CrowdStrike Overview and Endpoint Security Solutions

2022 CrowdStrike, Inc. All rights
reserved.
DigitalTrack Solution
Crowdstrike Overview

reserved.
 CrowdStrike is a SaaS (software as a
service) solution
 CrowdStrike Falcon is a lightweight
solution and its cloud-based architecture
 NGAV (next-generation anti-virus) offering
powered by machine learning and IOA to
ensure breaches are stopped before they
occur.
 It’s provided an advanced EDR (endpoint
detection and response) solution
CROWDSTRIKE
FEATURES
2020 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

reserved.
Today’s
Security
Can’t Keep Up
Attack
Sophistication
Solution
Complexity
Skill
Shortages
reserved.

reserved.
Why CrowdStrike
For endpoint protection
Zero
Impact
Maximum
Efficiency
Better
Protection
Adversary
Focused
Unparalleled
Visibility
2022 CrowdStrike, Inc. All rights reserved.

reserved.
Lateral
Movement
Collection Command
& Control
Exfiltration Impact
10
9
8
12
11
Initial
Access
Execution Persistence Privilege
Escalation
Defense
Evasion
Credential
Access
Discovery
1 2 3 4 5 6 7
Survival of the Fastest
MITRE ATT&CK PHASE
To stay
ahead you
must…
1 min
Detect In
10 min 60
min
Respond In
Breakout
Time
Investigate In

reserved.
162 Hours
Industry Avg, MTTR
Remediate
Investigate
Detect
35 Minutes
Falcon Complete, MTTR
Stop Adversaries Faster
98 Minutes
Avg Breakout Time
Attacker
Objective
Achieved
Initial access
Persistence Lateral Movement
Discovery
*Source: The 2021 CrowdStrike Cyber Front Lines
report.
Detect
Investigate
Remediate
Minutes matter.

reserved.

reserved.
Falcon Endpoint Security ( NGAV&
XDR)
Falcon Prevent (NGAV)
Falocn Firewall management
Falcon Devices control
Falcon XDR (Include EDR)
Falcon Forensics

reserved.
Minimize complexity
Business Value
Improve protection
Reduce number of incidents
Improve user productivity – no user impact
Boost confidence: More third-party testing
than any other NGAV vendor
AI-powered Protection
Threat Intelligence
Exploit Blocking
IOA Behavioral Blocking
Next-Gen AV
Falcon
Prevent

reserved.
Reduce complexity
Business Value
Simplify management of host
firewalls native to the operating
system
Enhance protection
Gain instant visibility
Consolidate management
Speed troubleshooting
Create & Manage
Polices with Ease
Instant Visibility
Frictionless Management
Operational in Minutes
Firewall
Falcon
Firewall
Managem
ent

reserved.
Reduce risk with precise control over USB
usage
Business Value
Protection from removable device risks
Visibility into specific USB device events
Consolidated
management – same
console and agent
Assess and respond to incidents faster
Granular
Enforcement &
Control
Real-Time Visibility
Frictionless Management
Effortless Deployment
Visibility & Control
Falcon
Device
Control

reserved.
Gain context and intelligence
Business Value
Detect advanced threats automatically
Capture critical details for threat hunting and
forensic investigations
Respond and remediate with confidence
Streamline operations
Stop the breach
Record Everything
In-depth Automated
Analysis
Threat Hunting
Real-time Response
& Containment
Endpoint Detection & Response
Falcon
Insight

reserved.
Blocked by on-sensor
Machine Learning
1
Understand the full attack
2
View the entire flow of attack,
step by step
3
Understand the
adversary and take
action
4
2
4
3
1
How it works: Detection to action with endpoint
protection

reserved.
 Industry-Leading EDR at the Core
 Native EDR data provides inherently higher fidelity telemetry.
 World-class scale and management.
 Unified Detection and Response from One Console
 Consolidate threat data across your security ecosystem.
 Search at blazing speed and scale.
 Understand complex attacks at a glance.
 Flexible Data Ingestion AND Purpose-Built Integrations
 Flexibility in your choice of security controls.
 Dedicated integrations with best-of-breed vendors via the CrowdXDR Alliance and
expanding support to additional technologies .
Why Falcon XDR?
©2021 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

reserved.
Falcon XDR: Extend beyond the endpoint
Supercharge detection and response across your entire security stack
INGEST
CASB
Threat
Intelligence
DETECT ORCHESTRATE
Triage and decisioning
Automated workflows
Unified hunting and
investigation
Surgical response
Endpoint Containers
Cloud
Web
Firewall
Email
OT/IO
T
Identity Network
Scheduled searches and
custom detections
CWPP Parsing
Map to
schema
Cross-
correlation
Alert
prioritization
Telemetry
enrichment
Analytics

