CrowdStrike Threat Graph®
The industry’s leading cloud-scale AI brains behind CrowdStrike® Security Cloud predicts and prevents modern threats in real time
Advantages of Threat Graph
Comprehensive data sets
Continuous high-fidelity telemetry with forensic-level detail across endpoints and workloads distributed across the network edge and hybrid cloud infrastructure — including Windows, macOS, and Linux, together with cloud-native storage for always-on data availability.
Cloud-scale analytics
Contextual relationship derivation with ML algorithms and deep analytics across billions of disjoint and siloed data elements — allows for fast, on-demand search and query across real-time and historical data for speedy investigation and response.
Real-time attack visibility
Real-time visibility with instant access to enriched data and intuitive dashboards for advanced workflows and visualizations — covers ephemeral, online, offline and even end-of-life hosts to arm your responders with data so they can respond to threads immediately and act decisively
Technical features
Purpose-built graph database for cybersecurity
Power of Security Cloud
- Fully operational in minutes: Complete turnkey solution with no additional hardware or deployments
- Power of the crowd: Use network effect to protect everyone against a new threat, regardless of where it is encountered
- Zero maintenance overhead: See value from Day One, with no additional custom tuning, costly consulting, re-architecting or maintenance overhead
- Scale and elasticity: Automatically scales and grows with demand and change
Power of data
- Enriched telemetry: Capture trillions of security events across endpoints, workloads and identities and enrich with threat intelligence, context and correlation markers
- Deep analytics: Reveal contextual relationships between data elements to identify and respond to new and unusual threats in real time by applying graph analytics and ML algorithms
- Powerful search: The robust query and search engine provides current and historical forensic details to arm responders for threat investigations
- Data availability: On-demand access to enriched data with powerful visualization dashboards helps investigators understand the full context of the attack on any affected host, regardless of location
Maximum security efficiency
- Actionable insights: The industry’s leading collection of powerful insights gathers more than a trillion events per day spanning across 2 trillion vertices and analyzing over 15 petabytes of data
- Integrated threat intelligence: Telemetry is enriched with real-world threats and identifies new attacks associated with known threat actors
- Accelerated response: Real-time visualization and automated concurrent analysis lead to faster investigation and response times
- Proactive threat hunting: Threat hunters can run ad hoc queries for successful and timely detections of unknown threats
Single source of truth
- Single data source: Gain rapid access to everything required to prevent, detect, investigate, and respond
- Single intelligent agent: The lightweight agent provides smart-filtering capability streams relevant data for enrichment and correlation to the Threat Graph — with no performance impact
- Robust set of APIs: Powerful APIs allow for security orchestration, automation, response and other advanced workflows
- Rich integrations: APIs and bidirectional data flow enable tight integrations with third-party security and IT solutions to share insights from multiple data sources
- Cloud-delivered resources: Threat Graph scales with demand and provides necessary storage, compute and rich analytics required, with up to a year of all detections encountered
- Enriched data archive: Optional offline replica of enriched telemetry is available for archive, compliance requirements and additional analytics