a56f29357 8ffa8b3ae19c671051ed3142903CXDesktopApp-18.11.1213.dmg
b86c695822013483fa4e2dfdf712c5ee777d7 b99cbad8c2fa2274b133481eadbmacOSe6bbc33815b9f20b0cf832d7401dd893fbc467 c800728b5891336706da0dbcec3cxdesktopapp-latest.dmg

Recommendations

The current recommendation for all CrowdStrike customers is:

  1. Locate the presence of 3CXDesktopApp software in your environment by using the queries outlined above.
  2. Ensure Falcon is deployed to applicable systems.
  3. Ensure “Suspicious Processes” is enabled in applicable Prevention Policies.
  4. Hunt for historical presence of atomic indicators in third-party tooling (if available).


Learn more about the CrowdStrike

UPDATE

After review and reverse engineering by the CrowdStrike Intelligence team, the signed MSI (aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868) is malicious.

The MSI will drop three files, with the primary fulcrum being the compromised binary ffmpeg.dll (7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896).

Once active, the HTTPS beacon structure and encryption key match those observed by CrowdStrike in a March 7, 2023 campaign attributed with high confidence to DPRK-nexus threat actor LABYRINTH CHOLLIMA.

All Falcon customers can view our actor profile on LABYRINTH CHOLLIMA (US-1 | US-2 | EU-1 | US-GOV-1)

CrowdStrike recommends removing the 3CX software from endpoints until advised by the vendor that future installers and builds are safe.

Falcon Spotlight customers can search for CVE-2023-3CX to identify vulnerable versions of 3CX software. Spotlight will automatically highlight this vulnerability in your vulnerability feed.


iIT Distribution is the official distributor of CrowdStrike solutions. Our partners, clients, and organizations of all sizes can get access to highly effective CrowdStrike products by requesting a trial version on our website. Stay safe and secure!

Back

CrowdStrike Falcon Platform: all modules

Built on cloud-based technology with a single lightweight agent architecture, the Falcon platform delivers fast and scalable deployment, superior protection and performance, reduced complexity and fast payback. The Falcon platform's key features are flexibility and extensibility, enabling you to meet all your security needs. Each of the modules listed below are available on the Falcon platform and are implemented through a single agent and cloud management console.

Request a demo

Endpoint Security & XDR

Real-time threat protection, detection and automated response to combat threats and stop breaches anywhere, anytime.

Falcon Insight XDR | Extended Detection and Response (XDR)

Offers industry-leading endpoint detection and response (EDR) and extended detection and response (XDR) in a single solution, and customers can easily expand from EDR to XDR using XDR connector packs.

Falcon Prevent | Next-Generation Antivirus

Protects against all types of threats, from malware and ransomware to sophisticated attacks, and deploys in minutes, immediately protecting your endpoints

Falcon Firewall Management | Host Firewall

Delivers simple, centralized host firewall management, making it easy to manage and control host firewall policies

Falcon Device Control | USB Device Visibility and Control

Provides the visibility and precise control required to enable safe usage of USB devices across your organization.

Cloud Security

Advanced cloud application security, including breach prevention, workload protection and cloud security management.

FALCON HORIZON | Cloud Security Posture Management

Streamlines cloud security posture management across the application lifecycle for multi-cloud environments, enabling you to securely deploy applications in the cloud with greater speed and efficiency.

Falcon Cloud & Container Security

Automates secure cloud application development by ensuring full protection and compliance for containers, Kubernetes, and hosts throughout the container lifecycle.

Falcon Cloud Workload Protection

Provides comprehensive breach protection across private, public, hybrid and multi-cloud environments, allowing customers to rapidly adopt and secure technology across any workload.

Threat Intelligence

Integrate threat analysis into endpoint protection, identify threats outside the perimeter and gain access to industry-leading malware-focused research.

