Customized IOCs, intelligence and SOC automation for orgs of every size

Cyber Chief Magazine brings you the tactics to uncover and neutralize the insider threat

CrowdStrike announced at RSA Conference 2018 that it has expanded the capabilities of the CrowdStrike Falcon platform by introducing a new threat analysis subscription module, CrowdStrike Falcon X.

threat analysis SOC automation

The output of this analysis is a combination of customized indicators of compromise (IOCs) and threat intelligence designed to help prevent against threats your organization faces now and in the future. Falcon X produces IOCs for both the threat that was actually encountered in your organization and all of its known variants, and immediately shares them with other security tools like firewalls, gateways and security orchestration tools via API.

It also provides integrated threat intelligence alongside its security alerts to accelerate incident research, streamline the investigative process and drive better security responses.

CrowdStrike Falcon X provides the following capabilities:

  • Automatic threat analysis — All files quarantined by CrowdStrike Falcon endpoint protection are automatically investigated by Falcon X. This automation drives breakthrough efficiency gains for security operations teams, elevates the capabilities of all security analysts and unlocks critical security functionality for organizations without a SOC.
  • Malware analysis — Falcon X enables in-depth analysis of unknown and zero-day threats that goes far beyond traditional approaches. It employs a combination of static, dynamic and fine-grained memory analysis to quickly identify the evasive threats other solutions miss.
  • Malware search — Connects the dots between the malware found on your endpoints and related campaigns, malware families or threat actors. Falcon X searches CrowdStrike Falcon Search Engine for related samples and within seconds expands the analysis to include all files and variants, leading to a deeper understanding of the attack and an expanded set of IOCs to defend against future attacks.
  • Threat intelligence — Actor attribution exposes the motivation and the tools, techniques and procedures (TTPs) of the attacker. Practical guidance is provided to prescribe proactive steps against future attacks and stop actors in their tracks.
  • Customized intelligence — CrowdStrike Falcon X automatically produces intelligence specifically tailored for the threats you encounter in your environment. Customized IOCs are immediately shared with other security tools via API, streamlining and automating the protection workflow. Cyber threat intelligence related to the encountered attack is displayed alongside the alert, making it quick and easy for analysts to understand the threat and take action.

“Most incident response teams have to manually analyze the threats they face with limited visibility into the targeted threat intelligence behind them. With CrowdStrike Falcon X, we elevate customers’ abilities to perform better analysis when a threat is detected and correlate it with strategic and tactical intelligence quickly, cutting down investigation time from hours and even days to seconds,” said Dmitri Alperovitch, CrowdStrike’s co-founder and chief technology officer.

“Through this automation, we help smaller teams achieve a level of protection that would normally be out of reach, and we help larger teams make each of their analysts more effective.”

RSA Conference 2018