CrowdStrike’s platform plan at Fal.con melds security and observability

Cybersecurity platforms need to do a better job closing the data gaps between IT and security to deliver on their potential to drive growth. CrowdStrike is up for that challenge, as their many announcements at Fal.con 2022 prove.

“Adding security should be a business enabler. It should be something that adds to your business resiliency, and it should be something that helps protect the productivity gains of digital transformation,” said George Kurtz, CrowdStrike’s cofounder and CEO, during his keynote address at the conference. 

Kurtz continued, saying the company is “leveraging security to turn it into the center of your digital transformation. And protecting your productivity and your future” is a core focus of the company going forward. 

Workload protection, identity-threat protection and the company’s continued emphasis on data dominated the keynote.

“Eighty percent of the attacks, or the compromises that we see, use some sort of some form of identity, credential theft,” Kurtz said. 

He also announced that CrowdStrike is acquiring Reposify and making strategic investments in Salt Security and Vanta through CrowdStrike’s strategic investment vehicle, Falcon Fund.

“Reposify scans the internet daily for exposed assets, enables enterprises to have visibility over these exposed assets and take action to remediate,” Kurtz said.

Additionally, he explained that Reposify’s best-in-class scanning engine would enhance CrowdStrike’s capabilities across the Falcon platform and strengthen the core areas of EASM, Falcon Discover, Falcon Spotlight, Falcon Horizon and Threat Intelligence.    

CrowdStrike CEO: Security and observability need to converge 

CrowdStrike intends to lead the industry in merging security and data, threat intelligence and telemetry. During the keynote, Kurtz explained how Falcon LogScale and Falcon Complete LogScale, two new products announced at Fal.con, are designed to provide real-time observability, actionable insights, search data with sub-second latency and telemetry data for the CrowdStrike Threat Graph and Asset Graph tools.   

“When we think about driving this convergence, and of security and observability, it really is about secops and ITops coming together.” Kurtz said. “And … if we can ingest at scale, we’re going to provide rich information for not only the security team, but also the IT team,” he said.

Kurtz’s keynote defined the company’s vision predicated on its core strengths of endpoint security, cloud security, threat intelligence and identity protection, integrating ITops and secops with observability. He said the company is focused on democratizing extended detection and response (XDR) for all Falcon platform customers by building on those strengths. 

“We’re really excited that we can democratize XDR for all of our customers. So if you’re a Falcon platform user, and you have Insight, obviously there’s some licensing add-ons that will be part of that to move to XDR to pull in and ingest data. But we will make that available to you through the sales organization. But we’re really excited about what we’re doing in XDR,” he said.

XDR delivers data normalization and is now a layer in the Falcon platform tech stack. 

CrowdStrike’s announcements at Fal.con 2022 reflect how they’re focused on closing data gaps between ITops and secops, expanding their ecosystem, and providing CISOs with more options to achieve greater app and services consolidation. Image source: CrowdStrike.

CrowdStrike devops is in overdrive  

Other noteworthy announcements at Fal.con 2022 show how well the CrowdStrike devops and threat hunter teams collaborate and work toward common design goals to extend their platform. 

In an interview with VentureBeat, Amol Kulkarni, chief product and engineering officer at CrowdStrike, said, “If you have the core infrastructure in the right place, then you can iterate rapidly and build out products much faster because the baseline is there. The second part there is that we have this notion of collect once and use multiple times. So, what that is based on is collecting all the telemetry in the security cloud and then put additional analytics on top for different scenarios. So, that gives us that velocity.”

Expanded loud-native application protection platform (CNAPP) capabilities

One of CrowdStrike’s most ambitious projects has been adding new CNAPP capabilities for CrowdStrike Cloud Security, while also including new cloud infrastructure entitlement management (CIEM) features and the integration of CrowdStrike Asset Graph.

Scott Fanning, senior director of product management, cloud security at CrowdStrike, told VentureBeat that their approach to CIEM enables organizations to detect and prevent identity-based threats from improperly configured cloud entitlements across public cloud service providers. They do this by enforcing least-privileged access to clouds and provide continuous detection and remediation of identity threats.   

