product
- What you can do with CrowdStrike
- Each module provided by CrowdStrike
- NGAV(Prevent/USB/FW)
- EDR(Falcon Insight)
- Threat Hunting (OverWatch)
- IT Asset Management (Discover)
- Vulnerability Management (Spotlight)
- Threat Intelligence (Intelligence/Sandbox)
- Identity Protection (ITD/ITP)
- Cloud Security (CNAPP)
- EASM(Surface)
service
Application for evaluation machine
- FAQ
CrowdStrike
CrowdStrike
Falcon Prevent
- CrowdStrike's NGAV functionality not only blocks and isolates malicious executables such as malware and ransomware, but also provides behavior-based protection with rich detection logic.
- By using this function, endpoints are protected from known/unknown attacks and malicious attacks regardless of the presence or absence of malware.
- Since it has abundant detection logic, it is possible to perform multi-layered defense on the terminal just by using this function, and it is possible to quickly detect and block the latest attacks. can.
Challenges of traditional antivirus products
Issue 1: Increase in unblockable attacks
Conventional antivirus products can only detect known malware that matches virus patterns (signatures) and cannot protect endpoints from unknown malware.
In addition, fileless attacks that do not use executable files (attacks that use regular OS commands) are increasing year by year.
Such fileless attacks cannot be dealt with by conventional anti-virus products.
Issue 2. Burden on users
Issue 3: Operator load
Solve these challenges with Falcon Prevent!
Increased unblockable attacks
User load
Load on operator
Features of Falcon Prevent
Machine learning and IOA (behavioral) detection and blocking
Process tree display allows you to intuitively understand what has happened
Security operation automation (SOAR function)
Workflows can be easily created from the GUI, and operations can be automated.
For example it is possible to
- If a detection with a severity level of "critical" or "high" occurs during the daytime on weekdays, it will be notified by email to the designated address.
- When a detection with a severity of "critical" occurs during weekday nights or on weekends, the target terminal is quarantined and notified to the Teams channel.
Integrated platform
- single console
It is possible to manage all functions on one management screen. - single agent
No additional installation is required even if you purchase additional modules. - Compatible with Windows / Linux / macOS
*Please contact us for compatible versions.
Falcon Device Control
- USB Device Control module
- By using this function, it is possible to visualize and control the USB usage status for terminals on which Falcon is installed.
・Visualization of USB device usage
・Usage control of USB devices - By purchasing additional licenses, it is possible to control bases where USB usage is not governed without the need to install new sensors.
- By using this function, it is possible to visualize and control the USB usage status for terminals on which Falcon is installed.
Solve operational issues such as:
Operational issue ①
- In the first place, we do not currently have governance over USB usage, so we do not know how much it is used.
- Only company-designated USB is used, but system control is not possible. Therefore, it is not possible to visualize whether USB other than company-specified USB is really used.
- Visualize device classes (types) used, manufacturers, and device trends
- The target device class can correspond to many classes including mass storage devices.
- USB devices can be controlled by policy specification (can also be divided into groups)
- Even when blocked by policy, it is possible to check which USB device was used, when and by which device.
- A pop-up message can also be displayed when a blocked USB is plugged in
Visualize USB usage on devices with Falcon installed
USB device control is possible by specifying a policy
(It is also possible to divide into groups)
It is also possible to display a pop-up message when ablockedUSB is plugged in.
Visibility into USB devices and devices blocked by policy
Falcon Firewall Management
Firewall policies defined and updated on the management console can be applied collectively to any group, and by checking the activities to which the policies have been applied, it is possible to consider policy optimization. .
Point 1: Operates by controlling host FW with CrowdStrike Sensor
Point 2: High operational convenience of policy creation/adaptation/update work
Point 3: Confirmation of activity related to FW policy
Inquiry/Document request
In charge of Macnica CrowdStrike Co., Ltd.
- TEL:045-476-2010
- E-mail:crowdstrike_info@macnica.co.jp
Mon-Fri 8:45-17:30