Managed Security Services

CrowdStrike Brings GenAI Incident Investigation, XDR to Falcon Platform


CrowdStrike has announced a new Falcon Raptor release with generative-AI powered incident investigation and extended detection and response (XDR) features.

The Raptor release can work at "petabyte scale" with faster data collection, search, and storage, according to CrowdStrike. CrowdStrike debuted the release at the Fal.Con show in Las Vegas and said Raptor can keep up with generative AI-powered cybersecurity innovations and stay ahead of sophisticated cyber attackers.

Crowdstrike also announced the acquisition of application security company Bionic during its Fal.Con event in Las Vegas.

What Crowdstrike Falcon Raptor Includes

CrowdStrike is rolling out the platform to current customers over the next year with initial upgrades starting in late September 2023. Here's what Raptor includes:

  • Charlotte AI Investigator, CrowdStrike’s generative AI cybersecurity analyst, which automatically correlates related context into a single incident and generates an LLM-powered incident summary for understanding by security analysts of all skill levels.
  • All CrowdStrike EDR customers now get native XDR to accelerate investigations with comprehensive endpoint, identity, cloud, and data protection telemetry from across the CrowdStrike platform.
  • A re-imagined and fast user experience for EDR/XDR, designed around incidents, not standalone alerts.
  • Work incidents in real-time with security analysts from any location, at any time, from a unified source of truth.
  • Search across massive volumes of data with sub-second latency to rapidly find and eradicate adversaries and risks.

Falcon Foundry No-Code App Dev Platform

CrowdStrike also introduced Falcon Foundry, a no-code application development platform, that enables users to create their own custom applications in order to solve security and IT challenges.

Falcon Foundry capabilities and benefits include:

  • Users are guided through the process to build an app with step-by-step instructions and a drag-and-drop visual application studio.
  • Apps have full access to data and threat intelligence from across the CrowdStrike Falcon platform, including third-party telemetry stored in Falcon LogScale Next-Gen SIEM. Users can bring in and store additional third-party data via APIs and other sources.
  • Falcon Fusion, the platform’s native Security Orchestration, Automation and Response (SOAR) framework, and Falcon Real Time Response (RTR) scripts work together to define automated workflows and execute a fast response on endpoints and beyond.

CrowdStrike Enhances Falcon Platform for Data Protection, Exposure Management and IT Automation

Additionally, CrowdStrike introduced three enhancements to its Falcon platform that home in on data protection, exposure management and IT automation. Also announced was the FalconFlex licensing program.

CrowdStrike Falcon Data Protection:

  • Consolidates legacy data loss prevention point products on the Falcon platform, with one agent for data protection and endpoint security.
  • Extends EDR/XDR from initial compromise through data exfiltration, with unified visibility across endpoints and data in a single console and workflow.
  • Stops data theft with dynamic data protection policies that automatically follow content.

CrowdStrike Falcon Exposure Management:

  • Reduces risk with complete visibility into every asset and real-time assessment into potential exposures.
  • View and manage third party vulnerabilities in the same platform and workflow as natively identified vulnerabilities.
  • Automatically visualize all potential adversary intrusion paths, including lateral movement.
  • Assess critical configuration settings with Secure Configuration Assessment (SCA) to demonstrate compliance posture against CIS benchmarks.
  • Automate closed-loop remediation through native integration with EDR, Real-Time Response, and Falcon Fusion.

CrowdStrike Falcon for IT:

  • Automates IT and security workflows in an end-to-end, visibility-to-action lifecycle.
  • Drives queries and actions directly from plain language generative AI prompts with Charlotte AI.
  • Searches all system-related events, state and performance data using a simple query interface and intuitive dashboards.
  • Continuously monitors the state of CrowdStrike managed endpoints.
  • Automates remediation directly on endpoints to rapidly fix issues.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.