1. CrowdStrike (CRWD) — Fal.Con Highlights
a. New Falcon XDR Module
CrowdStrike announced its new Falcon Extended Detection and Response (XDR) Module. This module serves as an enhancement to its existing endpoint detection and response (EDR) capabilities to extend threat detection and remediation beyond the endpoint. EDR is the core base of this formula, and XDR is the upgrading of EDR.
The XDR module will now be able to stream and ingest data from 3rd parties in real-time, with unmatched scale and for a fraction of the cost of substitutes. Whether its SaaS providers, email data bases or networks, XDR will filter through all of it and select for all relevant pieces of information to ensure the data being used is both complete and appropriate.
This is in large part thanks to Humio’s index-less logging capabilities. That feature solves the structural issue of scaling big data within the XDR environment without jeopardizing efficacy or inundating tech teams with false positives. CrowdStrike thrives on seamless ability to scale its prevention, detection and remediation offerings — Humio deeply adds to that seamless scalability. This increased data ingesting ability will bolster CrowdStrike’s EDR capabilities via a more holistic view of threats and will shorten time to response and remediation as well.
As a reminder, CrowdStrike bought Humio earlier in the year.
As part of the new XDR module, CrowdStrike also announced a new “XDR alliance” for the purpose of collaborating within the world of security to improve efficacy and safety for all stakeholders. ServiceNow, Zscaler and Okta are just a few of the partners in this new alliance which will offer integrated solutions to enhance value propositions for shared customers.
- Example of XDR in action: Suppose we have a suspicious AWS login coinciding with a related, subsequent email login. XDR’s 3rd party integrations enable it to connect these dots across ALL partner ecosystems to flag potentially harmful behavior more expediently — and all within the cloud.
Again, XDR is about extending threat detection to every single part of the security stack. By partnering with world-class entities existing within different niches of that stack, CrowdStrike is able to onboard a bevy of new and usable data to broaden its reach of threat detection and to deliver more actionable insights wherever a threat may be uncovered.
While CEO George Kurtz did not name any security vendors by name in his keynote, he did ferociously rip into other next-generation XDR solutions. According to Kurtz, other XDR offerings are simply re-branded EDR to use as a marketing ploy. I’m assuming (pretty safe assumption) that he’s referring to SentinelOne.
It’s not enough to simply add more data intake sources to an existing EDR platform like substitutes have done. False positives are already common enough within EDR and redundantly or irrelevantly adding more information to already cluttered applications does not work. The new data sources need to be the right data sources as well as easily contextualized, sorted and fed into an effective algorithm. This is what CrowdStrike’s XDR product and alliance will bring to the table.
“What many XDR vendors are doing is simply making the security problem worse by flooding teams with even more data and complexity. Taking the same failed approach of yesterday will not help customers against today’s adversary.” — CrowdStrike CEO George Kurtz
“Some in the industry are simply glomming on to the acronym for marketing purposes... We are actually building upon our XDR with enrichment from other data sources for cybersecurity use cases and perhaps down the road use cases beyond cybersecurity.” — CrowdStrike VP of Intelligence Adam Meyers
With Humio’s log management capabilities at CrowdStrike’s side and Meyer’s acclimation of potentially moving “beyond cybersecurity”, I can’t help but think CrowdStrike plans to move further into Datadog’s observability niche. We shall see.
Interestingly, CrowdStrike also announced Falcon Fusion which will be integrated into this module and all other Falcon modules at no added cost. The upgrade allows for each customer to customize their own remediation and prevention plans in a low-code manner that’s accessible to anyone. The customer can then take these plans and create automated, scalable work flows. It also uses these crafted plans to granularly build alert systems for each client based on which events are most relevant to their operations.
The less mundane tasks a workforce is having to manually conduct, the more productive they will generally be.
“One of the pain points from customers is the rigidity of security stacks. 71% of CrowdStrike clients report difficulty integrating various pieces of their security stacks. 80% claim alert fatigue (false positives) as a real issue. Fusion simplifies workflows at scale and quickens time to remediation. Fusion works for you, not the other way around.” — CrowdStrike Chief Product Officer Amol Kulkarni
b. “ExPRT.AI” Feature Added to Falcon Spotlight
ExPRT.AI leverages the power of CrowdStrike’s centralized, AI-powered threat graph to automate the ranking and sorting of threats most relevant to each specific client. Alerts are customized and prioritized based on this ranking system to further combat the common issue of too many false positives.
c. George Kurtz on CrowdStrike’s “Think Week”
Each year, CrowdStrike dedicates a week to allowing its employees to present new ideas and innovations to CrowdStrike’s executives. The ideas are ranked with the best receiving prizes. Interestingly, several of CrowdStrike’s modules from the Falcon platform have actually come from Think Week pitches.
This functions somewhat similarly to the venture capital-style incubators within blue-chip companies like Goldman Sachs, Boeing and many more. The practice keeps trends and potential new innovations in-house rather than CrowdStrike finding itself competing with them down the road.
Think week follows a theme of Kurtz being fixated of optimizing workplace culture. To give an idea of his dedication, he flies every new employee in to California for a week of training that he himself participates in.
d. Quote from Angelo Comazetto — Principal at the AWS Office of CISO (Chief Information Security Office)
“AWS is a CrowdStrike partner and customer because it allows our people to do their jobs without having to worry about permissions and vulnerabilities. CrowdStrike solves all of the problems we have with the issues coming from employees not always working in an office. I’m excited for continued momentum between Amazon and CrowdStrike.”
e. Quotes from Jim Alkove — Chief Trust Officer at Salesforce.com — on Why it Picked CrowdStrike
“It all comes down to trust. We’re picking technology to help us protect endpoints on-premise and everywhere [those endpoints] may be. We need a solution that meets those needs today and scales over time. Ability to continue to scale is super important to us.”
“I was very happy with our ability to rapidly deploy CrowdStrike. It was a much smoother process than I anticipated it being.”