CrowdStrike Falcon Insight
Endpoint Detection & Response
Streaming the threat detection and response lifecycle with speed, automation and unrivaled visibility.
EDR Made Easy
Traditional endpoint security tools have blind spots, making them unable to see and stop advanced threats. CrowdStrike Falcon Insight™ solves this by delivering complete endpoint visibility across your organization.
Insight continuously monitors all endpoint activity and analyzes the data in real time to automatically identify threat activity, enabling it to both detect and prevent advanced threats as they happen. All endpoint activity is also streamed to the CrowdStrike Falcon platform so that security teams can rapidly investigate incidents, respond to alerts and proactively hunt for new threats.
- Detect advanced threats automatically
- Speed investigations with deep, real-time forensics
- Respond and remediate with confidence
- Conduct five-second enterprise searches
- Enable Falcon OverWatch™ threat hunting service
- Understand complex alerts at a glance with the MITRE-based detection framework
The Complete EDR Solution
Regardless of how advanced your defenses are, there’s a chance that attackers will do an “end run” on your security solution and slip through to gain access to your environment. Conventional defenses don’t know and can’t see when this happens, resulting in “silent failure.” When silent failure occurs, it can allow attackers to dwell in your environment for days, weeks or even months without raising an alarm. The solution lies in continuous and comprehensive visibility into what is happening on your endpoints in real time.
CrowdStrike Falcon Insight™ eliminates silent failure by providing the highest level of real-time monitoring capabilities that span across detection, response and forensics. This ensures nothing is missed, leaving attackers with no place to hide. Falcon Insight provides organizations with state-of-the-art endpoint detection and response (EDR), following an approach recommended by top analyst firms such as Gartner.
"Enterprises that know compromise is inevitable and are looking for endpoint-based approaches for advanced threat detection, investigation and response capabilities, should consider EDR solutions." — Neil MacDonald, VP Distinguished Analyst
Gartner scored CrowdStrike as"strong" in all endpoint detection & response use cases evaluated in a comparative assessment report called Comparison of Endpoint Detection and Response Technologies and Solutions, published in 2016.*
*Source: Gartner Comparison of Endpoint Detection and Response (EDR) Technologies and Solutions 2016 at https://www.gartner.com/doc/3343417/comparison-endpoint-detection-response-technologies (account required)
The Power to Prevent Silent Failure and Stop Breaches
Falcon Insight relies on CrowdStrike’s revolutionary cloud-delivery architecture, providing a communications fabric unlike any other. Using an advanced graph data model, CrowdStrike Threat Graph™ collects and inspects event information in real time to prevent and detect attacks on your endpoints. As part of the Falcon endpoint protection platform, Falcon Insight records all activities of interest on an endpoint for deeper inspection — on-the-fly and after-the-fact — allowing users to quickly detect, investigate and respond to attacks — even those that evade standard prevention measures.
Automatic detection of IOAs to identify attacker behavior and stop attacks, with prioritized alerts sent to Falcon web management console — eliminating the need for time-consuming manual searches.
Complete oversight of security-related endpoint activity, allowing you to “shoulder surf” adversary activities, even when they try to breach your environment.
Discover and investigate current and historic endpoint activity — go back one second, one day or even one year of activity — all at your fingertips.
Events can be contextualized by threat intelligence, providing details on the attributed adversary and any other information known about the attack.
Act against adversaries in real time to stop attacks before they become breaches. Powerful response actions allow you to contain and investigate compromised systems, eradicate threats with surgical precision and get back to business quickly.
A cloud-delivered SaaS solution, Falcon Insight deploys in seconds with near zero impact on endpoint performance - even when analyzing, searching and investigating.
Key Product Capabilities
Simplify Detection and Resolution
- Automatically detect attacker activities: Insight uses IOAs (indicators of attack) to automatically identify attacker behavior and sends prioritized alerts to the Falcon UI, eliminating time-consuming research and manual searches. The CrowdStrike Threat Graph™ database stores event data and answers queries in five seconds or less, even across billions of events.
- Unravel entire attacks on just one screen: An easy-to-read process tree provides full attack details in context for faster and easier investigations.
- Accelerate investigation workflow: Mapping alerts to the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) Framework allows you to understand even the most complex detections at a glance, shortening the time required to triage alerts, and accelerating prioritization and remediation. In addition, the intuitive UI enables you to pivot quickly and search across your entire organization within seconds.
- Gain context and intelligence: Integrated threat intelligence delivers the complete context of an attack, including attribution.
- Respond decisively: Act against adversaries in real time, to stop attacks before they become breaches. Powerful response actions allow you to contain and investigate compromised systems, and Real-time Response capabilities provides direct access to endpoints under investigation. This allows security responders to run actions on the system and eradicate threats with surgical precision.
Gain Full-Spectrum Visibility in Real Time
- Observe every move in real time: Immediate visibility allows you to view the activities as if you were "shoulder surfing" the adversary.
- Capture critical details for threat hunting and forensic investigations: Falcon Insight kernel-mode driver captures over 400 raw events and related information necessary to retrace incidents.
- Get answers in seconds: The CrowdStrike Threat Graph™ database stores event data and answers queries in five seconds or less, even across billions of events.
- Recall for up to 90 days: Falcon Insight provides a complete record of endpoint activity over time, whether your environment consists of fewer than 100 endpoints or more than 500,000.
- Save time, effort and money: Cloudenabled Falcon Insight is delivered by the CrowdStrike Falcon platform and does not require any on-premises management infrastructure.
- Deploys in minutes: CrowdStrike customers can deploy the clouddelivered Falcon agent to up to 70,000 endpoints in less than a single day.
- Immediately operational: With unmatched detection and visibility from Day One, Falcon Insight hits the ground running, monitoring and recording on installation without requiring reboots, fine-tuning, baselining or complex configuration.
- Zero impact on the endpoint: With only a lightweight agent on the endpoint, searches take place in the Threat Graph database without any performance impact on endpoints or the network.
Download the CrowdStrike Falcon Insight Datasheet (.PDF)