Security Program Controls/Technologies, Channel partners, Content, Endpoint/Device Security

CrowdStrike Fal.Con 2021: Eight XDR, SOAR Security Takeaways for MSSPs

CrowdStrike, the endpoint detection and response (EDR) platform provider, unveiled new customer offerings and partnerships during its 2021 Fal.Con virtual cybersecurity conference.

Much of the effort focused on XDR (eXtended Detection and Response), which may provide MSSPs with an integrated way to manage endpoint, network, cloud and other types of security. Here are some of the biggest Fal.Con announcements thus far.

1. Humio Community Edition: This is a free streaming observability service. Humio Community Edition enables users to ingest 16 GB of data per day and retain this information for up to seven days. In addition, users can ingest and use Falcon Data Replicator (FDR) data within Humio Community Edition to stream data at scale. This helps users prevent, recover from and understand the root cause of security incidents, CrowdStrike noted.

2. Falcon XDR: Thew new Falcon XDR module delivers real-time threat detection and automated response, the company said. The module also offers shared telemetry to help security teams identify, contain and remediate cyberattacks, CrowdStrike asserted.

3. CrowdXDR Alliance: The partner ecosystem seeks to establish a common XDR language for data sharing between security tools and processes. Launch partners include:

  • Claroty
  • Corelight
  • Extrahop
  • Google Cloud
  • Mimecast
  • Netskope
  • Proofpoint
  • Okta
  • ServiceNow
  • Zscaler

CrowdXDR Alliance partners will ensure that EDR data is enriched with relevant, vendor-specific security telemetry to extend detection and response, CrowdStrike asserted.

4. Falcon Fusion: CrowdStrike now offers the Falcon Fusion security orchestration, automation and response (SOAR) framework for free to Falcon Prevent and Falcon Insight customers.

5. Falcon FileVantage: CrowdStrike has released the Falcon FileVantage solution, which offers visibility on file, folder and registry changes. The service helps users to monitor files and systems, and identify malicious changes in databases in real time, CrowdStrike stated.

6. ExPRT.AI for Falcon Spotlight: This is an Exploit Prediction Rating for Falcon Spotlight. The result: ExPRT.AI helps users determine which threats pose the biggest risks for their organization and prioritize vulnerabilities, CrowdStrike noted.

7. Falcon Cloud Workload Protection (CWP) Complete: Falcon CWP Complete offers security management, threat hunting, monitoring and response for cloud workloads, CrowdStrike stated. It is backed by CrowdStrike's Breach Prevention Warranty and provides managed detection and response (MDR) for cloud workloads and containers.

8. UiPath Partnership: CrowdStrike has partnered with automation software company UiPath to extend endpoint security to robotic process automation, the businesses said. The partnership comes after announced a UiPath integration in October 2021.

Fal.Con 2021 runs until October 14.

XDR Market Competition Intensifies

CrowdStrike remains a major security software company in the EDR (endpoint detection and response) market. But the XDR market is now packed with established and aspiring software companies that are seeking to gage MSPs and MSSPs.

Among the XDR questions MSSPs should keep in mind, according to MSSP Alert:

1. Is the XDR service managed or unmanaged?: In theory, a managed XDR service lowers the workload for MSPs and MSSPs. Generally speaking, an unmanaged XDR service pushes some more work out to MSPs, MSSPs and their SOC analyst teams. Of course, the actual “managed” experience may vary significantly from one managed XDR service to the next.

2. Who truly owns the threat response?: If a managed XDR service uncovers a problem at a customer site, who is responsible for tackling the actual response to that threat:

  • The XDR software company?
  • The MSSP?
  • The end-customer?
  • Somebody else?
  • All of the above?

The answer may vary on a threat-by-threat basis, but MSSPs need to truly understand the ownership and escalation process for the R in XDR.

3. Is the XDR service open?: Some XDR services are designed to work with a specific vendor’s endpoint, network and cloud services. Other “open” XDR services are designed to work with third-party security tools that MSSPs and customers may already have in place. Carefully weigh single-vendor solutions to see if they’re truly “best of breed.” On the flip-side, carefully weigh open XDR solutions to see if they’re truly open to third-party tools that you may already have in place.

4. Is the XDR service multi-tenant?: If so, find out if it was multi-tenant since inception. Sometimes, vendors develop software for corporate IT departments and only later add multi-tenancy for MSSP and MSP consumption. Software companies that are obsessed with MSPs and MSSPs will design their software with multi-tenancy capabilities from the start.

Admittedly, the list above is just a starting point for MSPs and MSSPs. And despite all the competition, Wall Street seems upbeat about CrowdStrike's XDR business prospects. The company's stock rose 7 percent amid all the product launches, Bloomberg Radio noted.

Additional insights from Joe Panettieri.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.