CrowdStrike Delivers New Capabilities to Improve Security Operations and Accelerate Response to Modern Threats

Advanced notification workflows and real-time response capabilities boost speed of detection, investigation and response 

SUNNYVALE, Calif. – March 4, 2021 – CrowdStrike, a leader in cloud-delivered endpoint and workload protection, today announced enhancements to the CrowdStrike Falcon® platform that significantly improve Security Operations Center (SOC) efficiency and effectiveness, allowing security teams to focus on critical priorities and fortify their organizations’ proactive stance against cyber threats.

CrowdStrike customers can accelerate their security operational response with new notification workflows and Real Time Response (RTR) capabilities within the CrowdStrike Falcon platform, automating full-cycle incident response. These advancements are complemented by new user interface (UI) enhancements that let analysts visualize the relationship between detections and incidents, allowing them to update an incident and its associated detections at the same time. The new capabilities help SOCs to optimize their operations to meet CrowdStrike’s 1/10/60 response rule, prescribing one minute for security teams to detect an attack, 10 minutes to understand it and 60 minutes to contain it.

“Security teams today are overwhelmed by the expanded attack volume, disparate alert notifications and complex security workflows,” said Patrick McCormack, senior vice president of Cloud Engineering at CrowdStrike. “CrowdStrike has always focused on improving the efficacy and speed of security operations. These new capabilities enable teams to orient more quickly to the detections and incidents that matter and to handle known situations with automation, reducing workload overhead and alert fatigue. The right teams now get the right information via the right tools with less distractions for faster and more focused triage and response.”

The new CrowdStrike UI enhancements move the SOC workflow to a proactive incident-based workflow by allowing customers to view, assign, update the status of and comment on related detections. Customers can streamline their SOC operations with the new CrowdStrike Falcon notification workflows that provide automated real-time notifications tailored to specific types of events, conditions and cloud security posture findings and then be seamlessly delivered via email, generic webhooks or through Slack and PagerDuty integrations.

The power of CrowdStrike’s cloud-native and single-agent architecture means that customers can use the RTR framework through CrowdStrike Store apps without needing to update agents or deploy and configure new software to automate response actions. CrowdStrike customers can now deploy automated security, response and vulnerability remediation playbooks from CrowdStrike Store partners, such as the recently launched Tines and Vulcan Cyber, to leverage detections and incidents from the Falcon platform, and bring speed, consistency and scale to distributed SOC teams.

New capabilities: 

  • Accelerate response with customized workflows: Teams can streamline incident response by configuring custom actions and notifications, based on events, triggers and thresholds, resulting in reduced mean time to respond and remediate threat detections.
  • Augment your staff by automating the mundane and repetitive tasks: Security teams can automate repetitive manual tasks with consistent workflows, enhance productivity applications to enable faster context and response or automate mitigation actions – ultimately protecting business-critical assets from fast-moving threats.
  • Enhance investigation user experience: Analysts can quickly visualize and identify individual detections as being a part of an incident, streamline team assignments and quickly contain all impacted hosts – including those impacted by lateral movement – with a single click.

Attend CrowdStrike’s CrowdCast on March 16 at 11 a.m. PST to learn how to leverage and streamline your security operations with the Falcon platform and hear from our partners.

Forward-Looking Statements
This press release contains forward-looking statements that involve risks and uncertainties, including statements regarding benefits security teams may receive from new CrowdStrike Falcon capabilities. There are a significant number of factors that could cause actual results to differ materially from statements made in this press release.

You should not rely on these forward-looking statements, as actual outcomes and results may differ materially from those contemplated by these forward-looking statements as a result of such risks and uncertainties. All forward-looking statements in this press release are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.

About CrowdStrike
CrowdStrike, a global cybersecurity leader, is redefining security for the cloud era with an endpoint and workload protection platform built from the ground up to stop breaches. The CrowdStrike Falcon® platform’s single lightweight-agent architecture leverages cloud-scale artificial intelligence (AI) and offers real-time protection and visibility across the enterprise, preventing attacks on endpoints and workloads on or off the network. Powered by the proprietary CrowdStrike Threat Graph®, CrowdStrike Falcon correlates 5 trillion endpoint-related events per week in real time from across the globe, fueling one of the world’s most advanced data platforms for security.

With CrowdStrike, customers benefit from better protection, better performance and immediate time-to-value delivered by the cloud-native Falcon platform.

There’s only one thing to remember about CrowdStrike: We stop breaches.

Qualifying organizations can gain full access to Falcon Prevent™ by starting a free trial.

SOURCE: CrowdStrike