CrowdStrike launches malware search engine

CrowdStrike launched CrowdStrike Falcon MalQuery, the first malware search and intelligence component of its CrowdStrike Falcon Search Engine for cybersecurity data.

malware search engine

CrowdStrike has built the largest searchable threat database in the cybersecurity industry, ingesting more than 51 billion security events a day, and indexing more than 700 million files totaling more than 560TB of malware that can be searched in real-time. With this launch, customers can take advantage of the data to significantly speed up and improve their malware research capabilities in the Security Operations Center (SOC).

CrowdStrike Falcon MalQuery is available to existing CrowdStrike customers as an additional service and can be purchased as a stand-alone offering by new customers.

With this new capability, customers gain the following significant advantages from the CrowdStrike Falcon platform:

  • Speed – CrowdStrike’s malware search engine enables the searching of 560TB of data in mere seconds. This speed delivers a 250x performance increase for malware research without compromising the amount of data being searched. These speed gains are realized for all types of search, including string-based or YARA-based searches.
  • Clarity – The company delivers the ability to search across the largest and most comprehensive searchable database of malware in the industry. The technology gives researchers more complete results by indexing both file metadata as well as the binary contents of the file, and overlaying the results with CrowdStrike Falcon Threat Intelligence.
  • Protection – CrowdStrike’s faster, more accurate results lead to higher quality protection rules for proactive defense against future threats, which enables greater understanding and protection against an attacker’s next move. Customers of the CrowdStrike Falcon Endpoint Protection platform can also conduct real-time investigations based on search results to immediately understand their exposure to threats.
  • Fully Integrated – Through a single console, customers can search CrowdStrike Falcon Intelligence data for indicators, actors and reports with results displayed as a readily consumable, schematized snapshots. Additionally, they can conduct YARA searches with cross correlation to all CrowdStrike Intelligence data.

At the core of the engine is patent-pending indexing technology. This index enables the engine to search across file metadata, the binary contents of the file itself, as well as the threat intelligence related to the file.

The CrowdStrike Falcon platform enables search over all collected content: endpoint data, intelligence indicators and malware corpus. Its Investigate module allows customers to search real-time and historical data for their enterprise with zero impact to their endpoints.

The company is also launching Intel indicator search that enable rapid consumption of search results without requiring the review of large contextual sources. As a result, for the first time, cybersecurity professionals have a tool that can keep up with rapid change arising from polymorphic malware and rapidly evolving threat variants.