FAQs: CrowdStrike for public sector

Yes. The Falcon platform is authorized under the Federal Risk and Authorization Management Program (FedRAMP). CrowdStrike has an Authorization to Operate (ATO) at the Moderate Impact Level from the U. S. Department of Commerce’s International Trade Administration (ITA). In addition, CrowdStrike has achieved FedRAMP® High-Impact Level Ready status from the Joint Authorization Board (JAB).
The Falcon platform is purpose-built to stop breaches via a unified set of cloud-delivered technologies that prevent all types of attacks. Today’s sophisticated attackers are going “beyond malware” to breach organizations, increasingly relying on exploits, zero-days, and hard-to-detect methods such as credential theft and tools such as PowerShell that are already part of the victim’s environment or operating system. The Falcon platform responds to these threats with a powerful yet lightweight solution that unifies next-generation antivirus (NGAV), endpoint protection, cyber threat intelligence, managed threat hunting capabilities and security hygiene — all contained in a single, lightweight sensor that is cloud-managed and delivered.

The extensive capabilities and modular approach of the Falcon platform allow customers to seamlessly replace existing products and capabilities to reduce cost, risk, and complexity. While not an exhaustive list, the following capabilities are frequently consolidated and replaced by CrowdStrike customers:

  • Traditional antivirus
  • Host intrusion prevention system (HIPS) and/or exploit mitigation solutions
  • Forensic tools
  • User behavioral tools
  • Endpoint detection and response (EDR) tools
  • Indicator of compromise (IOC) search tools
  • Traditional sandboxes/dynamic analysis tools
  • Log analysis tools
  • Managed detection and response services
  • Threat intelligence offerings
  • Vulnerability management tools
  • IT hygiene tools
  • Remote remediation tools
Yes. CrowdStrike’s unique, lightweight kernel-based sensor is optimized for VDI and other forms of virtualized and cloud workloads including containers. CrowdStrike’s resource-friendly sensor requires ~1% CPU utilization with negligible IOPS consumption and zero scanning.
The Falcon platform aligns very well with Center for Internet Security (CIS) top 20 controls, covering most of the control areas holistically through both technology and expertise. CrowdStrike is uniquely enabled to provide customer compliance outcomes through unparalleled visibility. Please contact your CrowdStrike representative for further consultation on how CrowdStrike can meet your specific organization’s needs.
CrowdStrike is the pioneer in cloud-delivered endpoint protection. The Falcon platform has revolutionized endpoint security by being the first and only solution to unify identity protection, endpoint security, cloud security, and a 24/7 threat hunting service — all delivered via a single, lightweight agent. The unique benefits of this unified, lightweight approach include immediate time-to-value, better performance, reduced cost and complexity, and better protection that goes beyond detecting malware to stop breaches before they occur. These capabilities are based on a unique combination of prevention technologies such as machine learning, indicators of attack (IOA), exploit blocking, unparalleled real-time visibility and 24/7 managed hunting to discover and track even the stealthiest attackers before they do damage.
Yes. The Falcon platform is a proven cloud-based solution enabling customers to scale seamlessly with no performance impact across large and disparate environments. The platform’s “frictionless” deployment has been successfully verified across enterprise environments containing significantly more than 100,000 endpoints, and it is not uncommon for customers to deploy to 100,000+ environments over a day or two.
Yes, the lightweight CrowdStrike Falcon® sensor that runs on each endpoint includes all of the prevention technologies required to protect the endpoint, whether it is online or offline. These technologies include machine learning to protect against known and zero-day malware; exploit blocking; hash blocking; and CrowdStrike’s behavioral artificial intelligence heuristic algorithms, known as indicators of attack (IOAs). Eliminating signatures allows the Falcon sensor to protect endpoints and cloud workloads without a persistent connection.
Yes. The Falcon platform allows organizations to confidently replace their existing legacy AV solutions and is fully certified to do so. Falcon incorporates identification and prevention of known malware with machine learning, exploit prevention and advanced behavioral techniques, protecting you from not only malware but from the full spectrum of attacks, including malware-less threats.

CrowdStrike Falcon® PreventTM uses a wide array of complementary prevention and detection methods to protect against ransomware, including:

  • Detection and blocking of known ransomware
  • Exploit blocking that stops the execution and spread of ransomware via unpatched vulnerabilities
  • Machine learning for detection of previously unknown “zero-day” ransomware attacks
  • Indicators of attack (IOAs) to identify and block additional unknown ransomware, while protecting against new categories of ransomware that do not use files to encrypt victim systems
  • Threat intelligence garnered from CrowdStrike’s massively scalable platform, incident investigations and active tracking and hunting of 230+ nation-state and e-crime adversaries
Yes. The Falcon platform is equally effective against attacks occurring on disk or in memory. The platform continuously watches for suspicious processes, events and activities, wherever they may occur.
Yes. The Falcon platform is designed for and used extensively for incident response (IR) missions. The platform disrupts the traditional manual and resource-intensive way that IR has been carried out in the past and ultimately reduces the need for IR, while providing near real-time visibility of endpoints and their associated activity to gain instant access to the “who, what, when, where and how” of an attack without having to perform additional resource-intensive tasks or try to recover data cleaned up by the adversary. The cloud-based architecture of the Falcon platform enables significantly faster incident response and remediation times, especially when it comes to rolling out the capability and realizing immediate value to organizations of any size.
Yes. The Falcon platform can either replace or complement your existing security toolset(s). It has an extensive and secure application programming interface (API) to facilitate frictionless integration with existing toolsets, allowing for the most flexible and efficient approach to meet your organization's needs.
Yes. The Falcon platform supports real-time and retrospective visibility across every endpoint in your organization, no matter where they are located, with threat detection and prevention at every stage in the attack lifecycle.
Yes. In addition to industry-leading endpoint security capabilities and built-in workflows and automation, CrowdStrike’s real-time data-centric approach is an excellent complement for just about any modern IT workflow or initiative. CrowdStrike has numerous partnerships with industry leaders and solution providers, and the Falcon platform helps organizations realize maximum efficiency and value from their own telemetry.

CrowdStrike for Public Sector

 

CrowdStrike for federal government
Protect your most critical workloads with the industry’s
leading cybersecurity platform.
Learn more>  
CrowdStrike for healthcare
Complete and intuitive cybersecurity for healthcare
organizations.
Learn more>
CrowdStrike for state and local government
Cutting-edge cybersecurity for state and
local governments.
Learn more>
CrowdStrike for education
Modern cybersecurity to protect students and staff on and
off campus.
Learn more>