8 Hot New CrowdStrike Features Unveiled At Fal.Con UNITE 2019
From revolutionary user interfaces to facilitating metered billing to managing Windows Firewall, here’s a look at eight of the most interesting CrowdStrike features debuting at Fal.Con UNITE 2019.
Fly Falcon Fly
CrowdStrike’s first platform release since the company’s massive $612 million IPO in June will occur this week at the company’s Fal.Con UNITE 2019 conference, which is expected to bring 1,400 customers and partners to San Diego, Calif.
Delivering security in a cloud-native platform like CrowdStrike makes it possible to continually add functionality without increasing the bloat or complexity, said Vice President of Product Marketing Dan Larson. Regardless of the new capabilities added, CrowdStrike’s agent still only takes us a minimal space on the user’s hard drive, is invisible to end users, and doesn’t require any complex integrations.
One big theme at this year Fal.Con UNITE is making it faster and easier to protect cloud workloads through metered billings on Amazon Web Services as well as better support for cloud container on CrowdStrike’s flagship endpoint detection and response (EDR) product, Larson said.
From streamlining vulnerability management to facilitating metered billing on AWS to simplifying the management of Windows firewalls, here’s a look at 10 of the most interesting CrowdStrike features at Fal.Con UNITE 2019.
8. CrowdScore Beta
CrowdScore overhauls CrowdStrike’s user interface to solve alert fatigue and give organizations a single metric that indicates the threat level currently faced by their environment similar to DEFCON for the U.S. military, Larson said. The multi-year undertaking was first revealed at Black Hat 2019 in August, and a beta offering will be made available to all existing CrowdStrike customers Tuesday, he said.
The tool will make it possible for analysts to stop dealing with a mountain of alerts and instead aggregate up to the most significant incidents, Larson said. As a result, Larson said companies could find themselves dealing with 50 incidents in a day rather than 21,000.
“This will change the way customers use our product on a day-to-day basis,” Larson said.
7. Application Visibility On Falcon Discover
Customers typically buy Falcon Discover for license management so they can ascertain who’s using an application as well as the learn more about the users and devices themselves, Larson said. CrowdStrike has enhanced the application inventory feature on Falcon Discover so that businesses can determine not only if an application has been installed but also if the user is actually using the application, he said.
This will make it possible for organizations to save money and enhance security by uninstalling inactive applications from a user’s device and renegotiating how many licenses they actually need from the vendor, according to Larson. As a result, Larson said organizations will both improve their IT hygiene as well as optimize their expenditures and decision-making process around software licenses.
6. Container Support On Falcon Insight
CrowdStrike’s core Falcon Insight Endpoint Detection and Response (EDR) product will now provide full runtime protection for both cloud instance as well as the containers running on them, Larson said. This means that customers looking to safeguard Docker or cloud workloads will no longer have to buy a separate product, according to Larson.
As Falcon Insight pulls more container attributes, Larson said customers will find it easier to ascertain the specific number of containers in their environment, where they’re located, who’s using them, and what specific work they’re doing. The major update to container support is expected to help clients as they move into a multi-cloud or hybrid data center environment, according to Larson.
All told, Larson said the enhancements will make containers first-class citizens in CrowdStrike’s flagship product.
5. Threat Detection On Falcon For Mobile
CrowdStrike launched Falcon for Mobile in 2018 as the first EDR offering for iOS and Android devices, Larson said. The vendor typically takes a third-phased approach to launching products, with the first phase – which began last year with Falcon for Mobile – focused on visibility functions such as threat hunting, conducting investigations, and searching for data across devices, according to Larson.
Falcon for Mobile has now advanced to the second phase centered around detection, which Larson said is dedicated to automatically identifying and surfacing threat activity and throwing an alert into the user interface. These detections can automatically uncover threats such as communication with known malicious servers, high risk device configurations, and unauthorized apps, CrowdStrike said.
The third and final phase of the product launch cycle will be dedicated to prevention, Larson said. Falcon for Mobile has now matured to the point where CrowdStrike’s flagship EDR product was roughly two or three years ago, according to Larson.
