February 9, 2022

The Falcon XDR module extendis CrowdStrike’s endpoint detection and response (EDR) capabilities to improve threat visibility across the enterprise, simplify security operations and dramatically speed up response time, containment and remediation of the most sophisticated attacks.

“One of the ways to address the cybersecurity skills gap is to empower security teams to work more effectively,” said Amol Kulkarni, chief product and engineering officer at CrowdStrike. “Falcon XDR helps to address this problem by correlating weak, siloed threat signals into prioritized alerts from a centralized console for security teams to ensure their investigations are meaningful and efficient.”

Falcon XDR enables security teams to:

Unify detection and response security data. Falcon XDR takes third-party data (including network security, email security, web security, cloud security and cloud access security broker [CASB]) from third-party vendors, including CrowdXDR Alliance partners, and correlates it with data from the CrowdStrike Security Cloud to optimize real-time threat detection, investigation, response and hunting.

Get the right answers – fast. Falcon XDR speeds up triage and investigation for security operations center (SOC) analysts and threat hunters by delivering one central console for accurate alert prioritization, flexible search scheduling and detection customization, full attack context and interactive graph visualization.

Turn XDR insight into action. To orchestrate and automate response across security workflows, Falcon Fusion, a security orchestration, automation and response (SOAR) framework, is built natively into the Falcon platform. Security teams can improve SOC and IT efficiencies by building real-time notification and response capabilities, along with customizable triggers based on detection and incident categorizations. Falcon Fusion is free for CrowdStrike customers.

Increase efficiency of SOC operations. Falcon XDR automatically correlates and provides high-quality detection data across the security stack. It dramatically speeds investigation and hunting by providing a common search interface directly from the CrowdStrike Security Cloud.

Improve return on investment (ROI) of existing security investments. Falcon XDR uncovers actionable insights from previously siloed data in disparate, disconnected security products from across the IT stack.

“CrowdStrike have spent years building and refining their detection and response automation capabilities,” said Dave Gruber, principal analyst at Enterprise Strategy Group (ESG). “As market interest in XDR continues to accelerate, CrowdStrike is well-positioned to expand into XDR, capitalizing on their existing, mature and scalable EDR infrastructure, as they invest in new data ingest, analysis and advanced threat detection capabilities required to respond to a more sophisticated threat landscape. CrowdStrike’s alliance-driven XDR strategy should enable them to readily ingest telemetry from a broad range of third-party security solutions into their Security Cloud, offering security teams flexibility in their choice of other core security controls.”