Product Overview: CrowdStrike Falcon Endpoint Protection Platform
The CrowdStrike Falcon Endpoint Protection Platform is a cutting-edge, cloud-native solution designed to provide comprehensive and advanced security for endpoints, ensuring the protection of organizations against a wide range of threats.
What it Does
CrowdStrike Falcon is engineered to stop breaches and improve performance by leveraging the power of the cloud, artificial intelligence (AI), and a lightweight, intelligent agent. This platform unifies next-generation antivirus (NGAV), endpoint detection and response (EDR), cyber threat intelligence, and managed threat hunting capabilities, making it a robust defense against both malware and malware-free attacks, including exploits, zero days, and other sophisticated methods.
Key Features
Cloud-Native Architecture
The Falcon platform operates entirely in the cloud, eliminating the need for hardware, additional software, or complex configurations. This architecture reduces overhead, friction, and cost while offering infinite scalability and regional cloud options to meet compliance and policy requirements.
Threat Graph and Real-Time Visibility
The Threat Graph is the core component of the Falcon platform, providing real-time visibility and insights into endpoint activities across the environment. It captures and analyzes vast amounts of data, including 2 trillion events per week, tracks over 116 adversaries, and processes 3.2 petabytes of global telemetry, enabling swift and effective threat detection and response.
Lightweight and Intelligent Agent
The Falcon agent is lightweight and cloud-managed, ensuring minimal impact on endpoint performance. It blocks attacks, captures and records endpoint activity, and integrates threat intelligence to outsmart attackers. This agent can operate effectively whether the endpoint is online or offline.
Modular and Extensible
The Falcon platform is designed to be modular, allowing new security countermeasures to be added seamlessly without the need for re-architecting or re-engineering the solution. This ensures the platform remains adaptable to evolving security needs.
Comprehensive Security Capabilities
- Falcon Prevent: Offers NGAV capabilities, including machine learning for unknown malware, exploit blocking, and advanced Indicator of Attack (IOA) behavioral techniques to defend against both known and zero-day threats.
- Falcon Insight: Provides EDR capabilities with continuous visibility into endpoint activities, enabling detection, response, and forensic analysis in real time.
- Falcon OverWatch: A managed threat hunting service that proactively identifies and stops malicious activities 24/7, augmenting in-house security resources.
- Falcon Discover: An IT hygiene solution that identifies unauthorized systems and applications, monitors privileged user accounts, and enables real-time remediation.
Automation and Orchestration
The platform includes Falcon Fusion SOAR (Security Orchestration, Automation, and Response), which automates workflows, enrichments, response actions, and notifications. This integrates with Falcon Next-Gen SIEM to accelerate threat detection, investigation, and response.
Additional Features
- Application Control: Blocks endpoint users from accessing restricted applications.
- Asset Management: Keeps records of network assets and their activities, discovering new assets accessing the network.
- Real-Time Detection: Constantly monitors the system to detect anomalies in real time.
- Threat Hunting: Facilitates proactive searches for emerging threats targeting servers, endpoints, and networks.
- Response Automation: Reduces time spent on manual remediation by resolving common security incidents quickly.
Functionality
The Falcon platform is designed to deliver immediate time-to-value with no additional hardware or software requirements. It offers:
- Proactive Alerts and Reports: Provides proactive report alerts and intelligence reports to keep security teams informed.
- Behavioral Analysis and Automated Remediation: Conducts behavioral analysis and automates remediation processes to quickly address security incidents.
- System Isolation and Web Control: Allows for system isolation and web control to enforce compliance protocols and manage user internet access.
In summary, the CrowdStrike Falcon Endpoint Protection Platform is a powerful, cloud-native solution that integrates advanced security technologies to protect endpoints against sophisticated threats, ensuring real-time visibility, automated response, and continuous security improvement.