产品介绍

端点进阶威胁侦测与防御系统(EDR)、情资及沙箱 ~ CrowdStrike









64febbd4e705f6c64289f1004b1e5e69.pngCrowdStrike Named a Strong Performer for External Threat Intelligence Services by Independent Research Firm

                    CrowdStrike® is consistently recognized as the leading endpoint protection solution by industry analysts, independent testing organizations and security professionals

                   CrowdStrike Named a Leader in IDC MarketScape on Incident Response, Readiness and Resiliency Services

Forrester Wave™: 2018年CrowdStrike 是EDR(Endpoint Detection and Response)领导者。

b4d70e46b2d6f647ca47479fb1d721e7.png 
1b5ace331715ee7ead00b2fbed55f454.png

CrowdStrike是第一个也是唯一一家能够统整次世代防毒(Next-Generation Anti-Virus)、端点侦测与回应(Endpoint Detection & Response)和24/7全天候管理的威胁猎捕(Threat Hunting)服务的资安公司。


防止现有资安工具无法防范的攻击

只有CrowdStrike可以为您提供主动和持续的保护,抵御日常威胁以及复杂的攻击,这是传统以恶意程式为中心的资安防护工具所做不到的事情。透过强大的图形分析和关联全球客户数十亿笔的事件,CrowdStrike Threat Graph™源源不绝地更新这些攻击与威胁的资料,并在背后不断的工作来检测这些难以检测的攻击事件,持续精进次世代端点防护系统的能力。

大数据 AI 分析,几秒内查知有无入侵,立即阻断。

Real-World Protection Test July-November 2017报告,0误判。

情资模组,提供入侵骇客及手法,分析是否有针对性及预测入侵标的。

Falcon Overwatch是一个全球性的运营中心,由一群顶尖的网路入侵检测分析与调查专家每天24小时、每周七天,全年无休的为您工作。 

整合威胁情报与资安事件应变(IR)服务 ~ CrowdStrike整合内部团队来提供最佳的威胁情报,以及全面的资安事件应变服务―从问题发生前,一直到事后处理,全天候为您提供支援。专业的服务团队提供您需要的资料来防御与应变资安事件、阻止入侵事件以及加速您修补漏洞的速度。

CrowdStrike Falcon Prevent — CrowdStrike’s AV replacement module offers the most advanced next-generation prevention capabilities to stop malware and malware-free attacks without requiring signatures and the heavy updates that come with them. Leveraging CrowdStrike’s state-of-the-art file and behavioural-based proprietary machine learning and Indicator-of-Attack (IOA) methodology, the solution prevents attacks pre-execution and is particularly effective at stopping new, polymorphic or obfuscated malware, which is often missed by legacy AV solutions. Additionally, due to CrowdStrike Falcon’s cloud-native architecture, the technology can be fully deployed and operational in hours with zero maintenance costs or end-user impact.

CrowdStrike Falcon Insight — Endpoint detection and response (EDR) capabilities ensure customers have comprehensive, real-time and historical visibility of everything that is executed in their environment. Falcon Insight provides extensive and instant detection, search, hunting, and response capabilities, eliminating the prospect of silent failure.

CrowdStrike Falcon Discover — CrowdStrike’s security hygiene module provides real-time application usage and inventory and privileged user account monitoring. The data can be used to address the usage of inappropriate or unwanted applications. Future enhancements will cover other aspects of security hygiene such as system inventory to identify and remediate unmanaged systems. With Falcon Discover, customers can easily derive operational optimizations and cost reductions by more effectively managing software license costs. In addition, the module enables privileged account management capabilities by providing visibility into the use of administrator credentials across the enterprise.

CrowdStrike Falcon Threat Intelligence — Includes automated malware analysis, indicators and yara/snort signatures, technical and strategic reports for threat context, executive flash and periodic reporting to help customers better direct their cybersecurity resources and understand the threat environment in which they operate. With the Falcon Intel API, customers receive an automated, high-fidelity threat feed to help them ease and streamline management of security resources.

CrowdStrike Falcon OverWatch — Managed threat hunting delivered by a global operation center, staffed around the clock by an elite group of cyber intrusion detection analysts and investigators, dedicated to continuously hunting for adversary activity in a customer’s environment. CrowdStrike OverWatch amplifies customers’ internal resources by notifying, prioritizing and escalating alerts, as well as responding and shutting down suspected intrusion activity, including malicious insiders.

CrowdStrike Falcon Spotlight – Falcon Spotlight™, built on the CrowdStrike Falcon® platform, is the industry’s first scan-less, agent-based vulnerability management solution, offering security teams a continuous and real-time assessment of the vulnerability exposure of their endpoints. Native integration in the Falcon platform enables customers to operationalize vulnerability management within a complete endpoint protection framework, resulting in a stronger security posture and unparalleled incident prevention, detection and response.

CrowdStrike Falcon X - Falcon X enables customers of all sizes to better understand the threats they face and empowers them to use that knowledge to defend against future attacks — making proactive security a reality.  Falcon X combines the tools used by cyberthreat investigators into a seamless solution and performs the investigation automatically. The integrated toolset includes malware analysis, malware search and threat intelligence.

CrowdStrike Falcon Search Engine - Falcon Search Engine brings game-changing speed to your Security Operations Center by leveraging the Falcon platform. CrowdStrike sees over 110 billion unique security events per day from its install base that spans 176 countries, and has amassed the industry's largest collection of searchable malware. Patent pending indexing technology puts all of this at your fingertips and delivers real-time search results with Falcon MalQuery.

CrowdStrike Falcon Sandbox - Falcon Sandbox performs deep analysis of evasive and unknown threats, enriches the results with threat intelligence and delivers actionable indicators of compromise (IOCs), enabling your security team to better understand sophisticated malware attacks and strengthen their defenses.

CrowdStrike Falcon Device Control - Falcon Device Control provides the visibility and granular control required to enable safe usage of USB devices across your organization. Automatically delivers the complete visibility you need, allowing you to monitor how USB devices are used in your environment. Enables you to determine precisely what devices are allowed or restricted, and the granular level of access granted to each device.

a3fc3740be88a8756392987bd48ca5e8.png  7308e1d47795487ebc5b5d5e142e1560.png

Falcon Platform Module Overview:

Cloud-delivered Endpoint Protection Overview


CrowdStrike Falcon MalQuery – The Faster, More Complete Malware Search Engine


How Falcon Sandbox improves threat response


CrowdStrike Falcon Intelligence walkthrough


How Falcon OverWatch Proactively Hunts for Threats in Your Environment


Falcon Use Case Videos:

How CrowdStrike Falcon prevents infection and spread of the destructive NotPetya attack
How CrowdStrike Falcon protects against Ransomware
How machine learning on the Falcon sensor provides better protection
How to Get Five Second Visibility Across Your Organization with Falcon Host Endpoint Protection
How to replace traditional AV with CrowdStrike
How Falcon protects off-line hosts from new threats
How Falcon prevents script-based attacks
How CrowdStrike stops malicious PowerShell downloads
How to block zero day and file-less exploits with CrowdStrike Falcon
How to Prevent Malware-Free Attacks with CrowdStrike Falcon Host Endpoint Protection
How to Hunt for Threat Activity with Falcon Host Endpoint Protection


DataSheet 产品型录

Datasheet_Falcon_Device_Control
Falcon_Intellingence Datasheet
White Paper- Indicators of Attack vs Indicators of Compromise
White Paper -Threat Intelligence


eDM相关资料:

[最高赔偿美金100万元] WE STOP BREASHES ~ Crowdstrike Solutions ~ EDR Leader (包含情资、沙箱)