Crowdstrike announced a new firewall management module, including other updates to its cloud-native CrowdStrike Falcon platform during its third annual user conference Fal.Con UNITE.
Crowdstrike Falcon Firewall Management
With Falcon Firewall Management Crowdstrike delivers simple, centralized host firewall management. It helps customers in their transition from legacy endpoint suites to CrowdStrike’s next-generation solution. Benefits are comprehensive protection, improved performance and efficiency in managing and enforcing host firewall policies. Falcon Firewall Management offers simple, cross-platform, management of host/OS firewalls from the Falcon console, providing customers with enhanced protection from network threats. It also enables security teams to granularly contain any threat exposure.
Delivered via the single, lightweight agent and cloud-native architecture of Falcon, this module is immediately operational with no additional impact on the host. From initial enablement to ongoing use, customers benefit from 24/7/365 protection.
Falcon Firewall Management benefits for customers:
- Reduced cost and complexity: Eliminates the need for on-premises management infrastructure and complex integrations. Installation and day-to-day operations are deployed without requiring an additional agent with minimal impact on hosts.
- Increased efficiency: Simplifies policy management and increases visibility into endpoint security controls.
Enhanced protection: Strengthens networks against advanced threats by eliminating visibility gaps, as well as complex configuration and management. - Seamless, cloud-based protection: Deploys and is operational within minutes without requiring reboots, fine-tuning, or complex configuration, offering customers peace of mind that they are protected immediately.
Amol Kulkarni, chief product and engineering officer at CrowdStrike said that Crowdstrike will continue to expand CrowdStrike Falcon to provide customers with 'the most comprehensive' cloud-native platform. "Falcon addresses security from a holistic standpoint to not only stop breaches but also eliminate complexity," he said. "The Falcon platform delivers full-spectrum protection while requiring zero integrations or additional deployments, protecting customers from the endpoint to the network. Unlike legacy vendors, CrowdStrike is providing rich functionality with Falcon Firewall Management without a custom firewall implementation. With this new module and other major updates, we are reinforcing that CrowdStrike Falcon remains the only cloud-native, single-agent solution that offers security teams control, visibility, and protection addressing a full range of security, IT management, and operational needs.”
New Crowdstrike platform updates
In addition to announcing Falcon Firewall Management, CrowdStrike also introduces multiple platform updates to increase the efficacy of Falcon. Platform enhancements include:
- Comprehensive visibility with Falcon Spotlight: New functionality includes enhanced reporting on a wide range of applications, such as desktop applications, server software and more. Spotlight will also deliver significant enhancements in reporting, sophisticated visualizations and vulnerability trending, as well as an all-new vulnerability application programming interface (API), unlocking streamlined vulnerability management workflows and risk reduction.
- Extensive container protection via Falcon Insight: CrowdStrike is expanding its endpoint detection and response (EDR) container capabilities by capturing even more detailed container activity and metadata, and providing full visibility into containers with the single lightweight Falcon agent without any deployment on containers. This allows security teams to secure the container workloads without adding any friction to DevOps teams. By incorporating information such as containerID, images, mode, configuration type, etc., Falcon Insight enables and accelerates critical detection, investigation and threat hunting tasks to be performed on containers, even on ephemeral workloads after the container is decommissioned. Falcon supports platforms that conform to the Open Container Initiative (OCI) standard, such as Docker, and works on-premise and on AWS, GCP and Azure.
- Extended application visibility via Falcon Discover: Enhanced application inventory proactively collects information on all installed applications across the enterprise, providing organizations with continuous awareness of software in use. With this information, organizations can identify and eliminate outdated or insecure applications and software that violates local policies, reducing the attack surface and proactively reducing exposure to threats.
- Increased mobile threat detection for Falcon for Mobile: CrowdStrike is expanding Falcon for Mobile, the industry’s first mobile EDR solution, with proactive threat detections. Leveraging Falcon for Mobile’s unprecedented visibility into malicious, unwanted or accidental activity on mobile devices, detections automatically uncover threats such as communication to known malicious servers, high-risk device configurations, unauthorized apps and more.
CrowdStrike Falcon was built as a cloud-native, single-agent solution, to set a new standard in endpoint security. The Falcon platform integrates 11 cloud modules that span multiple capabilities, including endpoint security, security operations and threat intelligence to deliver customers the comprehensive breach protection necessary to thwart today’s sophisticated attacks. CrowdStrike’s approach starts with its lightweight agent that enables frictionless deployment of the platform at scale. The agent enables customers to rapidly adopt technology across any workload running on multiple endpoints, and sends data to the cloud, while retaining local detection and prevention capabilities.
The CrowdStrike Threat Graph® technology processes, correlates, and analyzes over two trillion endpoint-related events per week in real-time and maintains an index of events to stay ahead of future threats. CrowdStrike Threat Graph continuously looks for malicious activity with graph analytics powered by cloud-scale AI, while feeding information to the Falcon platform. This creates a powerful network of crowdsourced intelligence that provides actionable insights to customers. The platform enables intelligent, dynamic automation at scale to detect threats and stop breaches.