Endpoint Security Series: CrowdStrike

This article is a continuation of our Endpoint Security Series, following the introductory article that laid out the current threat landscape and different approaches to endpoint security. For the remainder of the series, we’ll be talking about specific solutions that organizations can use to improve their endpoint security.

We’ll be kicking off the solution deep dives with CrowdStrike.

CrowdStrike’s Falcon platform is a market leading Endpoint Protection plus Detection and Response architecture. In addition to their Falcon software, they also boast one of the best threat hunting teams in the business with their Overwatch Team.

CrowdStrike was founded in 2011 and went public in mid-2019. Many were first introduced to CrowdStrike during the 2016 elections when CrowdStrike played a central role in investigations into the DNC server hack. Since then, they have become one of the first solutions companies consider when looking to improve their endpoint protection and regularly appear among the Leaders in Gartner’s magic quadrant.

CrowdStrike is considered a leader in the endpoint security space due to their breadth of portfolio, experience, and effectiveness of their platform. All the endpoints are managed through a single cloud based or on-premises portal. The Falcon agent is a lightweight kernel level application that uses very little system resources. The EDR feature set captures events and related information to provide granular detail and context to their proactive threat hunting team. The Falcon agent does not require an active connection to a server or the cloud to protect the endpoint. Unlike some competitors, CrowdStrike doesn’t rely on signatures or file hashes to identify threats on endpoints. CrowdStrike employs AI, sandbox analysis, manual threat hunting and more to provide comprehensive security and protection against both known and unknown threats or malware.

Crowdstrike uses a single software agent on endpoints to deploy their various security modules. There are four flavors of the Falcon platform:

  • Falcon Pro can be looked at as a legacy Antivirus replacement that can be spruced up with optional modules including Falcon X Threat Intelligence, USB control, and host firewall management
  • Falcon Enterprise includes the components of Falcon Pro but layers in their Falcon Insight EDR and an optional threat hunting module
  • Falcon Premium includes the base features of Pro and Enterprise as well as Falcon Discover, which ties in application and account monitoring to strengthen endpoint security posture
  • Falcon Complete delivers all their best in breed modules as a fully managed service

The first three tiers (Falcon Pro, Enterprise, & Premium) also have an option for incident response and proactive services).

There is a reason CrowdStrike has risen from the Gartner Visionaries quadrant into the Leaders Quadrant over the past few years and why Forrester awarded CrowdStrike with the highest possible score in 11 of the 14 categories they evaluate. They continue to aggressively invest in their platform and grow their feature set while improving their already top of the class EPP and EDR abilities. Finally, CrowdStrike boasts a one-million-dollar breach prevention warranty if you utilize the fully managed Falcon Complete product. CrowdStrike Falcon and all the available modules is a complete endpoint security solution that will make any CISO sleep better at night.

CrowdStrike’s Overwatch threat hunting team released their 2020 Threat Hunting Report in mid-September revealing their findings from the first half of 2020. They uncovered a few trends in 2020 that impact all of us. First, eCrime activity has continued to grow exponentially currently making up over 80% of attacks. They also point out that this doesn’t mean nation-state sponsored attacks are decreasing, just that eCrime activity is growing. This is due to the success of recent ransomware attacks and the broadened attack surfaces that the COVID-19 pandemic has brought about. Another threat trend that was called out is that attacks against manufacturing, healthcare, and food/beverage companies has sharply increased. This is likely because they are essential industries that are heavily relied on during this pandemic.

In September of 2020, CrowdStrike acquired Preempt Security to bolster their Falcon platform by adding Preempt’s analytics, zero trust, and conditional access technologies. Crowdstrike CEO, George Kuntz, explained that the Preempt acquisition “will provide enhanced protection against identity-based attacks and insider threats”.

Next week, we’ll continue the series with an in-depth look into another leading security solution from Palo Alto Networks. Check back to learn about a solution that empowers users to collect data from the network, cloud firewalls and identity sources, endpoints, and VPN connections for security where it matters most!

About the Author: These posts are written by Jeff Schaefer, a Security Engineer at Vandis with extensive experience in endpoint security. Jeff has been in the IT industry for almost 20 years, familiarizing himself in all areas of infrastructure before focusing on security solutions.  Recently, Jeff has spent a great deal of time talking with technology manufacturers and doing independent research to give effective guidance to organizations around endpoint security strategies and initiatives.