SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
CrowdStrike adds variety of new tools
Fri, 28th Feb 2020
FYI, this story is more than a year old

CrowdStrike is launching a developer portal, has new features available to partners in its store, and has improved its integration with Service Now.

For technology alliance partners, CrowdStrike Store partners, and developers, CrowdStrike is launching the CrowdStrike Developer Portal.

The portal provides an onboarding experience for partners using CrowdStrike's APIs to build new store apps and integrations on the cloud-scale telemetry of the CrowdStrike Falcon platform.

The Developer Portal provides a low-friction method for partners to engage with CrowdStrike while developing applications.

It includes documentation, use cases and tutorials to guide the development of apps that help solve different security issues.

The two latest partners launching in the CrowdStrike Store, SafeGuard Cyber and Hunters.AI, focus on digital risk protection and advanced threat hunting respectively.

  • The SafeGuard Cyber Digital Risk Protection app works with CrowdStrike's Falcon platform to extend visibility into threat activities occurring on protected accounts across social, mobile and collaboration channels, such as LinkedIn, WhatsApp, or Slack.
    It utilises Falcon Threat Intelligence APIs to evaluate Indicators of Compromise (IOCs) against known and unknown threats and provides coordinated response across both virtual and physical endpoints. The SafeGuard Cyber Digital Risk Protection app improves the security posture of an organisation by providing a more comprehensive view in the Falcon platform, including the extent of a threat within the network and digital assets, and by extending digital risk protection to apps on unmanaged devices.
     
  • Hunters.AI autonomous threat hunting detects attacks that bypass existing controls, in every environment. It leverages endpoint telemetry collected by the Falcon platform to interconnect with a wide array of environments and data sources, such as AWS Cloudtrail logs, and others.
    Hunters.AI enriches threat signals with its TTP-based attack intelligence as well as Falcon threat intelligence feeds and intelligently correlates them across environments, proactively hunts for attack patterns, and reveals multi-stage attacks.
    Hunters.AI provides high fidelity attack stories that include attack details by timeline and a business summary.

The Service Now integration with the Falcon Spotlight App for Security Operations means that users now have the ability to integrate real-time endpoint vulnerability data and patch validation with prioritisation and response workflows provided by ServiceNow.

The app provides scanless and near real-time identification of endpoint vulnerabilities, as well as verification of patched vulnerabilities with enhanced reporting and visualisation.

By bringing the data from Falcon Spotlight into Vulnerability Response, IT and security teams can operationalise and streamline the management, prioritization and remediation of critical vulnerabilities, minimising risk of cyber threats, such as data breaches and service disruption.

Benefits of CrowdStrike's Falcon Spotlight App for Security Operations for ServiceNow include:

  • Comprehensive Visibility: Get comprehensive, near real-time and historical visibility into endpoint vulnerabilities to prioritise potential high-impact exposure for remediation.
     
  • Operational Efficiency: By automatically sending vulnerability findings to ServiceNow automated workflows can quickly activate prioritisation, grouping, assignment, and response workflows in ServiceNow Vulnerability Response. Vulnerable items are closed by the integrated solution once they are no longer detected, replacing manual and prolonged tracking.
     
  • Reduced Exposure: By driving prioritisation and remediation tasks like vulnerability patching or network segmentation, the integration helps close the window of exposure to breaches and service disruption.
     
  • Customised Reporting and Dashboards: Using endpoint vulnerability data reported by the CrowdStrike Spotlight App, customers can build customised dashboards and centralised reporting to search, filter, drill down, and understand vulnerability response workflows and track vulnerability remediation in real-time.