Kulkarni’s keynote briefly demonstrated how CrowdStrike Asset Graph provides cloud-asset visualization and how CIEM and CNAPP can help see and secure cloud identities and entitlements. Kulkarni said the goal is to optimize cloud implementations and perform real-time point queries for rapid response. He also said combining the Asset Graph with CIEM enables broader analytical queries for asset management and security posture optimization. Finally, he demonstrated how the CrowdStrike Threat Graph provides full visibility of attacks and automatically prevents threats in real time across CrowdStrike’s global customer base.

CrowdStrike’s Asset Graph helps provide 360-degree visibility into an enterprise’s assets and their interdependencies across hosts, configurations, identities and applications.

Falcon Insight is now Falcon Insight XDR, enabling native and hybrid XDR for all customers

Kurtz defined XDR during his keynote, saying it is “built on the foundation of endpoint detection and response (EDR), XDR extends enterprise-wide visibility across all key security domains (native and third-party) to speed and simplify near real-time detection, investigation and response for the most sophisticated attacks.” He also mentioned that the goal is for Falcon Insight XDR to provide all customers the opportunity to leverage the power of native and hybrid XDR as a fundamental platform capability, with no disruption to existing EDR capabilities or workflows. 

CrowdStrike supports third-party telemetry from CrowdXDR Alliance partners, including Cisco, ForgeRock and Fortinet. Also supported are third-party vendors, including Microsoft (for Microsoft 365 and Azure Active Directory) and Palo Alto Networks. Falcon Insight XDR also integrates with Zscaler Zero Trust Exchange to drive response actions from XDR detections or via automated Falcon Fusion (SOAR) workflows.

Falcon platform customers who have Falcon Insight XDR and Falcon Cloud Workload Protection, Falcon Identity Threat Protection and/or Falcon for Mobile (EDR) can add the native XDR connector pack, which will be available to ensure all CrowdStrike customers can leverage the platform’s native XDR capabilities.

CrowdStrike’s vision for the future of XDR capitalizes on its core strengths of interpreting and acting on real-time telemetry to detect and stop breaches while providing an integrated response across the Falcon platform.

Falcon Discover for IoT targets security gaps in and between industrial control systems (ICS)

The world’s critical infrastructure for water, power, oil and gas production and process manufacturing run on ICS systems that weren’t designed for security. As a result, ICS systems and the infrastructure facilities they support are among the most porous and poorly protected today. 

Kulkarni told VentureBeat that Falcon Discover for IoT is designed to provide comprehensive visibility and continuous risk assessment across IoT and operations technology (OT) inventory.

“While visibility in an organization’s environment is important, just defining what’s present doesn’t solve the problem,” said Kulkarni. “Organizations need a security platform that can provide deep visibility into cross-domain data and an understanding of their attack surface in order to make the most informed, risk-based decisions – resulting in a more predictive and proactive security posture. With CrowdStrike driving the convergence of security and observability with the Falcon platform, organizations can do more with their data and bridge the gap between OT and IT environments, as well as IT and security operations.”

Kulkarni also provided a demonstration of Falcon Discover for IoT during his keynote. Consistent with Kurtz’s keynote emphasizing greater convergence of IT and security, the Falcon Discover for IoT demo showed how intuitively customers could improve IT/OT convergence with a centralized and up-to-date inventory of all IT, OT and IoT assets. In addition, support for advanced behavioral analytics helps identify and mitigate potential risks associated with connected devices. There’s also real-time asset monitoring and 360-degree visibility of IT and OT environments that identify legacy systems and can pinpoint blind spots across networks.

Falcon Discover for IoT provides real-time asset monitoring across IT and OT environments, helping to identify blind spots while also detecting intrusion and breach attempts with advanced behavioral analytics.

A call for more cyberdefenders 

“I always like to leave people with that sense of obligation that we are on the front lines; if there is a modern war that impacts the nation where you’re from, you’re going to find yourself in a room during that that conflict, figuring out how to best protect your nation,” Kevin Mandia, CEO of Mandiant, said during a fireside chat with Kurtz. “I’ve been amazed at the ingenuity when someone has six months to plan their attack on your company. So, always be vigilant,” Mandia continued. 

CrowdStrike’s rapid pace of development, spanning multicloud security with CNAPP to the new Asset Graph, shows how their devops team has turned iterative development into a competitive advantage. In addition, the Falcon platform has proved to be an innovation catalyst that can quickly span the fast-changing customer requirements of devops and threat hunting.