Summary

• What you'll learn by reading this article
  • Why do you need endpoint security?
  • What makes CrowdStrike different from other endpoint security products?

Hello! This is CrowdStrike Product Sales.

This article is for those who want to know more about endpoint security, and covers the following two points:

• Why do we need endpoint security?
• What makes CrowdStrike different from other endpoint security products?

We are also planning to publish a separate "I tried it out" article from our technical staff, so we hope you will take a look at that as well.

The Need for Endpoint Security

Now, when we think again about the need for endpoint security, there are two main factors. The first is the change in the security environment, and the second is the characteristics of endpoints.

• Changing security environment
  With the spread of teleworking and cloud services, it has become common to work outside the company network. This has undermined the traditional assumption that "inside = safe," making endpoints such as PCs themselves more likely to become entry points for attacks.
• Endpoint Characteristics
  For example, a PC is a place where a user directly operates it, and is the place where there is a high possibility of it being attacked first via email attachments, the web, etc. Moreover, because it is often carried around and moves around the network, it is difficult to provide centralized protection, and defenses must be strengthened individually.

This is why endpoint security is necessary.
So what kind of functionality is required? Let's break it down into four main points.

• Protection (Prevention)
  The first thing to do is to prevent attacks from happening in the first place. You need features that can proactively block viruses and malware and prevent dangerous websites and emails from being opened.
  Like conventional antivirus software, the basic approach is to defend against pre-registered "known threats (virus patterns)," but this is no longer sufficient. This is because recent attacks have been rapidly evolving, with new viruses and attacks that look like normal files (fileless attacks) on the rise.
  For this reason, recent products are now using AI and machine learning to predict and block even "unknown attacks."
• Finding (detection)
  Since it is realistically difficult to completely prevent attacks, it is important to be able to "immediately notice" when something abnormal occurs. This function is called "detection."
  For example, if you can quickly detect "unusual behavior" such as the operation of a suspicious program or an internal PC communicating abnormally with the outside world, you can respond before the damage spreads.
  For this reason, endpoint security requires "behavior monitoring (behavior detection)," "real-time notification functions," and "visualization functions that allow you to immediately see what happened and where."
• Response
  If you notice an attack, it is important to stop it immediately. For example, functions that automatically disconnect infected PCs from the network and stop the execution of suspicious programs can help minimize damage.
  Furthermore, it would be ideal to have the ability to accurately record and analyze endpoint information in order to investigate "what happened on which device" and "why it happened" and develop measures to prevent recurrence.
• Easy to operate
  Security solutions do not end once they are installed; they must be used continuously. Therefore, it is important that they are as easy to manage as possible and that the burden on the person in charge is reduced.
  For example, if the product is cloud-based and can be managed from anywhere, and is automatically updated with the latest information, even a small IT team can operate it with peace of mind.

What CrowdStrike can solve

The CrowdStrike we handle is an endpoint security solution that covers the points mentioned above and can provide powerful protection for customers' devices from attackers.

Specifically, it has "NGAV" as a pre-intrusion measure to protect against attacks, "EDR" to find and respond to attacks, and "threat hunting" to monitor more advanced attacks using professional human eyes, so you can use it with peace of mind. Also, from an operational standpoint, Macnica offers an operational monitoring service, as well as CrowdStrike's "Falcon Complete" monitoring service, which can be used according to customer needs.

In preparation for actual use, I would like to touch on the functionality as well. This is a common feature of NGAV and EDR, but CrowdStrike displays the sequence of an attack in a process tree, allowing you to intuitively understand what happened. This allows operators to investigate more efficiently, and also shortens the time it takes to respond to an incident.

Another key point is that it comes with a free SOAR function (Falcon Fusion). This allows you to easily create workflows from the GUI, making it possible to automate your security operations. For example, if a "critical" severity level is detected during weekday nights or on weekends, the target device can be isolated and a notification can be sent to a Teams channel. By utilizing automation tailored to your company's structure, you can reduce the operational burden and operate with limited man-hours.

We will also consider expanding the scope of use in the future. When considering cybersecurity these days, there are countless areas and points to consider, but introducing separate products each time is one of the issues that arise from an operational perspective.

CrowdStrike has the scalability to handle a wide range of security areas with one agent and one console, focusing on the endpoint security we are introducing, which is one of the points to consider when selecting a product. More information will be released in a separate article in the future, so please look forward to it.

Summary

• Endpoint security is now an essential measure due to changes in work styles and the characteristics of devices.
• CrowdStrike provides high functionality in all areas of prevention, detection, response, and operation, and is particularly strong in its intuitive visualization and automation capabilities.
• It is also scalable, allowing a wide range of security needs to be handled with a single agent, and can be flexibly adapted for future use.