CrowdStrike, a leader in cloud-delivered endpoint protection, announced at Black Hat USA 2019 the launch of CrowdScore, a new industry innovation on the CrowdStrike Falcon platform. CrowdScore is a simple metric that enables CxOs to instantly see the real-time threat level their organizations are facing, allowing them to quickly mobilize resources to respond.
Speed of detection, investigation and response are essential for effective security. CrowdStrike research on breakout time shows that security teams should strive to detect threats on average in 1 minute, understand them in 10 minutes and contain them in 60 minutes to be effective at stopping breaches.
Traditionally, organizations have struggled to meet these metrics due to lack of resources and prioritization of an ever-growing number of alerts. CrowdScore changes the game by solving both problems.
CxOs now can ensure that they are instantly made aware of incidents in their environment that demand activation of crisis management plans. In addition, CrowdScore empowers security operations teams to move away from tactical alert resolution to strategic incident management.
“With the introduction of CrowdScore, CrowdStrike is revolutionizing the approach organizations take to understand and respond to threats and transforms the way customers use the CrowdStrike Falcon platform,” said Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike.
“Because of CrowdStrike’s cloud native platform and AI-based analytics, we are able to offer customers a simple view into their organization’s threat exposure and the ability to rapidly prevent the most critical threats in their environment to meet the 1-10-60 rule metrics.”
Key features and benefits of CrowdScore include:
- The CrowdScore offers a real-time organizational threat score that helps security leaders understand the real-time state of the threat inside their organization. CrowdScore supports better executive decisions and more effective strategic planning.
- The Incident Dashboard, which automatically compiles related security alerts into manageable incidents and uses AI-based prioritization to ensure that the most critical threats are handled first. Incident Dashboard eliminates the burden and delays associated with manually triaging large volumes of security alerts.
- The Incident Workbench, which delivers a comprehensive view of cyber threats through sophisticated visualizations and deep context. The Incident Workbench automates the labor-intensive steps in investigating threats, dramatically reducing the time investigators need in order to understand threats and drive the optimal response.
“The ‘elephant in the room’ that we often fail to publicly acknowledge is security teams do not have the bandwidth to address all incidents and all alerts; today’s reality is that successful security teams are the one that correctly select which alerts and incidents to address and when to address them.
“With CrowdScore, CrowdStrike looks to provide the tools to make threat analysis and response capabilities better informed, faster, and more effective so security professionals can strategically respond to the most critical threats in their environment at the right time.
“This feature set is increasingly foundational for not only security professionals but also executives looking to have an intelligent dialogue about their organization’s risk and threat posture,” said Frank Dickson, program vice president of IDC Cybersecurity Research.