Modernize Your SOC with Falcon Fusion, CrowdStrike’s Integrated SOAR Framework

This announcement is part of the Fal.Con 2021 CrowdStrike Cybersecurity Conference, Oct. 12-14. Register now for free to learn all about our other exciting new products and partnerships! Security pros across security operations centers (SOC) are besieged and are fighting two critical battles. The first one is against increasingly sophisticated adversaries using advanced techniques to try and breach their defenses. The second battle? It’s against the ever-growing, complex security stack that’s supposed to help them win the first battle.

 

To stop breaches and successfully fight adversaries, every second counts. Security requires speed and efficiency when decisive response actions are needed. But understaffed security teams continue to struggle with having to manage multiple point solutions that generate disparate data across their system.

 

Every security professional I talk to says the same thing: To win today’s battle against attackers, they need fast, they need easy and they need automation. They need automation baked into their security platforms to improve speed and efficiency, and they require custom workflows that align with their internal processes. At CrowdStrike, our goal is to give security teams the technology and support they need to win today’s cyber battles and prepare for tomorrow’s. That’s why I’m excited we announced at Fal.Con 2021 today that Falcon Fusion — a cloud-delivered security orchestration, automation and response (SOAR) framework — is now available FREE to all CrowdStrike customers using Falcon Prevent™ and Falcon Insight™.

Automate and Orchestrate Complex Workflows

To meet the 1-10-60 SOC challenge, enterprise SOC teams have an average of one minute to detect an attack, 10 minutes to understand it, and one hour to contain it. The problem for security teams is that in addition to a security stack that is often non-interoperable, modern security solutions often lack the ability to customize and build policies intuitively, based on the customer’s real-world problems and desired outcome.

 

On the other hand, a balancing act is also necessary — too much customizability could lead to complex, hard-to-understand policies that deviate from the actual desired outcome. In a recent global IT security survey commissioned by CrowdStrike, Supercharge Your Security Transformation: A Two-pronged Approach for IT Security, 71% of respondents noted that integration complexity with other technology and security stacks requires improvement in their organization, and 92% of respondents said that their organization has had operational challenges with security solutions. One of the common complaints among enterprise SOC analysts is the time spent analyzing and responding to multiple — and sometimes duplicate — alerts across different systems, resulting in alert fatigue and compromised efficiency when responding. In the same study, 80% agreed that alert fatigue is an issue within their organization. Falcon Fusion can modernize your SOC operations and improve productivity by orchestrating and automating complex and repetitive tasks - dramatically improving the efficiency of your SOC teams. Falcon Fusion is integrated with the robust, industry-leading endpoint and workload protection provided by the CrowdStrike Falcon® platform. It orchestrates and automates complex workflows by leveraging the power of the CrowdStrike Security Cloud to combine relevant contextual insights across endpoints, identities and workloads, along with telemetry from partner applications. Enterprise customers can build real-time active notification and response capabilities that utilize complex sequencing and branching along with customizable triggers based on detection and incident categorizations — ultimately improving SOC and IT efficiency and agility while meeting use case requirements.

 

 

The Power of the Security Cloud

As a cybersecurity company that has built one of the largest cloud architectures in the world, CrowdStrike has gained an exceptional vantage point and garnered unique experience on what it takes to streamline incident response, while delivering unprecedented visibility and context — all in one place.

 

The CrowdStrike Security Cloud processes upward of 1 trillion events per day, with more than 140 million indicator-of-attack (IOA) decisions made every second — and that just covers streaming data. In addition, CrowdStrike stores over 15 petabytes of data in the cloud, protecting billions of entities (workloads, endpoints, identities) every day. All of this data, combined with partner data accessed through the CrowdStrike Store, helps provide visibility into the events taking place across the environment and strengthen active response capabilities to streamline incident response and remediation.

 

Streamlined Notifications and Accelerated Falcon Real Time Response (RTR) Workflows

 

Built on an open security cloud ecosystem with powerful contextual insights, Fusion enables customers to use alerts, detections and incidents as triggers and build repeatable and consistent automation using no-code logic. Analysts can save a lot of time by automating these repetitive and manual tasks and instead focus on more business-critical strategic responsibilities. Through a sophisticated workflow builder in the Falcon console, users can easily visualize triggers, create multiple potential routes of automated actions based on certain conditions, and monitor performance of workflows with paths taken. The workflow builder also supports conditional branching logic (“if,” “else if,” “else”) and both sequential and parallel flows to make sure that security teams can meet their organization’s requirements without compromising efficacy and efficiency.
(Click to enlarge)
The workflow builder supports a notification process where analysts can now automate a set of key tasks into a repeatable and standardized process and receive customized, timely notifications across collaboration channels of their choice (e.g., Slack, PagerDuty, Microsoft Teams, email), ensuring they can focus on the alerts that matter to them.

 

In addition to supporting notification actions, Fusion workflows support an expanded collection of potential actions that can be executed seamlessly from the unified console based on threat detections, incidents and audit events, with contextual insights provided by the Falcon platform and third-party applications. Analysts can also leverage the power of automation through Falcon Real Time Response (RTR) capabilities. Advanced actions can now be automated and orchestrated — such as quarantining compromised or suspicious hosts based on a configured set of events, performing VirusTotal lookups for context enrichment, and performing triaging activities (e.g., retrieving files and processes, removing files, stopping processes) — ultimately resulting in reduced mean time to remediate threats. See how Falcon Fusion works in this quick walkthrough:

Falcon Fusion for CrowdStrike Customers

 

Today’s organizations are dealing with expanding attack surfaces across multi-cloud environments and distributed workforces, making it increasingly burdensome for security teams to sift through an ever-growing number of alerts to keep their business secure. Falcon Fusion was built to provide CrowdStrike customers with rich contextual insights and valuable customization to not only meet their immediate needs but also enable them to deploy repeatable workflows at scale. Fusion combines the comprehensive visibility provided by CrowdStrike’s Security Cloud with the powerful incident response capabilities delivered by the lightweight Falcon agent to automate and simplify complex SOC workflows. Access Falcon Fusion today from your Falcon console to see how you can simplify your workstreams.

 

Additional Resources

Breaches Stop Here