Welcome to Fal.Con 2022: CrowdStrike Drives the Convergence of Security and Observability

September 20, 2022

| | Executive Viewpoint
At CrowdStrike, we stop breaches. It’s a simple yet powerful promise to our customers, our partners and to the world.

 

As thousands join us today in person at Fal.Con 2022 in Las Vegas, and thousands more watch remotely via livestream, it’s a promise that we want to reinforce and extend. As cyberattacks have grown more powerful and disruptive, the importance of stopping the breach has grown.

 

Stopping the breach is about more than stopping a single attack. We stop breaches so you can mitigate your risk, so you can be more resilient and fortify your security posture, so you can ensure a brighter future for you and your customers.

 

To protect the productivity gains of the past few years, security must transform. Security has evolved to become the center of your organization and digital transformation. Security is critical in identifying and mitigating systemic risk as it expands. With security at your center, it should power the security professional, it should power the business and it should power your customers.

 

To achieve this, security needs to do more. It needs to bring together security AND observability data in a single platform so you can fully assess and address risk, while understanding the downstream impact security changes have on IT and the business.

 

Security needs to help you strengthen your posture and enforce good security hygiene while minimizing potential disruptions. It needs to help you reduce complexity and simplify the operations of your security and IT stack. Security needs to protect and power your productivity.

 

This is why I’m so excited for Fal.Con 2022. CrowdStrike is once again unleashing innovations that will power your teams, your organizations and your future.

 

Introducing Falcon LogScale: Security and Observability Through a Single Agent

When we acquired Humio, we saw the worlds of security and observability converging. By bringing these two worlds together, you get more context and insight from your data. You get a more detailed understanding of your entire environment from the perspectives of both security AND IT.

 

 

This is why we’re excited to announce that we’ve added powerful new capabilities and are unveiling the next evolution of Humio — Falcon LogScale. We’ve also launched a fully managed version, Falcon Complete LogScale. With this release, CrowdStrike stands alone in our ability to deliver the industry’s best security AND observability capabilities from a single powerful agent.

 

With Falcon LogScale, you’ll be able to operationalize the massive amounts of log and event data that you generate. Security teams will be able to apply powerful analytics to address security use cases, while DevOps and IT teams gain real-time visibility of the health and performance of their infrastructure and applications.

 

While the single-agent convergence of security and observability is still in its early days, I believe it represents a seismic shift in the security industry. For more information on Falcon LogScale, you can read a companion post from our Chief Product Officer Amol Kulkarni.

 

Unlocking XDR for All CrowdStrike EDR Customers

I believe that extended detection and response (XDR) is a philosophy, one based on the concept that security should always be correlating data and extending detection and response actions across the security stack. But XDR has to be built off of a foundation of endpoint detection and response (EDR), because the endpoint remains the most valuable source of security data. That’s why you need the best EDR as the foundation of XDR. CrowdStrike continues to be the undisputed leader in modern endpoint protection.

 

Today, we’re moving the industry forward once more by announcing that Falcon Insight is now Falcon Insight XDR, enabling all customers to leverage the power of native and hybrid XDR as a fundamental platform capability, with no disruption to existing EDR capabilities or workflows. We’re also doubling down on third-party integrations to ensure you have the richest telemetry from across your security stack. We’re adding new integrations with CrowdXDR Alliance members Cisco, ForgeRock and Fortinet, as well as third-party vendors such as Microsoft and Palo Alto Networks.

 

This release will allow every EDR customer to activate XDR capabilities within Falcon Insight XDR through simple-to-consume connector packs that unlock cross-domain detections, investigations and response actions across all key security domains. Best of all for the customer — it’s all delivered from a single, unified console, providing an unrivaled experience for security analysts.

 

 

 

We’re really excited about these advancements and anchoring XDR as a fundamental capability for every Falcon platform user.

 

 

Innovation to Assess Systemic Risk and Fortify Security Posture

 

CrowdStrike continues to deliver the best runtime security in the industry — but modern security also requires a deep understanding of where risk exists and the ability to be more proactive in mitigating that risk.

 

To help customers address risk across critical attack surfaces such as the cloud, Internet of Things (IoT) and operational technology (OT), we’re also unveiling new modules and features powered by CrowdStrike Asset Graph that give you a full sense of risk and the actions you can take to minimize it.

 

  • Falcon Discover for IoT: Customers will now be able to inventory all assets across all IT, OT and IoT to identify and mitigate risk before an attacker can exploit vulnerabilities.

     

  • Falcon Discover 2.0: New enhancements help organizations shift from legacy asset inventory to a real-time, continuous view into their attack surface and provide insight into complete system and organizational health.
  • Cloud Infrastructure Entitlement Management (CIEM): The failure to properly manage identities, access and privileges in the cloud continues to lead to security failures. CrowdStrike is extending our cloud-native application protection platform (CNAPP) capabilities to include CIEM, empowering customers to detect overly permissive accounts, continuously monitor activity and ensure least-privilege enforcement. This latest advancement continues to build out our existing powerful CNAPP capabilities.

     

Gaining an Adversary’s Perspective of Your Risk with External Attack Surface Management

 

Risk exposure is one of the biggest threats to our customers. Stopping the breach starts with assessing and understanding everywhere risk exists. Too often, adversaries know more about risk across an environment than the target organization itself.

 

That’s why I'm incredibly excited to announce that CrowdStrike has agreed to acquire Reposify Ltd. Reposify provides an external attack surface management (EASM) platform that scans the internet for exposed assets of an organization to detect and eliminate risk from vulnerable and unknown assets before attackers can exploit them.

 

With this acquisition, we plan to provide a fundamentally differentiated EASM experience to customers as part of our threat intelligence product suite. This will deliver deep insights on endpoints and IT environments with internet-scanning capabilities that deliver an adversarial-view of organizational risk across internal and external attack surfaces. For more on this, please read the companion blog from our CTO Mike Sentonas.

 

There is so much happening at Fal.Con this year! If you weren’t able to join us in person, we encourage you to check it out via livestream by going here.

 

Additional Resources

Breaches Stop Here