SOC, Content, Endpoint/Device Security

CrowdStrike Falcon Enhances SOC Security Workflow Automation

CrowdStrike has upgraded its Falcon platform to further assist Security Operations Center (SOC) teams. The ambitious goal: Ensure SOC security analysts can meet the 1-10-60 rule -- essentially, one minute for security teams to detect an attack; 10 minutes to understand it; and 60 minutes to contain it.

With those goals in mind, CrowdStrike says Falcon now features:

  • New notification workflows and Real Time Response (RTR) capabilities that help SOCs to streamline incident response.
  • User interface enhancements designed to help analysts visualize the relationship between detections and incidents. Customers can view, assign, and update the status of and comment on related detections, CrowdStrike says.

Moreover, customers can leverage the CrowdStrike Store to deploy automated security, response and vulnerability remediation playbooks from partners, the company adds.

CrowdStrike: MSP and MSSP Partner Strategy

CrowdStrike did not specifically mention whether the new Falcon enhancements are designed for MSP and MSSP (managed security services provider) partners.

CrowdStrike itself is software company that offers managed endpoint security and managed threat hunting services. Meanwhile, dozens of cybersecurity and MSSP companies now offer SOC as a Service capabilities to MSPs and channel partners.

Still, the CrowdStrike Partner Program includes a service provider focus for MSPs, MSSPs, MDR companies and consulting firms. Moreover, most of CrowdStrike's customer wins are partner-led deals, CEO CEO George Kurtz told Wall Street analysts during a December 2020 earnings call.

CrowdStrike Falcon Enhancements: Executive Perspective

Patrick McCormack, SVP, cloud engineering, CrowdStrike
Patrick McCormack, SVP, cloud engineering, CrowdStrike

In a prepared statement about the CrowdStrike Falcon enhancements, Patrick McCormack, senior vice president of cloud engineering, said:

“Security teams today are overwhelmed by the expanded attack volume, disparate alert notifications and complex security workflows. CrowdStrike has always focused on improving the efficacy and speed of security operations. These new capabilities enable teams to orient more quickly to the detections and incidents that matter and to handle known situations with automation, reducing workload overhead and alert fatigue. The right teams now get the right information via the right tools with less distractions for faster and more focused triage and response.”

Meanwhile, CrowdStrike has been in rapid growth mode -- expanding organically and via acquisition. Recent deals include buying Humio for cloud log management and XDR capabilities; and Preept Security for Zero Trust security capabilities. CrowdStrike is expected to announce Q4 fiscal year 2021 earnings on March 16, 2021.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.