CrowdStrike announces major build-out of its Falcon product suite

Cloud-native security firm CrowdStrike has announced a re-architected release of its Falcon platform, dubbed Falcon Raptor. The next-generation product adds generative AI-powered incident investigation capabilities and extended detection and response (XDR) features. The Raptor release, according to CrowdStrike, can work at “petabyte scale” with faster data collection, search, and storage.

Also introduced was Falcon Foundry, which CrowdStrike calls “the cybersecurity industry’s first no-code application development platform.” Foundry provides the ability to quickly build no-code apps with full access to data and threat intelligence across the Falcon platform, the company claims.

Finally, CrowdStrike announced enhancements to its unified Falcon platform that target data protection, exposure management, and IT automation.

What’s new in the CrowdStrike Falcon Raptor release

The Raptor release adds the following components to the Falcon platform:

• Charlotte AI Investigator: This new AI-powered tool automates incident creation and investigation. According to CrowdStrike, it can automatically correlate related context from a “seed” of information into a single incident. From there it generates an incident summary for security analysts.
• XDR for All: This component essentially upgrades CrowdStrike EDR customers to native XDR for faster investigations.
• XDR Incident Workbench: CrowdStrike characterizes this feature as a “re-imagined and lightning-fast user experience for EDR/XDR” to speed up investigation and response times.
• Collaborative Incident Command Center: This feature provides a “unified source of truth” for security analysts to work incidents in real-time from any location, according to the company.

Crowdstrike also promises faster searches on large data sets with sub-second latency to identify adversaries and risks more quickly. The company will roll out the Raptor release to all current CrowdStrike customers starting this month and extending over the next year.

Secure no-code application development with Falcon Foundry

The Falcon Foundry no-code application development platform draws on other tools in the Falcon product family to build custom apps to solve security and IT problems. It leverages data from the CrowdStrike platform, the Falcon Fusion SOAR framework, and cloud-scale infrastructure, according to the company. Applications created in Foundry integrate with the Falcon platform. Foundry features include:

• An intuitive interface: CrowdStrike claims Foundry will guide users through the app development process with step-by-step instructions and a drag-and-drop visual application studio.
• Full access to data and threat intelligence from the CrowdStrike Falcon platform: This includes third-party telemetry stored in Falcon LogScale Next-Gen SIEM.
• Automation with end-to-end response: Falcon Fusion and Falcon Real Time Response (RTR) scripts work together to define automated workflows and execute a fast response on endpoints and beyond.

An expanded CrowdStrike Falcon platform

In an attempt to pull customers away from point solutions, CrowdSrike has rolled out three enhancements to its unified Falcon platform. CrowdStrike Falcon Data Protection is intended to replace data loss prevention tools. It provides a single agent for data protection and endpoint security. It also extends EDR/XDR from initial compromise through data exfiltration. Falcon Data Protection allows for creating policies that will follow content as it moves across files or SaaS applications, the company claims.

CrowdStrike Falcon Exposure Management gives users visibility into every asset and real-time assessment into potential inside and external exposures, the company claims. It uses existing CrowdStrike endpoint agents and natively integrated external attack surface management (EASM). The new tool also allows visibility into and management of third-party vulnerabilities in the same workflows as internal vulnerabilities. Other capabilities include visualization of adversary intrusion paths and assessment of critical configuration settings.

CrowdStrike Falcon for IT automates IT and security workflows in an “end-to-end, visibility-to-action lifecycle.” It leverages CrowdStrike’s Charlotte AI tool to drive queries and actions from plain language generative AI prompts. The company claims it can continuously monitor CrowdStrike-managed endpoints and automate remediation on those endpoints.