Falcon for Financial Services FAQ
The CrowdStrike® Falcon® platform is the only cloud-delivered solution that unifies IT hygiene, next-generation antivirus (NGAV), endpoint detection and response (EDR), managed threat hunting, threat intelligence, and vulnerability management — all enabled via a single lightweight agent. Using its purpose-built cloud-native architecture, the Falcon platform collects and analyzes close to 100 billion endpoint events per day from millions of agents.
The CrowdStrike Falcon® platform requires zero on-premises equipment and deploys on any endpoint in seconds, with zero reboots or endpoint performance impact. Falcon removes complexity and improves endpoint performance, scaling across your organization’s endpoints — whether on-premises, virtual, or hybrid. The Falcon platform operates on Windows, MacOS, and Linux operating systems.
- Integrated, comprehensive endpoint protection — Falcon is an integrated endpoint protection platform that includes anti-malware, application control, endpoint detection and response (EDR), vulnerability management, device control, and data protection.
- Assist with cyber security regulatory compliance and Risk Management — Falcon supports key financial regulatory compliance requirements. In addition, CrowdStrike proactive services offerings can help organizations prepare for security incidents in advance, with services that can include detailed security playbooks.
- Protects in any environment — The solution sits on the endpoint so protection is ensured regardless of where endpoints are located — on-premises, virtual, hybrid or cloud.
CrowdStrike recognizes how critical regulatory compliance is for financial services organizations. CrowdStrike assists with meeting compliance requirements, so you can be confident of the secure, streamlined and compliant operation of your organization. CrowdStrike supports several key financial compliance mandates including:
- PCI DSS v3.2 — The CrowdStrike Falcon® platform meets all the requirements for No. 5 compliance: “Protect all systems against malware and regularly update antivirus software or programs.” In addition, CrowdStrike Falcon® provides assistance in meeting four additional PCI requirements.
- NIST SP 800-53 Rev 4— The CrowdStrike Falcon® is a suitable solution for addressing the system protection and monitoring controls identified in NIST SP 800-53 Rev. 4. CrowdStrike Falcon® helps organizations with implementing eight separate NIST control families, covering 23 separate controls.
- FFIEC — CrowdStrike Falcon® capabilities in detecting and responding to threats and the associated collection of endpoint activity data, make it a suitable solution for addressing system protection and monitoring controls required for FFIEC compliance. Falcon provides support for achieving five FFIEC objectives — addressing 17 controls within those objectives.
Yes, the EDR and IT hygiene capabilities of the CrowdStrike Falcon® platform provide complete visibility across your endpoint environment, identifying insider threats before they become breaches. The Falcon Insight™ EDR solution monitors and identifies potentially malicious activities, flagging them for your security staff. Insight enables five-second search and network containment capabilities, so internal and external threats can be addressed in real time. Falcon Discover™, CrowdStrike’s IT hygiene solution, provides real-time visibility into who and what are operating on your network. It enables you to stop misuse by insiders or intruders, allowing you to see which users are operating on specific endpoints within your data environment, as well as revealing detailed administrator account usage and password management details.
Yes, CrowdStrike Falcon® can either replace or complement your existing security tools. The Falcon platform has an extensive API offering that allows you to integrate your existing tools with the CrowdStrike Falcon® platform. This enables you to leverage your previous investments and design an approach that best meets your requirements.
Yes, the CrowdStrike Falcon® platform protects against fileless attacks by uniquely combining an array of tools designed to detect and stop fileless attacks that evade traditional defense measures. These defense technologies include the following:
- Indicators of attack (IOAs) that identify and block malicious activity before an attack can execute and inflict damage
- Exploit blocking to stop the execution of fileless attacks via unpatched vulnerabilities
- Proactive managed threat hunting that searches 24/7 to find malicious activities generated as a result of fileless techniques
- Application inventory that discovers unwanted applications running in the environment or vulnerabilities that need patching
CrowdStrike Falcon® blocks known and unknown malware, leveraging machine learning for detection of previously unknown, or zero-day ransomware, along with exploit blocking to stop the execution and spread of ransomware. Indicator of attack (IOA) technology provides behavioral-based prevention that proactively stops attacks before they can be fully implemented. As part of CrowdStrike Services, the ransomware advisory offering helps organizations prepare their critical systems to prevent a ransomware attack, and also assists organizations in dealing with a ransomware attack that has already occurred.
Yes, CrowdStrike’s endpoint detection and response (EDR) solution, Falcon Insight™, lets you see real-time and historical event data on every endpoint in your organization. Insight also flags potentially malicious processes executing in your environment that indicate an attacker may be present. From there, you can immediately contain potential intruders and elevate an incident to the CrowdStrike Services team, if necessary.
As part of the Falcon platform, CrowdStrike’s 24/7 managed hunting service, Falcon OverWatch™, provides a team of highly skilled security experts who proactively hunt for malicious activities and applications within your data environment. You can also get assistance from the CrowdStrike Services team of experienced security consultants. They can increase your organization’s security resiliency with assessments, red team/blue team penetration tests and the development or maturing of your incident response plan, ensuring that you’re always ready to defend against the next attack.
Yes, gaps in knowledge and expertise are present in many financial services organizations. The CrowdStrike Falcon® platform enhances your security expertise with a 24x7 managed threat hunting team enabled by the powerful, lightweight Falcon agent. This team identifies and stops new and emerging threats, providing total security around the clock. In addition, CrowdStrike Services can augment in-house IT staff with experts who have a track record of success in proactive planning, using risk assessments. A CrowdStrike compromise assessment will identify if an adversary has already breached your organization’s security defenses and quickly identify and eject the attacker. The cybersecurity maturity assessment examines your organization’s people, processes and tools to identify any gaps in your organization’s security apparatus so they can be addressed.
Yes, in addition to offering API integration with existing security investments, CrowdStrike customers can use Falcon SIEM connector to transfer Falcon data into any SIEM. This offers an effective, simple and reliable way to gather security event from your endpoints. In addition, it automates data gathering and puts data into formats that are immediately usable.
