CrowdStrike expands its endpoint protection platform with new features

CrowdStrike announced new features and capabilities expanding the scope of the CrowdStrike Falcon platform as the endpoint protection solution available to customers.

CrowdStrike released a new device control module to enable visibility and control into removable media activity, a functionality for organizations looking to replace their legacy antivirus with endpoint protection.

Additionally, CrowdStrike has announced a new feature to secure Docker container environments and the adoption of MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework.

“The Falcon Platform continues to revolutionize the endpoint security industry as the most innovative cloud-native solution,” said Amol Kulkarni, chief product officer of CrowdStrike.

“Today, we are announcing multiple critical feature enhancements to offer our customers increased visibility, control and threat prevention for various evolving attack vectors, all delivered from a single lightweight agent and managed through a single console.”

Falcon Device Control

USB devices are widely used but they can cause security risks, from carrying malware and exploits, to leaking data outside of an environment.

Falcon Device Control enables the safe utilization of USB devices across organizations by providing both visibility and control over those devices.

It offers security and IT operations teams understanding into how devices are being used and the ability to control and manage that usage. Seamlessly integrated into the Falcon agent, it provides unparalleled device control efficiency paired with endpoint detection and response (EDR) capabilities.

Customers using Falcon Device Control have visibility into device information and history, increased control on mass storage devices, and greater context into host activity to see what’s happening in environments.

This offers administrators the ability to implement controls to protect critical data.

Securing Docker containers

Organizations are adopting container technology such as Docker in their data centers, to help drive efficiency and agility.

As they do so, a new attack surface has emerged that lacks visibility. Existing point solutions can be cumbersome to deploy and monitor, and require additional agents and infrastructure for organizations to maintain.

CrowdStrike is extending the protection of Falcon Insight to introduce compatibility with Docker, ensuring deep visibility and protection across this emerging platform.

With this new capability, the Falcon Agent extends visibility to cover not only Windows, Mac, and Linux endpoints, but also threats within Docker containers.

By leveraging artificial intelligence (AI) and analytics to detect and respond to threats within Docker containers, Falcon Insight closes a security gap for enterprises — requiring no additional infrastructure, maintenance, or cost.

CrowdStrike’s cloud-native platform provides the protection, covering both desktops and data centers, with a single agent, single console and no on-premise infrastructure.

Adopting the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework

Alerts and detections in the CrowdStrike Falcon platform now map to MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework.

MITRE ATT&CK is an industry standard that categorizes attackers’ behavior into the objectives, the tactics and the techniques that they employ and is based on millions of observed real-life attacks.

The adoption of the MITRE framework in Falcon’s detections accelerates alert triage and shortens incident analysis time. It allows security analysts and incident responders to grasp the impact and risks associated with alerts, see which stage of the attack the adversary is on, and answer key questions.

Previously, CrowdStrike Falcon was validated for its completion of an evaluation by MITRE’s Leveraging External Transformational Solutions (LETS) program in its ability to detect attack techniques employed by GOTHIC PANDA (also known as APT3), an adversary with ties to the Chinese government.

CrowdStrike continues to submit to third-party tests, as these validate CrowdStrike’s technology capabilities and provide an opportunity to work with customers to ensure they are receiving protection.