Falcon Intelligence Recon | DIGITAL THREAT MONITORING

Monitors potentially malicious activity across the open, deep and dark web, enabling you to better protect your brand, employees and sensitive data.

Falcon Intelligence | AUTOMATED THREAT INTELLIGENCE

Enriches the events and incidents detected by the CrowdStrike Falcon platform, automating intelligence so security operations teams can make better, faster decisions.

Falcon Sandbox | MALWARE ANALYSIS

Uncovers the full malware attack lifecycle with in-depth insight into all file, network, memory and process activity, and provides easy-to-understand reports, actionable IOCs and seamless integration.

Falcon MalQuery |MALWARE SEARCH ENGINE

A search engine for malware that allows you to search for and attribute samples from your investigations. Access to such an extensive collection of samples is very important to better identify the source, code reuse, and family of malware you are investigating.

Identity Protection

80% of all hacks involve compromised identity data. CrowdStrike Falcon Identity Protection stops hacks faster by protecting employee identities everywhere using advanced artificial intelligence in the world's largest single threat-centric data network.

Falcon Identity Threat Detection

Enables hyper-accurate detection of identity-based threats in real time, leveraging AI and behavioral analytics to provide deep actionable insights to stop modern attacks like ransomware.

Falcon Identity Threat Protection

Enables hyper-accurate threat detection and real-time prevention of identity-based attacks by combining the power of advanced AI, behavioral analytics and a flexible policy engine to enforce riskbased conditional access.

Security & IT Ops

Unmatched real-time visibility of devices, users and applications on your network.

Falcon Discover | IT HYGIENE

Identifies unauthorized accounts, systems and applications anywhere in your environment in real time, enabling faster remediation to improve your overall security posture.

Falcon Spotlight | VULNERABILITY MANAGEMENT

Offers security teams an automated, comprehensive vulnerability management solution, enabling faster prioritization and improved remediation workflows without resource-intensive scans.

Falcon FileVantage | FILE INTEGRITY MONITORING

Provides real-time, comprehensive and centralized visibility that boosts compliance and offers relevant contextual data.

Observability

Observability Provides the systematic collection of data needed to understand network operation.

FALCON LOGSCALE | LOG MANAGEMENT AND OBSERVABILITY

Offers an advanced, purpose-built log management platform that enables organizations to log everything to answer any question in real time, provides full visibility into all streaming logs and event data, and helps to better prepare for the unknown by making it easier to examine and find the root cause of any incident.

CrowdStrike Falcon Named the Winner of the 2022 AV-TEST Award for Best MacOS Security Product

News

After extensive testing and analysis, the AV-TEST Institute has named CrowdStrike Falcon® Pro for Mac the Best MacOS Security Product for Business for 2022. AV-TEST completed its evaluation of macOS security products for business users for 2022 following a year-long series of tests, in which Falcon Pro for Mac was the only security product to score a perfect 18.0 points in three straight quarterly evaluations.

In announcing the decision, AV-TEST CEO Maik Morgenstern praised Falcon Pro for Mac:

“Corporate users in particular know the damage that a successful attack can inflict on their Mac systems. That is why a good endpoint solution is a perfect bulwark to fend off attacks at the corporate user level. Thus, the lab is pleased to confer the AV-TEST Best MacOS Security 2022 Award for Corporate Users on CrowdStrike for its enterprise solution, Falcon.”

CrowdStrike is the winner of this award in a competition that saw the industry’s leading cybersecurity vendors participating in quarterly evaluations throughout 2022.

Watch this video demoto see Falcon endpoint security for macOS in action.

For Enterprise, Endpoint Security for Mac Best Practices Means Investing in the Best Cybersecurity Protection: CrowdStrike Falcon Pro for Mac

Apple’s Mac computers have become increasingly popular among enterprises. Following innovations like Apple’s introduction of its own high-power/high-efficiency M1 series chips in 2020, macOS devices surged from a 17% market share among U.S. enterprises (1,000+ employees) in 2019 to 23% in 2021. The company hasn’t been immune from global economic forces, but even as PC sales stalled, Apple still managed to increase its market share in 2022.

