Market Overview

CrowdStrike Expands Its Endpoint Protection Platform with New Device Control Module and Support for Docker Containers


Endpoint protection leader announces critical new features and
modules expanding the Falcon platform

, the leader in cloud-delivered endpoint protection, today
announced new features and capabilities expanding the scope of the
CrowdStrike Falcon platform as the most comprehensive endpoint
protection solution available to customers. CrowdStrike released a new
device control module to enable visibility and control into removable
media activity, a critical functionality for organizations looking to
replace their legacy antivirus with next-generation endpoint protection.
Additionally, CrowdStrike has announced a new critical feature to secure
Docker container environments and the adoption of MITRE's Adversarial
Tactics, Techniques, and Common Knowledge (ATT&CK) Framework.

"The Falcon Platform continues to revolutionize the endpoint security
industry as the most innovative cloud-native solution," said Amol
Kulkarni, chief product officer of CrowdStrike. "Today, we are
announcing multiple critical feature enhancements to offer our customers
increased visibility, control and threat prevention for various evolving
attack vectors, all delivered from a single lightweight agent and
managed through a single console."

Falcon Device Control

USB devices are widely used but they can cause serious security risks,
from carrying malware and exploits, to leaking data outside of an
environment. Falcon
Device Control™
enables the safe utilization of USB devices across
organizations by uniquely providing both extensive visibility and
granular control over those devices. It offers security and IT
operations teams full understanding into how devices are being used and
the ability to precisely control and manage that usage. Seamlessly
integrated into the Falcon agent, it provides unparalleled device
control efficiency paired with full endpoint detection and response
(EDR) capabilities.

Customers using Falcon Device Control have unprecedented visibility into
detailed device information and history, increased control on mass
storage devices, and greater context into host activity to see what's
happening in environments. This offers administrators the ability to
implement insightful controls to protect critical data.

Securing Docker Containers

Organizations are increasingly adopting container technology such as
Docker in their data centers, to help drive efficiency and agility. As
they do so, a new attack surface has emerged that lacks visibility.
Existing point solutions can be cumbersome to deploy and monitor, and
require additional agents and infrastructure for organizations to

CrowdStrike is extending the protection of Falcon
to introduce compatibility with Docker, ensuring deep
visibility and protection across this emerging critical platform. With
this new capability, the Falcon Agent extends visibility to cover not
only Windows, Mac, and Linux endpoints, but also threats within Docker
containers. By leveraging artificial intelligence (AI) and advanced
analytics to detect and respond to threats within Docker containers,
Falcon Insight closes a critical security gap for enterprises —
requiring no additional infrastructure, maintenance, or cost.
CrowdStrike's cloud-native platform provides the industry's broadest
protection, covering both desktops and data centers, with a single
agent, single console and no on-premise infrastructure.

Adopting the MITRE Adversarial Tactics, Techniques, and Common
Knowledge (ATT&CK) Framework

Alerts and detections in the CrowdStrike
platform now map to MITRE's Adversarial Tactics, Techniques,
and Common Knowledge (ATT&CK) Framework. MITRE ATT&CK is an independent
industry standard that categorizes attackers' behavior into the
objectives, the tactics and the techniques that they employ and is based
on millions of observed real-life attacks.

The adoption of the MITRE framework in Falcon's detections accelerates
alert triage and shortens incident analysis time. It allows security
analysts and incident responders to immediately grasp the impact and
risks associated with alerts, instantly see which stage of the attack
the adversary is on, and quickly answer key questions.

Previously, CrowdStrike Falcon was validated for its successful
completion of an evaluation by MITRE's
Leveraging External Transformational Solutions (LETS) program
in its
ability to detect attack techniques employed by GOTHIC PANDA (also known
as APT3), a sophisticated adversary with ties to the Chinese government.
CrowdStrike continues to openly submit to third-party tests, as these
validate CrowdStrike's technology capabilities and provide an
opportunity to work with current and prospective customers to ensure
they are receiving the most comprehensive protection possible.

There is no shortage of third-party validation for the CrowdStrike
Falcon platform. Recently, CrowdStrike was positioned highest for its
ability to execute and furthest to the right for its completeness of
vision in the Visionaries quadrant in Gartner's
2018 Magic Quadrant for Endpoint Protection Platforms
In addition, Forrester Research, Inc. named CrowdStrike as a Leader in The
Forrester Wave™: Endpoint Security Suites, Q2 2018 report

For more, read
a blog
discussing the importance of these new modules and the
adoption of MITRE framework.

About CrowdStrike®

CrowdStrike is the leader in cloud-delivered endpoint protection.
Leveraging artificial intelligence (AI), the CrowdStrike Falcon®
platform offers instant visibility and protection across the enterprise
and prevents attacks on endpoints on or off the network. CrowdStrike
Falcon deploys in minutes to deliver actionable intelligence and
real-time protection from Day One. It seamlessly unifies next-generation
AV with best-in-class endpoint detection and response, backed by 24/7
managed hunting. Its cloud infrastructure and single-agent architecture
take away complexity and add scalability, manageability, and speed.

CrowdStrike Falcon protects customers against all cyber attack types,
using sophisticated signatureless AI and Indicator-of-Attack (IOA) based
threat prevention to stop known and unknown threats in real time.
Powered by the CrowdStrike Threat Graph™, Falcon instantly correlates
over 150 billion security events a day from across the globe to
immediately prevent and detect threats.

There's much more to the story of how Falcon has redefined endpoint
protection but there's only one thing to remember about CrowdStrike: We
stop breaches.

You can gain full access to Falcon Prevent™ by starting your free

Learn more:
us: Blog
| Twitter

© 2018 CrowdStrike, Inc. All rights reserved. CrowdStrike®, CrowdStrike
Falcon®, CrowdStrike Threat Graph™, CrowdStrike Falcon Prevent™, Falcon
Prevent™, CrowdStrike Falcon Insight™, Falcon Insight™, CrowdStrike
Falcon Discover™, Falcon Discover™, CrowdStrike Falcon Intelligence™,
Falcon Intelligence™, CrowdStrike Falcon DNS™, Falcon DNS™, CrowdStrike
Falcon OverWatch™, Falcon OverWatch™, CrowdStrike Falcon Spotlight™ and
Falcon Spotlight™ are among the trademarks of CrowdStrike, Inc. Other
brands may be third-party trademarks.

1 Gartner "Magic Quadrant for Endpoint Protection Platforms"
Ian McShane, Avivah Litan, Eric Ouellet, Prateek Bhajanka, 24 January
2 The Forrester Wave™: Endpoint Security Suites,
Q2 2018 by Chris Sherman, Salvatore Schiano with Christopher McClean,
Madeline Cyr, Peggy Dostie

View Comments and Join the Discussion!