At CrowdStrike Fal.Con 2023, CrowdStrike introduced a brand new Falcon Raptor launch with generative-AI capabilities and the acquisition of Bionic.
At CrowdStrike’s annual Fal.Con present in Las Vegas this week, the corporate introduced a sequence of enhancements to its Falcon safety platform, together with a brand new Raptor launch with generative-AI capabilities. The corporate additionally introduced the acquisition of Bionic so as to add cloud utility safety to its portfolio.
Soar to:
What’s new within the Falcon Raptor launch?
CrowdStrike Falcon covers endpoint safety, Prolonged Detection and Response, cloud safety, menace intelligence, identification safety, safety/IT Ops and observability. The brand new Raptor launch provides petabyte-scale, quick knowledge assortment, search and storage to maintain up with generative AI-powered cybersecurity and keep forward of cybercriminals. It’s being rolled out steadily to current CrowdStrike clients starting in September of 2023.
The important thing components of the Raptor launch are:
- Charlotte AI Investigator automates incident creation and investigation, correlates associated context right into a single incident and generates a big language mannequin incident abstract.
- CrowdStrike Endpoint Detection and Response offers clients with entry to native XDR to speed up investigations, thereby including endpoint, identification, cloud and knowledge safety telemetry from throughout the corporate’s platform.
- The XDR Incident Workbench accelerates investigation and response occasions by specializing in incidents relatively than alerts.
“Raptor eliminates safety noise and reduces the time analysts take to chase down incidents,” mentioned Raj Rajamani, head of merchandise at CrowdStrike, once I interviewed him at Fal.Con.
In earlier variations of Falcon, knowledge existed in a number of backends, which elevated the potential of blind spots that could possibly be exploited by hackers. Raptor offers a single knowledge airplane to deliver the information collectively within the CrowdStrike platform.
“There is no such thing as a longer a necessity for safety analysts to go to totally different factors to attempt to correlate CrowdStrike and third-party knowledge, as the whole lot is stitched collectively by Charlotte AI to scale back the time wanted for triage and evaluation,” mentioned Rajamani.
That is achieved by decoupling the information from the compute energy wanted to compile, course of and analyze it. Rajamani mentioned this may take question response occasions down from hours to seconds and bigger queries from days to a couple hours.
Most important rivals to Falcon
As CrowdStrike Falcon consists of a number of modules that broadly handle the safety panorama, it competes on a number of fronts. On the EDR facet, its foremost rivals are Microsoft and SentinelOne. On cloud safety, it strains up in opposition to the likes of Microsoft and Palo Alto Networks. For identification safety, its major competitor might be Microsoft. Rajamani mentioned that CrowdStrike has a bonus over Microsoft and others by way of its capability to construct a unified knowledge airplane utilizing a single agent and console for all security-related knowledge.
“Others resolve components of the safety puzzle however battle to deliver all of it collectively with no 360-degree view,” he mentioned. “The sum of the components is bigger than the entire.”
Extra Falcon-related bulletins
- Falcon Foundry is a no-code app dev platform to unravel customized IT and safety workloads together with scanning for vulnerabilities. Now out there.
- Falcon Information Safety gives coverage enforcement of content material as a substitute of recordsdata to allow customers to guard knowledge because it travels throughout the enterprise and forestall the unauthorized egress of sensitized data. Presently within the beta testing part.
- Falcon for IT offers real-time IT visibility into all system occasions, state and efficiency. Now out there.
- Falcon Publicity Administration offers an inside-out and outside-in view of enterprise threat. Now out there.
Bionic acquisition ought to give CrowdStrike an edge in CNAPP market
The opposite massive announcement at CrowdStrike’s Fal.Con was an settlement to accumulate Utility Safety Posture Administration vendor Bionic. This extends CrowdStrike’s cloud native utility safety platform to ship threat visibility and safety throughout all cloud infrastructure, functions and companies.
The crowded cloud-native software program platform market is led by PingSafe, Aqua Safety, Palo Alto Networks, Orca and lots of others; the addition of ASPM from Bionic ought to give CrowdStrike an edge. ASPM provides app-level visibility to infrastructure, and it solves issues reminiscent of with the ability to detect which functions — even legacy functions — are working throughout the enterprise and what databases and servers these apps are touching. That is achieved with out an agent.
Rajamani likened it to the distinction between an X-ray (CNAPP) and an MRI (ASPM). The addition of Bionic offers CrowdStrike with the flexibility to detect a wider vary of potential points.
“The mixing of Bionic means we are able to enormously cut back the variety of alerts to allow analysts to zero in on those that matter,” mentioned Rajamani. “Consequently, CrowdStrike would be the first cybersecurity firm to ship full code-to-runtime cloud safety from one unified platform.”