SIEM, Cloud Security, RSAC

CrowdStrike Channels Growth With SIEM, CloudSec Updates

Credit: Adobe Stock Images

CrowdStrike rolled out product releases, partnership announcements and technology integrations coinciding with RSA Conference in San Francisco last week.

Among them is the launch of new CrowdStrike Falcon Next-Gen SIEM innovations, which the Austin, Texas-based company says is intended to “liberate customers from the constraints of legacy SIEM products and power the AI-Native SOC.”

To accelerate SOC transformation, all Falcon Insight customers will receive 10 gigabytes of third-party data ingest per day at no additional cost.

CrowdStrike said that to give security teams the speed they need to stop breaches, the modern SOC requires a platform that converges data, security and IT with AI and workflow automation built natively within. Now, with Falcon Next-Gen SIEM innovations, CrowdStrike said it intends to “set the standard for the next generation of SIEM, engineered to power the AI-native SOC.”

“The speed of today’s cyberattacks requires security teams to rapidly analyze massive amounts of data to detect, investigate and respond to threats faster,” said George Kurtz, CEO and co-founder of CrowdStrike. “This is the failed promise of SIEM. Customers are hungry for better technology that delivers instant time-to-value and increased functionality at a lower total cost of ownership.”

Kurtz noted that the vast majority of the critical security data is already contained in the Falcon platform, saving the time and cost of data transfer to a legacy SIEM.

“Our single-agent, single platform architecture unifies native and third-party data with AI and workflow automation to deliver on the promise of the AI-native SOC,” he said.

CrowdStrike’s Extensive Falcon SIEM Integrations

CrowdStrike also announced this week that Falcon Next-Gen SIEM now supports the largest ecosystem of ISV data sources of any pure-play cybersecurity vendor. As such, data from Amazon Web Services (AWS), Cloudflare, ExtraHop, Zscaler, Dragos, 1Password, Netskope, Vectra AI, Deepwatch, NinjaOne, Sevco Security and more than 500 security and IT leaders can be seamlessly integrated with Falcon platform data, threat intelligence, AI and workflow automation to power the AI-native SOC.

"As attack surfaces multiply and adversaries leverage more evasive methods, SOC teams are burdened by an increasing volume of alerts, causing greater workloads and, ultimately, risking burnout,”  said Hitesh Sheth, founder and CEO of Vectra AI. “To keep pace, they require the most accurate attack signal, and AI-driven detection, investigation and automation is the only answer."

CrowdStrike has also announced expanded partnerships and alliances with global system integrators, MSSPs and MSPs to power SIEM services transformation with Falcon Next-Gen SIEM. CrowdStrike notes that new partners and alliances include Deloitte, Ernst & Young LLP, HCLTech and Tata Consultancy Services (TCS).

Cloud Security Innovations

Another announcement at RSA comes on the cloud security front, as CrowdStrike has launched new cloud detection and response (CDR) innovations. The company has taken steps to unify managed threat hunting with deep visibility across cloud, identity and endpoints to speed detection and response across every stage of a cloud attack. Beginning with Microsoft Azure, new CDR innovations expand visibility into cloud control plane activity, strengthening existing threat hunting for cloud runtime environments, according to CrowdStrike.

“Stopping cloud breaches requires rapid detection and response, but too often cloud SecOps teams are forced to manage multiple platforms and point products to get the visibility they need across their cloud infrastructure,” explained CrowdStrike President Michael Sentonas. “The combination of CrowdStrike’s industry-leading cloud threat hunting services and comprehensive CNAPP provides a powerful force multiplier for Cloud SecOps teams to consolidate tools, close gaps in visibility and deliver the security outcome that matters most – stopping the breach.”

CrowdStrike has also announced the general availability of Falcon Application Security Posture Management (ASPM) as an integrated part of Falcon Cloud Security.

“The complexity of cloud environments and rapid pace of change creates misconfigurations and vulnerabilities that adversaries increasingly exploit,” said Karan Gupta, CrowdStrike’s head of engineering. “Disjointed point products and fragmented platforms create gaps in security defenses that can lead to a breach. With the integration of Falcon ASPM with Falcon Cloud Security, we’re providing one platform that provides comprehensive risk visibility and workload protection across the entire cloud estate.”

Jim Masters

Jim Masters is Managing Editor of MSSP Alert, and holds a B.A. degree in Journalism from Northern Illinois University. His career has spanned governmental and investigative reporting for daily newspapers in the Northwest Indiana Region and 16 years in a global internal communications role for a Fortune 500 professional services company. Additionally, he is co-owner of the Lake County Corn Dogs minor league baseball franchise, located in Crown Point, Indiana. In his spare time, he enjoys writing and recording his own music, oil painting, biking, volleyball, golf and cheering on the Corn Dogs.