National Cyber Warfare Foundation (NCWF) Forums


CrowdStrike Expands XDR Ecosystem to Give Customers a Data Advantage


0 user ratings
2023-08-20 15:59:37
milo
Blue Team (CND)

 - archive -- 
Cybersecurity is fundamentally a data problem. As adversary techniques continue to mature, organizations still struggle to collect the right data from all their security and IT point products to detect and respond to evolving threats.  CrowdStrike offers a clear data advantage in the cybersecurity market. For the past 12 years, we’ve collected, correlated and analyzed […

Cybersecurity is fundamentally a data problem. As adversary techniques continue to mature, organizations still struggle to collect the right data from all their security and IT point products to detect and respond to evolving threats. 


CrowdStrike offers a clear data advantage in the cybersecurity market. For the past 12 years, we’ve collected, correlated and analyzed trillions of events from thousands of customers around the globe to provide unparalleled threat intelligence and build technology powered by AI. 


As the modern threat landscape evolves, security requires a collaborative approach that combines Falcon and third-party telemetry for unified detection and response. The CrowdStrike extended detection and response (XDR) ecosystem brings together more than 20 best-of-breed partners to help security teams eliminate threats across multiple domains from the unified Falcon platform. 


Today, we’re expanding the CrowdXDR Alliance to help you consolidate threat visibility with the addition of a new alliance partner.


Skyhigh Security Joins the CrowdXDR Alliance


CrowdStrike is pleased to announce that Skyhigh Security has joined the CrowdXDR Alliance. As a leader in security service edge (SSE), Skyhigh Security brings more than a decade of cloud and data security expertise to the CrowdStrike XDR ecosystem.


Through this collaboration, Skyhigh Security’s SSE integrates with CrowdStrike Falcon® Insight XDR to provide comprehensive cross-domain visibility of threats across web, sanctioned cloud apps, email and private apps. Skyhigh Security shares traffic threats with Falcon Insight XDR, providing real-time threat protection against advanced cloud-focused threats. Skyhigh Security applies CrowdStrike Zero Trust Assessment (ZTA) scores to its robust Zero Trust policy enforcement to further secure unauthorized access to private applications.


This latest XDR integration, driven by customer demand, demonstrates our commitment to expanding the CrowdStrike security ecosystem. The addition of Skyhigh Security gives Falcon Insight XDR customers the best in XDR protection.


The Need for an XDR Ecosystem 


The speed and sophistication of today’s adversaries heighten the need for XDR. The CrowdStrike 2023 Global Threat Report found the average breakout time for an eCrime incident — the time between when an attacker gains initial access and when they begin to move laterally — dropped to 84 minutes in 2022. A staggering 71% of attacks detected by CrowdStrike Intelligence did not involve the use of malware.


While attacks continue to gain speed and sophistication, new threat actors are emerging. In 2022, CrowdStrike Intelligence started monitoring 33 new adversaries, bringing the total number of adversaries tracked to over 200. 


To stop breaches, it’s crucial for customers to match and exceed the speed of today’s adversaries. The traditional approach of relying on multiple point solutions from different vendors has led to silos, poor visibility and increased complexity, making it difficult to quickly identify and respond to threats. 


XDR collects threat data from previously siloed security tools across the technology stack for easier and faster threat hunting, investigation and response. Falcon Insight XDR delivers market-leading protection by bringing together security telemetry across endpoints, cloud workloads, network, email and more.


Exploring the Breadth of CrowdStrike XDR Integrations


CrowdStrike works with the broadest XDR ecosystem of vendors to offer data ingestion and response action capabilities. 


The value of data-ingestion vendors lies in their ability to enrich and enhance the CrowdStrike threat intelligence ecosystem. By integrating data from a diverse range of sources, organizations can gain a comprehensive view of their environment, enabling faster and more effective detection, response and mitigation of sophisticated cyber threats. 


CrowdStrike also provides automated response actions through vendor integrations, enabling customers to take swift and effective actions to contain and remediate threats, further strengthening incident response capabilities and minimizing the impact of cyberattacks.


CrowdStrike XDR integrations cover critical security domains, including:  


Security Service Edge (SSE)



  • Cloudflare One data ingestion helps increase visibility and reduce risks by verifying, filtering, inspecting and isolating user traffic from internet threats.

  • Menlo Security data ingestion prevents highly evasive adaptive threats (HEATs) that target web browsers.

  • Netskope data ingestion helps detect and stop web-based threats faster by unifying security data across endpoint and SSE domains.

  • Skyhigh Security data ingestion helps mitigate unauthorized access, data risk and threats, protecting organizations’ data across web, cloud, email, and private apps.

  • Zscaler Internet Access data ingestion funnels relevant security data at scale, providing network and cloud application visibility for accelerated investigations and responses.

  • Zscaler Internet Access response actions allow you to control access to critical information and automate manual tasks.


Network Detection and Response



  • Corelight Zeek-based network data ingestion visualizes seemingly unrelated events to unlock new analytics, investigate faster and disrupt future attacks.

  • ExtraHop Reveal(x) 360 data ingestion enables rapid and precise action for more effective threat detection, investigation and response across IT environments.

  • Vectra® AI-driven Attack Signal Intelligence™ data ingestion enables SOC teams to rapidly detect, prioritize and contain cyberattacks long before they progress and become breaches.


Firewall



  • Cisco Adaptive Security Appliance (ASA) data ingestion helps monitor network threats continuously in real time.

  • Fortinet FortiGate data ingestion leverages firewall logs to enable cross-domain XDR detections and data to perform investigations, write queries and create custom XDR detections.

  • Palo Alto Networks Next-Generation Firewall data ingestion helps proactively and intelligently monitor network security using machine learning.


Identity



  • ForgeRock data ingestion provides cross-domain threat detection for identity-based threats.

  • Okta data ingestion and response unifies security data to enable response actions across endpoint and identity domains.

  • Ping Identity PingOne data ingestion helps log and ingest data from the PingOne Cloud Platform to allow direct action against identity-based threats.


Email Security



  • Cisco Secure Email Gateway data ingestion helps monitor email threats continuously in real time with threat prioritization.

  • Microsoft Graph data ingestion enhances XDR detections with Microsoft Defender for Office 365 email and Azure Active Directory identity data.

  • Mimecast data ingestion brings together email and endpoint security data to enable faster cross-domain threat detection and alerting.

  • Mimecast response actions accelerate response time and enhance accuracy by enabling Mimecast email response actions.

  • Proofpoint data ingestion helps detect and stop targeted email threats faster by unifying security data across endpoint and email domains.


The CrowdStrike Data Advantage


The traditional approach of relying on multiple point solutions from different vendors creates gaps for adversaries to exploit, while driving up cost and complexity — all at a time when the stakes have never been higher for security teams.


Our industry-leading XDR ecosystem continues to expand rapidly, enabling you to consolidate your cybersecurity platform and workflows, and give you a data advantage to protect against modern threats.


Additional Resources




Source: CrowdStrike
Source Link: https://www.crowdstrike.com/blog/expanded-xdr-ecosystem-data-advantage/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Blue Team (CND)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.