reserved.
CrowdXDR Alliance
The Power Of We To Stop Breaches
Collective Defense | Purpose-Built
Integration

reserved.
Forensic Artifact Collection & Analysis
Falcon Forensics
One Solution
Preset
Dashboards
Large Scale
Deployment
BUSINESS VALUE
Robust Analysis
Deploy across large-scale
enterprises
Eliminate full disk scanning, rely
on dissolvable executable to
minimize impact
Enhance skills without
lengthy queries
Streamline data collection and
analysis to a single solution

reserved.
Security & IT
Operation
Falcon Discover
Falcon Spotlight
Falcon File Vantage
Identity
Protection
Falcon ITD
Falcon ITP

reserved.
FALCON DISCOVER
Real-time visibility and monitoring into all
your applications, assets and accounts.
CROWDSTRIKE

reserved.
IMAGE
 See potential blind spots
in your environment via
streaming telemetry.
 Get continuous visibility
into what accounts,
applications, and assets
are running.
 Dive into the data to
manage and pinpoint
suspicious activity.
CROWDSTRIKE
HOW FALCON
DISCOVER WORKS

reserved.
Asset Inventory
Use the Asset
Inventory dashboard
for fast detailed
information.
CROWDSTRIKE

reserved.
Account Monitoring
CROWDSTRIKE

reserved.
IT Hygiene
falcon discover
Always
Current
Application
Usage
Asset and
Firmware
Inventory
BUSINESS VALUE
Privileged
Account
Monitoring
Reduce licensing costs
Minimize risk associated with
rogue users, apps, and systems
Eliminate burden of
unmanaged assets
Reduce cost of endpoint
inspections

reserved.
Fast, effective vulnerability management
FALCON SPOTLIGHT

reserved.
• Cloud-native vulnerability
management
• No new agents
• No new infrastructure
• No scans to manage
• Coverage regardless of network
presence
FALCON SPOTLIGHT
SIMPLICITY

reserved.
NEW: EXPANDED VULNERABILITY
VISIBILITY
 Windows desktop
applications
 Server software
 Development tools
Value: More complete picture
of risks in your organization

reserved.
Vulnerability MANAGEMENT
FALCON SPOTLIGHT
Scanless
Technology
Integrated Threat
and Vulnerability
Workflows
Visibility from OS
to BIOS, On- and
Off-prem
BUSINESS VALUE
Simplicity
Timely Knowledge,
On-Demand
Zero Impact
Holistic Protection
No Scanners,
No New Agents
Fast and Effective
Vulnerability Management

reserved.
FALCON FILEVANTAGE (File integrity monitoring)
Meet compliance
requirements
Optimize your
security team’s
efficiency
Use your existing
sensor

reserved.
FEATURES- FALCON FILEVANTAGE
Pre-built default rule groups
can be copied and modified
for quicker configuration and
deployment of policies for
critical file locations
Initiate workflows in response
to detected file changes
Monitor critical files, folders
and registries for
modification
Monitoring andVisibility Workflows Integration
Speed ofConfiguration

reserved.
TRIGGER
FILEVANTAGE WORKFLOW COMPONENTS
Windows Registry Key Change
Directory Change
Windows Registry Value change
File change
ACTION
 Email
 Slack
 PagerDuty
 Webhook
 MS Teams
 ServiceNow
 RTR
 Network Contain
 Get
ServiceNow CI
Computer
CONDITION
Specified changes
depending on selected
trigger

reserved.
3 Simple Steps to replace your legacy endpoint security with the Falcon
platform
Financial Institution
77,000 AGENTS
1 DAY
Technology Company
55,000 AGENTS
5 DAYS
Financial Institution
300,000 AGENTS
90 DAYS
Hospitality Chain
40,000 AGENT
5 DAYS
Install the
Falcon Agent
Verify the
installation
Remove legacy
products
No scanning
No reboot
No fine-tuning,
rule writing
No infrastructure
setup
No signatures
updates
1 2 3

reserved.
One Agent,
Full Visibility
PREVENT • PREDICT • DETECT • RESPOND
Falcon Agent
User Accounts
Active Directory
3rd Parties
Identity
Workstations
Servers
Mobile
IOT
Endpoint
reserved.
Cloud
Containers
Workloads
Data Centers