This era of widespread enterprise Mac adoption is colliding with a longstanding misconception that macOS is seldom targeted by or vulnerable to malware — which is hardly the case. As CrowdStrike research into the macOS malware landscape shows, Macs are being hit with a wide range of sophisticated malware, from backdoors to ransomware. And Apple itself was forced to release dozens of critical macOS security updates in 2022 as adversaries stepped up their efforts to attack the platform.

Hoping that the built-in security capabilities of macOS will protect a Mac from a determined adversary is wishful thinking. Relying on out-of-the box Mac antivirus software is also insufficient to avoid the possibility of a costly breach.

Given what is at stake, it is more important than ever for organizations to invest in the best possible protection for their macOs computers. According to the AV-TEST Institute — a leading independent cybersecurity solution evaluation organization — the best macOS security product for business macOS in 2022 was CrowdStrike Falcon Pro for Mac.

AV-TEST Runs Comprehensive Testing Scenarios for macOS Security Products — and Falcon Excelled

AV-TEST has designed a suite of comprehensive and demanding evaluation scenarios for macOS security products aimed at the business market.

First and foremost, the security solution must both detect and protect against threats. AV-TEST employs hundreds of samples of prevalent Mac malware including worms, viruses and trojans. Malware that is missed sets the stage for a breach, so a high score is important. The second part of the test evaluates performance, ensuring that use of the security solution doesn’t slow down the performance of Mac computers during daily use. When computers slow down, users complain and productivity takes a hit. The third component is usability, which measures the security solution’s incidence of false positives. False positives are disruptive and waste valuable SecOps time for investigations.

Through the four quarterly macOS security for business evaluations that AV-TEST conducted in 2022, CrowdStrike Falcon Pro for Mac narrowly missed a perfect score for the year, with a perfect 18.0 points across three of the four sessions and 17.5 points (out of 18.0) in the fourth.

This consistent, outstanding performance earned CrowdStrike Falcon Pro for Mac the AV-TEST award as Best macOS Security Product for Business for 2022.

In announcing the award, AV-TEST said of CrowdStrike’s achievement and the importance of protecting enterprise macOS endpoints:

“The days when there was only a small number of malware threats for MacOS have long since passed. The AV-ATLAS statistics system from AV-TEST tallied only a few thousand malware samples 15 years ago — now there are nearly 1 million. The threats for consumer users, and especially for corporate users, are to be taken seriously. CrowdStrike is acutely aware of such threats, and demonstrated in the lab in the year 2022 how well its software solution is able to protect corporate users. For this outstanding performance, the institute conferred the AV-TEST Best MacOS Security 2022 Award for Corporate Users on CrowdStrike Falcon.”

Why CrowdStrike Is Committed to Third-Party Testing

The AV-TEST award was another notable win for Falcon and for CrowdStrike the recognition is an opportunity to educate customers on making the best choices for their organizations’ Mac computer security needs.

CrowdStrike remains committed to independent third-party testing of its products and transparency of their involvement in it. Ongoing testing of Falcon by a wide range of organizations helps us to improve our products based on their feedback. Third-party testing also enables customers to gain a clear understanding of the benefits of Falcon's technology and capabilities, including the use of advanced machine learning and indicators of attack (IOA) for automated threat detection.

Continued market leadership of CrowdStrike is recognized by awards like these. As the world's most tested next-generation security platform, CrowdStrike has consistently demonstrated that Falcon is the next-generation platform that delivers the comprehensive protection and results customers demand and deserve.

The iIT Distribution – is the official distributor of CrowdStrike solutions. We help organizations ensure comprehensive protection and increase the efficiency of their IT infrastructures. Our approach provides customers with the necessary software, hardware, implementation and support services.

Back

Mobile Marketing
+