At CrowdStrike Fal.Con 2023, CrowdStrike introduced a brand new Falcon Raptor launch with generative-AI capabilities and the acquisition of Bionic.
At CrowdStrike’s annual Fal.Con present in Las Vegas this week, the corporate introduced a collection of enhancements to its Falcon safety platform, together with a brand new Raptor launch with generative-AI capabilities. The corporate additionally introduced the acquisition of Bionic so as to add cloud software safety to its portfolio.
What’s new within the Falcon Raptor launch?
CrowdStrike Falcon covers endpoint safety, Prolonged Detection and Response, cloud safety, menace intelligence, identification safety, safety/IT Ops and observability. The brand new Raptor launch provides petabyte-scale, quick information assortment, search and storage to maintain up with generative AI-powered cybersecurity and keep forward of cybercriminals. It’s being rolled out steadily to present CrowdStrike clients starting in September of 2023.
The important thing parts of the Raptor launch are:
- Charlotte AI Investigator automates incident creation and investigation, correlates associated context right into a single incident and generates a big language mannequin incident abstract.
- CrowdStrike Endpoint Detection and Response supplies clients with entry to native XDR to speed up investigations, thereby including endpoint, identification, cloud and information safety telemetry from throughout the corporate’s platform.
- The XDR Incident Workbench accelerates investigation and response occasions by specializing in incidents relatively than alerts.
“Raptor eliminates safety noise and reduces the time analysts take to chase down incidents,” stated Raj Rajamani, head of merchandise at CrowdStrike, once I interviewed him at Fal.Con.
In earlier variations of Falcon, information existed in a number of backends, which elevated the opportunity of blind spots that might be exploited by hackers. Raptor supplies a single information airplane to convey the info collectively within the CrowdStrike platform.
“There isn’t any longer a necessity for safety analysts to go to completely different factors to attempt to correlate CrowdStrike and third-party information, as every part is stitched collectively by Charlotte AI to scale back the time wanted for triage and evaluation,” stated Rajamani.
That is achieved by decoupling the info from the compute energy wanted to compile, course of and analyze it. Rajamani stated this will take question response occasions down from hours to seconds and bigger queries from days to a couple hours.
Fundamental opponents to Falcon
As CrowdStrike Falcon consists of a number of modules that broadly tackle the safety panorama, it competes on a number of fronts. On the EDR facet, its foremost opponents are Microsoft and SentinelOne. On cloud safety, it strains up towards the likes of Microsoft and Palo Alto Networks. For identification safety, its main competitor might be Microsoft. Rajamani stated that CrowdStrike has a bonus over Microsoft and others by means of its potential to construct a unified information airplane utilizing a single agent and console for all security-related information.
“Others clear up components of the safety puzzle however battle to convey all of it collectively and not using a 360-degree view,” he stated. “The sum of the components is larger than the entire.”
Extra Falcon-related bulletins
- Falcon Foundry is a no-code app dev platform to unravel customized IT and safety workloads together with scanning for vulnerabilities. Now accessible.
- Falcon Knowledge Safety presents coverage enforcement of content material as an alternative of information to allow customers to guard information because it travels throughout the enterprise and stop the unauthorized egress of sensitized data. Presently within the beta testing section.
- Falcon for IT supplies real-time IT visibility into all system occasions, state and efficiency. Now accessible.
- Falcon Publicity Administration offers an inside-out and outside-in view of enterprise threat. Now accessible.
Bionic acquisition ought to give CrowdStrike an edge in CNAPP market
The opposite huge announcement at CrowdStrike’s Fal.Con was an settlement to amass Utility Safety Posture Administration vendor Bionic. This extends CrowdStrike’s cloud native software safety platform to ship threat visibility and safety throughout all cloud infrastructure, purposes and providers.
The crowded cloud-native software program platform market is led by PingSafe, Aqua Safety, Palo Alto Networks, Orca and plenty of others; the addition of ASPM from Bionic ought to give CrowdStrike an edge. ASPM provides app-level visibility to infrastructure, and it solves issues corresponding to with the ability to detect which purposes — even legacy purposes — are working throughout the enterprise and what databases and servers these apps are touching. That is achieved with out an agent.
Rajamani likened it to the distinction between an X-ray (CNAPP) and an MRI (ASPM). The addition of Bionic supplies CrowdStrike with the power to detect a wider vary of potential points.
“The mixing of Bionic means we will drastically cut back the variety of alerts to allow analysts to zero in on those that matter,” stated Rajamani. “In consequence, CrowdStrike would be the first cybersecurity firm to ship full code-to-runtime cloud safety from one unified platform.”