4. Deeper Visibility On Falcon Spotlight
A major update to CrowdStrike’s Falcon Spotlight vulnerability management offering will increase the number of applications for which CrowdStrike can report vulnerabilities as well as a brand new and massively improved user interface, Larson said. The tool relies on real-time data collection from CrowdStrike’s EDR product and doesn’t require users to kick off a separate scan, according to Larson.
The user interface enhancements will make it easier for customers to comprehend the data they’re seeing and determine what’s critical and who has exposure by providing them with better filtering options, Larson said. CrowdStrike also fast-tracked building automated workloads and getting an API out so that Falcon Spotlight can play nicely with others, according to Larson.
Customers have long been asking CrowdStrike for an API around Falcon Spotlight since vulnerability management is typically a multi-vendor equation for them, Larson said. All told, Larson said the enhancements should make it easier for partners to capitalize on the pent-up demand for scanless vulnerability management.
3. New CrowdStrike Store Apps
CrowdStrike launched a store for third-party applications at the March 2019 RSA Conference, and will go from having three applications in the store today to nine applications in the store a couple of months from now, Larson said. The CrowdStrike store seeks to make it easier for customers to use third-party tools without having to deploy additional agents or even use a second management console, he said.
Adding Automox – which Larson described as a ‘cloud-native Tanium’ – to the CrowdStrike store will allow customers to go beyond vulnerability management and do patch management. For companies that prefer or are required to do application whitelisting rather than relying on CrowdStrike’s analytics to identify bad behavior, Larson said the company now has Airlock Digital in its store.
Organizations will soon be able to access RiskIQ from the CrowdStrike store to reduce their attack surface, as well as the deception technology offered by Acalvio, Larson said. And the vulnerability risk prioritization technology provided by NopSec is a great way to view the data generated by CrowdStrike through a different lens and determine if there are vulnerable systems in the environment, he said.
Finally, CrowdStrike expanded its user and entity behavior analytics (UEBA) store options beyond Interset (now part of Micro Focus) to include longtime partner Exabeam, which will operate using data collected by CrowdStrike’s technology.
2. Falcon For Amazon Web Services
Falcon for Amazon Web Services is the first step of CrowdStrike’s concerted push into the cloud workload protection market, which is expected to eventually encompass the other public cloud providers as well, Larson said. The main thing customers want on AWS today is a metered pay-as-you-go consumption-based billing rather than the annual subscriptions offered by CrowdStrike today, he said.
Having Falcon for AWS in the AWS marketplace will make it easier for customers to buy thanks to AWS credits as well as enterprise discount programs, Larson said. CrowdStrike has had some presence in AWS since launching Discover for AWS in summer 2018, which Larson said pops up every single thing a customer has in AWS and indicates which of those things are protected.
Performance is usually the biggest challenge around security in the data center, with the personnel responsible for uptime and efficiency in the data center hating the speed impact of traditional anti-virus products. But because CrowdStrike’s sensor is so lightweight, he said customers using the Falcon sensor on their system will get the same level of protection as provided by peers without slowing servers down.
1. Falcon Firewall Management
Falcon Firewall Management allows customers to use CrowdStrike’s sensor to manage the Windows firewall, which – like the device control offering launched by CrowdStrike in 2018 – will make it easier for customers to cancel their subscription for a legacy anti-virus suite, Larson said.
An endpoint firewall is often mandatory from a compliance perspective, Larson said, and having Falcon Firewall Management will make it easier for CrowdStrike to win deals against legacy suites as well as next-generation vendors with firewall management capabilities like SentinelOne. Windows Firewall is difficult to manage natively due to the collection of tools required based on the OS in use, Larson said.
But CrowdStrike is the ideal management architecture for Windows Firewall since it’s cloud-native, allows for policies to the applied to a group, and doesn’t have an endpoint agent slowing it down, Larson said. Customers can assign policies to systems via Falcon Firewall Management based on the tags or attributes of systems by simply ticking boxes on a policy screen, according to Larson.