TMCnet News

CrowdStrike Launches Falcon Connect With Expanded APIs as Part of Falcon Platform Spring Release
[May 25, 2016]

CrowdStrike Launches Falcon Connect With Expanded APIs as Part of Falcon Platform Spring Release


CrowdStrike Inc., a leader in cloud-delivered next-generation endpoint protection, threat intelligence and response services, today announced the addition of a broad set of sophisticated and easy-to-use APIs to the CrowdStrike Falcon™ Platform, along with new development and integration resources, as part of its Spring release of new solutions and services. The Spring release also includes the unveiling of CrowdStrike Falcon Orchestrator and next-generation antivirus with new ransomware protection capabilities. For the platform expansion, CrowdStrike is continuing its role as the first company to deliver cloud-driven endpoint protection and is releasing a set of updated and enriched APIs via CrowdStrike Falcon Connect. In addition, with the CrowdStrike Falcon SIEM Connector, customers and partners can maximize existing investments with their current network infrastructure by using existing SIEM tools.

As part of the expanded and updated suite of APIs, the CrowdStrike Threat Graph™ API allows security professionals to visualize the contents of the CrowdStrike Threat Graph in Paterva's Maltego and other security data visualization tools. The Threat Graph API enables unprecedented investigation, response and proactive hunting capabilities for partners and customers. Customers can access the wisdom of the CrowdStrike cloud to stop an attack while it is happening, as opposed to only analyzing information afterwards during forensics.

News Highlights:

  • CrowdStrike provides an updated set of APIs allowing customers an expanded use of the Falcon platform, including:
    • CrowdStrike Threat Graph API (new) -- enables customers to dynamically explore the cloud-based Threat Graph database containing all execution events and context observed by Falcon endpoint sensors
    • CrowdStrike Falcon Respond API (new) -- provides functionality to manage detection resolution and take remediation actions
    • CrowdStrike Falcon Management API -- focuses on ingestion and management of IOCs within the Falcon platform for real-time detections and search
    • CrowdStrike Falcon Streaming API -- streams a real-time feed of detections and prevention actions taken by Falcon platform across customers' environment for consumption by SIEMs and Threat Intelligence Platforms
    • CrowdStrike Falcon Intel (News - Alert) API -- makes CrowdStrike's intelligence available as Indicator of Compromise (IOC) feeds that can be consumed by a wide range of security products in order to enhance their effectiveness
  • CrowdStrike Falcon Connect provides a comprehensive suite of interactiv features, feeds, and open development resources, creating a fast, simple and reliable way to optimize the collection of relevant security events across a network's endpoints. This enables the CrowdStrike ecosystem of partners and customers to multiply the effectiveness of security tools, realize direct cost savings, and build out cohesive threat prevention strategies. Each customer has full API access from within their respective portal and CrowdStrike partners receive access once they join the Elevate Partner Program.
  • CrowdStrike Falcon SIEM Connector streamlines and automates the process of gathering CrowdStrike Falcon Host data into Security Information and Event Management (SIEMs), unlocking the value of our customers' existing security solutions and investments. Leveraging the Elevate Partner Program, CrowdStrike works with a large ecosystem of third-party providers to make native integration with SIEM systems and security products fast and seamless. CrowdStrike's SIEM Connector works with all SIEMS, including HP Arcsight, IBM QRadar, and Intel Security (News - Alert) SIEM.



Supporting Quotes:

George Kurtz, CrowdStrike's co-founder and chief executive officer:


"At CrowdStrike, we follow an API-first strategy which drives immediate benefits for our customers by relieving them of the added cost or complexity of integration with existing security solutions," said George Kurtz, CrowdStrike's co-founder and chief executive officer. "Our goal with offering development, application, and SIEM integration resources is to simplify the process of adapting internal security tools and infrastructure, saving customers and partners valuable time and budget for maintaining the dynamic security posture they need amidst today's cyber security landscape. Because of our API-driven approach, Falcon platform continues to set the standard in delivering a comprehensive breach prevention that allows customers to protect themselves against sophisticated malware and malware free attacks."

Mark Seward, vice president of Security Solutions, Anomali:

"Interoperability between Anomali's products and CrowdStrike's products is best accomplished with a robust set of APIs," said Mark Seward, vice president of Security Solutions. "This means higher quality data with less false-positives supporting better security processes and faster response times. The goal is to allow the end user to drive security decision-making with threat intelligence. That starts with having open bi-directional APIs that allow you to simply and easily operationalize the data for cross-security team response. Our partnership with CrowdStrike means Anomali's customers have access to high quality threat intelligence, access to data from their Falcon Host deployment and the ability to manage this data in either Anomali Enterprise or the Falcon platform to help stop breaches."

Jeremy Carlson, senior director of Business Development, Cyphort:

"Cyphort has always believed that companies need to take a layered approach to security and CrowdStrike has been strategic in building out its endpoint protection product to provide a solution that integrates threat intelligence, detection and prevention, and management of alerts into one open platform," said Jeremy Carlson, senior director of Business Development at Cyphort. "In particular, CrowdStrike's Threat Graph API offers a wealth of information that customers and partners need for stopping breaches as they are happening as opposed to just collecting information for the next attack. With the combination of endpoint and network protection, Cyphort and CrowdStrike provide companies the flexibility and agility to stay on top of the latest trends and deploy the measures needed to combat rapidly evolving threats."

Supporting Content Resources:

  • Blog by CrowdStrike CEO George Kurtz on the Spring Product Launch
  • Blog by Amol Kulkarni, CrowdStrike VP of Engineering, on details of Platform Expansion

About CrowdStrike

CrowdStrike is the leader in next-generation endpoint protection, threat intelligence and response services. CrowdStrike's core technology, the CrowdStrike Falcon™ platform, stops breaches by preventing and responding to all types of attacks - both malware and malware-free. CrowdStrike has revolutionized endpoint protection by combining three crucial elements: next-generation antivirus, endpoint detection and response (EDR), and a 24/7 managed hunting service - all powered by intelligence and uniquely delivered via the cloud in a single integrated solution. CrowdStrike Falcon™ uses the patent-pending CrowdStrike Threat Graph™ to analyze and correlate billions of events in real time, providing complete protection and five-second visibility across all endpoints. Many of the world's largest organizations already put their trust in CrowdStrike, including three of the 10 largest global companies by revenue, five of the 10 largest financial institutions, three of the top 10 health care providers, and three of the top 10 energy companies. CrowdStrike Falcon is currently deployed in more than 170 countries.

We Stop Breaches. Learn more: www.crowdstrike.com

Follow us: Blog | Twitter


[ Back To TMCnet.com's Homepage ]