![Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VIDEO]](https://assets.crowdstrike.com/is/image/crowdstrikeinc/video-ATTCK2-1)
![Qatar’s Commercial Bank Chooses CrowdStrike Falcon®: A Partnership Based on Trust [VIDEO]](https://assets.crowdstrike.com/is/image/crowdstrikeinc/Edward-Gonam-Qatar-Blog2-1)
![Endpoint Protection and Threat Intelligence: The Way Forward [VIDEO]](https://assets.crowdstrike.com/is/image/crowdstrikeinc/GK-Blog_Images-1)
Adversaries are becoming more adept and sophisticated in their attacks. Taking advantage of vulnerabilities present in major software is often an attractive entry point for establishing a campaign within an enterprise environment. The CrowdStrike 2022 Global Threat Report highlights how adversaries continue to shift tradecraft and weaponize vulnerabilities to evade detection and gain access to critical applications and infrastructure.
Falcon Spotlight Integrations Enable Orchestrated Remediation Workflows
Falcon Spotlight enables even greater efficiency with Falcon Fusion through dynamic integrations via ServiceNow and Jira, enabling customers to automate processes and reduce remediation time with a ticketing workflow that can be created from within Falcon Spotlight.
How Falcon Fusion and Falcon Spotlight Streamline Remediation
Natively integrated into the Falcon platform, Falcon Fusion leverages the power of the CrowdStrike Security Cloud to orchestrate and automate any complex workflow. Falcon Fusion improves SOC and IT team efficiency and agility by enabling them to build real-time active response and notification capabilities with customizable triggers based on detection and incident categorizations. Falcon Fusion also dramatically reduces alert fatigue and frees up resources so analysts can focus on other critical and strategic tasks. With the Falcon Fusion framework, security teams gain the ability to create and set automated workflows based on triggers and conditions within a convenient if/then structure.
(Click to enlarge)While Falcon Fusion has many use case applications around investigation, hunting and recovery, it's especially useful in conjunction with Falcon Spotlight for vulnerability remediation processes. 
Falcon Spotlight and Falcon Fusion Orchestration Demo
Let’s examine how Falcon Spotlight and Falcon Fusion create more efficiencies for IT staff.
- Establish remediation triggers based on the most critical ExPRT.AI rating for vulnerabilities relevant to their organization.
- Create an action or series of actions on what or how the vulnerability or sets of vulnerabilities should be handled.
- Initiate a workflow to be handled in a third-party integration such as ServiceNow or Jira.
- Offer relevant details around actions performed in the integration within the Spotlight console.
This framework gives security teams the ability to create and set automated workflows based on the triggers and conditions using a simple if/then structure. For example, if the trigger was based on Falcon Spotlight’s ExPRT.AI rating, the established workflow would be automatically initiated for a team to conduct remediation processes until that vulnerability or group of vulnerabilities is patched or otherwise mitigated.
Increased SecOps Coverage Enhances Overall Visibility
In addition to the automation workflows and integrations, CrowdStrike’s collection of SecOps products have broadened platform coverage to ensure maximum visibility across an organization's environments and to enhance cross-platform protection. Falcon Spotlight now supports macOS in addition to existing Windows and Linux coverage, while Falcon FileVantage™ file integrity monitoring extends support to Linux operating systems and Falcon Forensics™ now supports both macOS and Linux. Organizations with multi-platform environments can now have complete coverage from the same security vendor.
The Bottom Line for Security Operations Staff
Adversaries capitalize on weaknesses and vulnerabilities to gain access to an organization's systems and software; it’s up to security staff to pinpoint which ones are most relevant to their enterprise and establish a remediation plan as quickly as possible. Fortunately, with the CrowdStrike Falcon® platform and SecOps products, vulnerability management, visibility and IT hygiene, file integrity monitoring and forensic investigation can be simple and efficient.
Additional Resources
- Learn more about the Falcon Fusion integrated cloud-scale framework by visiting the product page and viewing the data sheet.
- Read analysis on the latest Patch Tuesday vulnerabilities.
- Watch how Falcon Spotlight helps in vulnerability management.
- Learn how the powerful CrowdStrike Falcon platform provides comprehensive protection across your organization, workers and data, wherever they are located.
- Get a full-featured free trial of CrowdStrike Falcon Prevent and see for yourself how true next-gen AV performs against today’s most sophisticated threats.
