TMCnet News

CrowdStrike Launches the Fastest and Largest Cybersecurity Search Engine
[July 25, 2017]

CrowdStrike Launches the Fastest and Largest Cybersecurity Search Engine


CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced that it has significantly expanded the capabilities of the CrowdStrike Falcon® platform by launching CrowdStrike Falcon Search Engine, the fastest and largest search engine for cybersecurity data. Today, CrowdStrike is introducing CrowdStrike Falcon MalQuery, the malware search and intelligence component of the search engine as part of its Summer product release.

With a vision to change the way security research, threat data collection, and intrusion detections and remediations are conducted, CrowdStrike is building the CrowdStrike Falcon Search Engine to be the industry's most comprehensive platform for cyber threat intelligence and threat research. CrowdStrike Falcon's scalable cloud-based architecture makes it the ideal foundation for a cybersecurity search engine.

CrowdStrike has built the largest searchable threat database in the cybersecurity industry, ingesting more than 51 billion security events a day, and indexing more than 700 million files totaling more than 560TB of malware that can be searched in real-time. With this launch, customers can take advantage of the data to significantly speed up and improve their malware research capabilities in the Security Operations Center (SOC).

Key Capabilities of CrowdStrike Falcon MalQuery:

CrowdStrike Falcon MalQuery is available to existing CrowdStrike customers as an additional service and can be purchased as a stand-alone offering by new customers. With this new capability, customers gain the following significant advantages from the CrowdStrike Falcon platform:

  • Speed - CrowdStrike's malware search engine is the fastest in the industry, enabling searching of 560TB of data in mere seconds, which currently takes days or weeks with other systems. This speed delivers a 250x performance increase for malware research without compromising the amount of data being searched. These speed gains are realized for all types of search, including string-based or YARA-based searches.
  • Clarity (News - Alert) - CrowdStrike delivers the ability to search across the largest and most comprehensive searchable database of malware in the industry. The technology gives researchers more complete results by indexing both file metadata as well as the binary contents of the file, and overlaying the results with CrowdStrike Falcon Threat Intelligence. This yields high-fidelity results and empowers the researcher to take informed action based on only the most relevant search results and their related threat intelligence.
  • Protection - CrowdStrike's faster, more accurate results lead to higher quality protection rules for proactive defense against future threats, which enables greater understanding and protection against an attacker's next move. Customers of the CrowdStrike Falcon Endpoint Protection platform can also conduct real-time investigations baed on search results to immediately understand their exposure to threats.
  • Fully Integrated - Through a single console, customers can search CrowdStrike Falcon Intelligence data for indicators, actors and reports with results displayed as a readily consumable, schematized snapshots. Additionally, they can conduct YARA searches with cross correlation to all CrowdStrike Intelligence data.



Moving faster than the adversaries and understanding threats in context are key to gaining the tactical advantage needed to defend organizations from modern-day sophisticated attacks. The reality for security professionals today is that their research tools are simply too slow. It can take hours or days to understand an attack and take protective action. They have to contend with slow queries, disjointed, incomplete data set and too many false positives, making it difficult to understand and thwart threats strategically. Search engines have revolutionized the speed at which we do research in all other aspects of our life and the CrowdStrike Falcon Search Engine does the same for cybersecurity.

At the core of the CrowdStrike Falcon Search Engine is patent-pending indexing technology. This index enables the engine to search across file metadata, the binary contents of the file itself, as well as the threat intelligence related to the file. The CrowdStrike Falcon Search Engine binary index is game-changing for security researchers with the scope of the data it indexes and the speed at which it can be searched, delivering only the most relevant search results in real-time.


The CrowdStrike Falcon® platform enables search over all collected content: endpoint data, intelligence indicators and malware corpus. Its Investigate module allows CrowdStrike Falcon platform customers to search real-time and historical data for their enterprise with zero impact to their endpoints. With this announcement, CrowdStrike is also launching Intel (News - Alert) indicator search that enable rapid consumption of search results without requiring the review of large contextual sources. As a result, for the first time, cybersecurity professionals have a tool that can keep up with rapid change arising from polymorphic malware and rapidly evolving threat variants.

Supporting Quotes:

George Kurtz, CrowdStrike's co-founder and chief executive officer

"Today's threat landscape demands speed and precision - some of the best minds in cybersecurity are hampered by slow search tools and limited data sets. We believe that real-time data access is how cybersecurity professionals can get ahead of modern-day threats, and we've built the fastest AI-enabled platform that makes this possible. With today's launch, we are fundamentally changing the game by empowering threat researchers to outpace the adversary with this solution. CrowdStrike Falcon Search Engine enables the next-gen SOC to be more productive and acts as a powerful force multiplier for security teams."

Robert Westervelt (News - Alert), research manager, IDC

"CrowdStrike is providing an innovative resource that incident responders can use to thoroughly investigate and determine the full extent of potential threats. This comprehensive threat search tool addresses a significant market gap frequently hampering the ability of security teams from rapidly providing adequate protection against emerging threats and targeted attacks. The introduction of the Falcon Search Engine eliminates the blind spots and gives defenders the agility and accuracy required to create well-formed protection rules."

If you are interested in learning more, read a blog about the announcement here. You can register here for a free trial.

About CrowdStrike®

CrowdStrike is the leader in cloud-delivered endpoint protection. The CrowdStrike Falcon® platform offers instant visibility and protection across the enterprise and prevents attacks on endpoints on or off the network. CrowdStrike Falcon deploys in minutes to deliver actionable intelligence and real-time protection from Day One. Falcon seamlessly unifies next-generation AV with best-in-class endpoint detection and response, backed by 24/7 managed hunting. Its cloud infrastructure and single-agent architecture take away complexity and add scalability, manageability, and speed. CrowdStrike Falcon protects customers against all cyber attack types, using sophisticated signatureless artificial intelligence/machine learning and Indicator-of-Attack (IOA) based threat prevention to stop known and unknown threats in real time. Powered by the CrowdStrike Threat Graph™, Falcon instantly correlates 51 billion security events from across the globe to immediately prevent and detect threats.

There's much more to the story of how Falcon has redefined endpoint protection but there's only one thing to remember about CrowdStrike: We stop breaches.

Learn more: https://www.crowdstrike.com/

Follow us: Blog | Twitter

© 2017 CrowdStrike, Inc. All rights reserved. CrowdStrike®, CrowdStrike Falcon®, CrowdStrike Threat Graph™, CrowdStrike Falcon Prevent™, Falcon Prevent™, CrowdStrike Falcon Insight™, Falcon Insight™, CrowdStrike Falcon Discover™, Falcon Discover™, CrowdStrike Falcon Intelligence™, Falcon Intelligence™, CrowdStrike Falcon DNS™, Falcon DNS™, CrowdStrike Falcon OverWatch™, and Falcon OverWatch™ are the trademarks of CrowdStrike, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.


[ Back To TMCnet.com's Homepage ]