The key new products are the integration of technology from Humio into Falcon LogScale module and Falcon Complete LogScale managed service, while XDR has also added to all customers with Falcon Insight becoming Falcon Insight XDR.
Today, CrowdStrike kicked off their Fal.Con event with four major product announcements. These include new Cloud Native Application Protection Platform [CNAPP] capabilities for CrowdStrike Cloud Security, which includes new Cloud Infrastructure Entitlement Management [CIEM] features. They also include the introduction of the new Falcon LogScale module and Falcon Complete LogScale managed service, a new module (Falcon Discover for IoT) for their IT Operations Suite, and an expansion of integrations with integrating third-party telemetry from CrowdXDR Alliance partners.
Adam Meyers, CrowdStrike’s SVP of Intelligence, who was there with the company at the beginning 11 years ago, reviewed the evolution of cyberthreats over the last year. He noted that 11 years ago, most companies’ focus was on malware.
“Our premise was that you don’t have a malware problem, you have an adversary problem,” Meyers said. “We helped customers understand who was after them and how to defend better against them. This included nation states, e-crime, which was ransomware but is changing to identity-based attacks to steal data, which is a fundamental shift in how these actors are operating, and hacktivism.”
Meyers said this major shift in ransomware tactics has seen ransomware evolve to the point where 82% of them now come with data extortion attacks.
“When they steal the data they also index it so it can be easily searched, which creates regulatory problems where the cost of not paying the ransom for the data is more than paying it.”
CrowdStrike made a move to strengthen itself in the XDR market, announcing that Falcon Insight is now Falcon Insight XDR. This is not simply a rebranding effort, however.
“It lets all customers leverage our unique XDR approach which combines our native XDR and third party data from our XDR alliance partners,” said Amol Kulkarni, Chief Product and Engineering Officer at CrowdStrike. “All our customers now have ability to activate Falcon Insight XDR. This breaks down siloes which limits what open XDR companies try to do with non-hybrid products.
“XDR needs to create new value-add that are across domains,” Kulkarni added. Each domain does their own detections, but there may be weak signals across domains that may not by themselves create an alert. XDR can combine them and find attacks which individual domains cannot find.”
In addition, CrowdStrike announced an expansion to that number of Alliance partners.
“Cisco, ForgeRock and Fortinet have now joined as XDR alliance partners, and more are coming down the pike every single day,” Kulkarni said. New third-party vendors include Microsoft and Palo Alto Networks.
Falcon Insight XDR enhancements are generally available now for customers. Third-party and first-party integrations will be generally available by fourth quarter fiscal year 2023.
CrowdStrike also announced new CNAPP capabilities for CrowdStrike Cloud Security. These include new CIEM features like one-click remediation testing, and the integration of CrowdStrike Asset Graph, which was announced at RSA.
Kulkarni said that CIEM fights identity-based threats that come from improperly configured cloud entitlements across cloud service providers, like AWS, while Asset Graph provides unprecedented visibility into the attack surface in the cloud across hosts, configurations, identities and applications to stop breaches. The CIEM capabilities also extend to Microsoft Azure as well as AWS.
“This leverages Asset Graph’s power to provide very rich asset visualizations of cloud management,” Kulkarni indicated.
CIEM capabilities and integration of CrowdStrike Asset Graph are generally available now for CrowdStrike Cloud Security customers.
“We are also announcing two new products based on technology from Humio, which we acquired in March 2021,” Kulkarni stated. “Falcon LogScale is the next generation of Humio’s log management. Having effective tools to manage these logs is crucial.”
As part of the Falcon platform, this new module lets organizations to log all their data and get answers in real time and at unprecedented scale. Security teams can search data with sub-second latency to find patterns, and apply powerful analytics to address cybersecurity challenges.
“We are also announcing a fully managed service, Falcon Compete LogScale,” Kulkarni said. Falcon Complete LogScale combines the effectiveness of Falcon LogScale with CrowdStrike’s dedicated team of service professionals that delivers highly personalized log management expertise.
Falcon LogScale and Falcon Complete LogScale are generally available for customers, as part of CrowdStrike’s growing observability portfolio.