reserved.
Move to
CrowdStrike
• True turnkey solution, deploy in a day
• Effortless scalability
Time to
Value
• Leading experts in threat hunting
• Tenacious, fully-managed protection,
investigation, and response
World-Class
Expertise
• Dynamic, universal lightweight agent
• Flexible, cloud-native architecture
• Advanced AI/ML starting on the agent
Adaptive
Performance
• Industry-adopted threat research and
taxonomy
• Intel front-and-center in every product
Adversary
Focused
• Complete security suite across endpoints,
clouds, identities, and data
• Security data at unprecedented scale
• Multi-domain orchestration and automation
End-to-End
Protection

reserved.
Why log more for longer?
HISTORICAL
INVESTIGATION
RETENTION
COMPLIANCE
CUSTOM
ALERTING
COST AND COMPLEXITY
WHY NOT?

reserved.
WHY OUR CUSTOMERS USE HUMIO?
IMPROVE RESPONSE
INCREASE
PRODUCTIVITY
REDUCE COST

reserved.
WHY ORGANIZATIONS DON’T KEEP WORKLOAD LOGS FOR LONG?
Complex,
doesn’t scale,
and slow
Expensive for
both infra &
licensing
Too selective
and short
term
E.L.K.? SIEM?
Splunk?

reserved.
Humio for falcon
Workload log aggregation
Long Term
Workload Log
Retention
Prebuilt Falcon
Integration
Package
Immediate
Complex Query &
Alerts
Lower Cost of
Ownership
Reduce risk by retaining
visibility
Reduce infrastructure complexity
BUSINESS VALUE
Threat hunting and troubleshooting
at speed & scale
Reduce Cost
Meet retention compliance

reserved.
FALCON
COMPLETE
MANAGED DETECTION AND RESPONSE
BACKED BY INDUSTRY’S STRONGEST
BREACH PREVENTION WARRANTY
ENDPOINT CLOUD IDENTITY

ABOUT THE FALCON
COMPLETE TEAM
EXPERTS IN INCIDENT RESPONSE
Years of DFIR experience, PIONEERED remote
remediation as a core competency
ALWAYS IMPROVING
Every day building countermeasures to respond to the
latest threats the moment they emerge
EXPERTS IN FALCON PLATFORM
Certified analysts, 100% focused on stopping breaches
MISSION:
Manage, monitor, and remediate
threats 24/7/365

reserved.
STOPPING Breaches WITH SPEED
requires more than technology
PREVENT
BLOCK
THREATS
MONITOR
COLLECT
DETECT/HUNT
PRIORITIZE
INVESTIGATE
MANAGE
IMPLEMENT
CONFIGURE
FINE-TUNE
RESPOND
CONTAIN
REMEDIATE
24X7

reserved.
CrowdStrike Feature Set (License Term)
Sl.No Feature Set (License Term) Description
1 CrowdStrike Prevent / NGAV
Crowdstrike NGAV protects endpoints against all types of attacks from
commodity malware to sophisticated attacks — even when offline.
2 CrowdStrike Insight (EDR)/ CrowdStrike Insight (XDR)/
EDR helps to analyses the data in real time to automatically identify threat
activity, enabling it to both detect and prevent advanced threats as they happen.
3 CrowdStrike Overwatch or Threat Hunting
Overwatch or Threat hunting provides deep and continuous human analysis in
24/7*365 to relentlessly hunt against the detections
4 Falcon Discover or IT Hygiene
Falcon Discover or IT Hygiene monitors and inventories systems, application
usage and user account usage in real time.
5 CrowdStrike spotlight or vulnerability management
CrowdStrike Spotlight offers security teams a real-time assessment of
vulnerability exposure on their endpoints that is always current.

reserved.
Trusted by
Customers
Everywhere
65 of 100
The Fortune 100
254 of 500
The Fortune 500
15 of the Top 20
Global Banks
5 of the Top 10
Largest Healthcare Providers
7 of the Top 10
Largest Energy Institutions
“CrowdStrike Falcon is one of
the most important tools in
my organization's security
toolbox.”
in Endpoint Protection
Platforms
Highest Ratings
4.9/
5
4.8/
5
in EDR
reserved.

CrowdStrike Overview and Endpoint Security Solutions

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to CrowdStrike Overview and Endpoint Security Solutions

Similar to CrowdStrike Overview and Endpoint Security Solutions (20)

Recently uploaded

Recently uploaded (20)

CrowdStrike Overview and Endpoint Security Solutions