CrowdStrike and Google Chrome: Building an Integrated Ecosystem to Secure Your Enterprise Using the Power of Log Management

Organizations today face an onslaught of attacks across devices, identity and cloud workloads. The more security telemetry an organization has to work with, the better threat hunters can contextualize events to find and remediate potential threats. Google recently announced Chrome Enterprise Connectors Framework, a collection of plug-and-play integrations with industry-leading security solution providers. The framework includes three categories:

 

  1. Identity and Access
  2. Endpoint Management
  3. Security Insights and Reporting
CrowdStrike is pleased to announce that we’ve been included as a Chrome Enterprise Recommended Partner that will contribute to this framework. As a first step, we’ve developed an integration for the Security Insights and Reporting category to help customers derive even more value from the CrowdStrike Falcon® platform.

 

The integration leverages our centralized log management and observability solution, CrowdStrike Falcon LogScale. Formerly known as Humio, Falcon LogScale is a CrowdStrike module that allows organizations to ingest, search, transform and retain all of their log data. ​​Built using a unique index-free architecture and advanced compression technology that minimizes hardware requirements, Falcon LogScale enables DevOps, ITOps and SecOps teams to aggregate, correlate and search live log data with sub-second latency — all at a lower total cost of ownership than legacy platforms.

Innovation via Collaboration

CrowdStrike and Google have a rich history of collaboration, including last year’s Google Work Safer program to bolster security for hybrid and remote workers. With this latest collaboration, organizations can get additional visibility into managed Chrome Enterprise browsers and devices using Falcon LogScale and Google's Chrome Enterprise Connector Framework.

 

This integration provides joint customers:

 

  • The ability to correlate Chrome security events with CrowdStrike Falcon Host and Intelligence data in Falcon LogScale for enhanced threat hunting.
  • A pathway to easily port Managed Chrome browser and ChromeOS security events into the CrowdStrike Security Cloud for added threat context.
  • Automated notifications and remediations using Falcon LogScale’s built-in actions such as webhooks enabling security operations and incident response functions.
  • Enhanced security in certain instances that previously weren’t protected or CrowdStrike Falcon agents weren’t deployed.

Get Started with the Integration

To take advantage of the integration, organizations will need a cloud-managed Chrome browser or Chrome device and connect the data feed to Falcon LogScale’s HEC endpoint API. Check out this short demo to jump-start your learning. If you’re a Falcon LogScale customer, this integration provides even more security telemetry for you to correlate with other data sources. After all, the more context you can add to potential security incidents, the better your investigations and threat hunts.

 

Additional Resources

 

Breaches Stop Here