Products/Services
product
- What you can do with CrowdStrike
- Each module provided by CrowdStrike
- NGAV(Prevent/USB/FW)
- EDR(Falcon Insight)
- Threat Hunting (OverWatch)
- IT Asset Management (Discover)
- Vulnerability Management (Spotlight)
- Threat Intelligence (Intelligence/Sandbox)
- Identity Protection (ITD/ITP)
- Cloud Security (CNAPP)
- EASM(Surface)
service
Evaluation machine application/FAQ
Application for evaluation machine
- FAQ
CrowdStrike
CrowdStrike
Falcon Prevent
- CrowdStrike's NGAV functionality not only blocks and isolates malicious executables such as malware and ransomware, but also provides behavior-based protection with rich detection logic.
- By using this function, endpoints are protected from known/unknown attacks and malicious attacks regardless of the presence or absence of malware.
- Since it has abundant detection logic, it is possible to perform multi-layered defense on the terminal just by using this function, and it is possible to quickly detect and block the latest attacks. can.
Challenges of traditional antivirus products
Issue 1: Increase in unblockable attacks
Conventional antivirus products can only detect known malware that matches virus patterns (signatures) and cannot protect endpoints from unknown malware.
In addition, fileless attacks that do not use executable files (attacks that use regular OS commands) are increasing year by year.
Such fileless attacks cannot be dealt with by conventional anti-virus products.
Countermeasures against unknown malware and fileless attacks are necessary!
Issue 2. Burden on users
Work is hindered due to the load on the PC due to updating a huge number of pattern files (signatures) and regular scans.
Business impact due to PC load due to regular anti-virus software updates
Reboot required after update
Issue 3: Operator load
Insufficient information necessary for countermeasures and recurrence prevention!
Solve these challenges with Falcon Prevent!
Task ①
Increased unblockable attacks
Increased unblockable attacks
Unknown malware and fileless attacks can be detected by machine learning/AI/behavioral detection
Task ②
User load
User load
Even with real-time log transfer, the transfer volume is about 5 MB per day, and the lightweight agent makes the PC environment comfortable.
Task ③
Load on operator
Load on operator
No need for on-premises servers, no need to update pattern files.
Features of Falcon Prevent
Machine learning and IOA (behavioral) detection and blocking
Prevent can block both malware and fileless because it detects and blocks with two approaches based on machine learning and IOA (that is, behavioral detection).
Also, since blocking is possible even in an offline environment, it works even in situations where the Internet connection is temporarily unavailable.
Machine learning blocked files are quarantined in a secure format. In the unlikely event that a non-malicious file is detected, it can be released or whitelisted from the admin console.
Quarantined files are stored for 30 days, after which they are automatically deleted.
Process tree display allows you to intuitively understand what has happened
Security operation automation (SOAR function)
Workflows can be easily created from the GUI, and operations can be automated.
For example it is possible to
- If a detection with a severity level of "critical" or "high" occurs during the daytime on weekdays, it will be notified by email to the designated address.
- When a detection with a severity of "critical" occurs during weekday nights or on weekends, the target terminal is quarantined and notified to the Teams channel.
Integrated platform
- single console
It is possible to manage all functions on one management screen. - single agent
No additional installation is required even if you purchase additional modules. - Compatible with Windows / Linux / macOS
*Please contact us for compatible versions.
Falcon Device Control
- USB Device Control module
- By using this function, it is possible to visualize and control the USB usage status for terminals on which Falcon is installed.
・Visualization of USB device usage
・Usage control of USB devices - By purchasing additional licenses, it is possible to control bases where USB usage is not governed without the need to install new sensors.
- By using this function, it is possible to visualize and control the USB usage status for terminals on which Falcon is installed.
Solve operational issues such as:
Operational issue ①
- In the first place, we do not currently have governance over USB usage, so we do not know how much it is used.
- Only company-designated USB is used, but system control is not possible. Therefore, it is not possible to visualize whether USB other than company-specified USB is really used.
- Visualize device classes (types) used, manufacturers, and device trends
- The target device class can correspond to many classes including mass storage devices.
- USB devices can be controlled by policy specification (can also be divided into groups)
- Even when blocked by policy, it is possible to check which USB device was used, when and by which device.
- A pop-up message can also be displayed when a blocked USB is plugged in
Visualize USB usage on devices with Falcon installed
USB device control is possible by specifying a policy
(It is also possible to divide into groups)
It is also possible to display a pop-up message when ablockedUSB is plugged in.
Visibility into USB devices and devices blocked by policy
Falcon Firewall Management
Firewall policies defined and updated on the management console can be applied collectively to any group, and by checking the activities to which the policies have been applied, it is possible to consider policy optimization. .
Point 1: Operates by controlling host FW with CrowdStrike Sensor
Point 2: High operational convenience of policy creation/adaptation/update work
Point 3: Confirmation of activity related to FW policy
Inquiry/Document request
In charge of Macnica CrowdStrike Co., Ltd.
- TEL:045-476-2010
- E-mail:crowdstrike_info@macnica.co.jp
Mon-Fri 8:45-17:30