Falcon Insight (XDR)

• Create a cohesive, more effective cybersecurity ecosystem: Surface actionable insights by combining previously siloed data into one single source of security truth — a central repository for cross-domain telemetry.
• Gather, aggregate and normalize threat data with ease: Purpose-built XDR integrations and a common data schema combine to funnel cross-domain security data at massive scale, ensuring security teams have the visibility they need across their environment.
• Deep, native telemetry: CrowdStrike Falcon® platform domains: EDR, cloud, identity, mobile and more.
• Break down vendor silos Third-party integrations across key security domains from CrowdXDR Alliance partners and industry-leading vendors.

• Surface attacks missed by siloed approaches: Detect stealthy cross-domain attacks when the world’s richest threat intelligence, advanced analytics and artificial intelligence are working across your diverse ecosystem. Out-of-the-box and custom detection capabilities give you the power and flexibility you need.
• Investigate cross-domain threats like never before: Pivot from both CrowdStrike-generated and custom detections to a graph explorer, viewing the entire cross-domain attack path and rich context, for quick understanding and confident response.
• Streamline triage and investigation: Prioritized alerts, rich context, and detailed detection information mapped to the MITRE ATT&CK framework help analysts quickly understand and act on threats. The intuitive Falcon console lets you quickly tailor views, filter and pivot across data sets with ease.

• Respond decisively: Detailed attack information and context – from impacted hosts and users to root cause, indicators and timelines – guide remediation. Powerful response actions allow you to eradicate threats with surgical precision.
• Take action across the ecosystem: Trigger response actions across Falcon protected hosts and third-party products. One unified command console empowers analysts — from containing a host under attack to automatically enforcing more restrictive user access policies based on detection criticality through third-party solutions.
• Orchestrate and automate workflows: CrowdStrike Falcon® Fusion streamlines tasks – from notifications and repetitive tasks to complex workflows – dramatically improving the efficiency of your SOC teams.

Extend XDR further with purpose-built integrations and a universal XDR language for data sharing designed with industry-leading security and IT partners.

XDR brings together data from isolated security solutions so they can work together to improve threat visibility and reduce the time it takes to detect and respond to an attack. XDR enables advanced forensic investigation and threat hunting across multiple domains from a single console.

Here’s a simple step-by-step explanation of how XDR works:

• Step 1. Transfer: Transfer and normalize data volumes from endpoints, cloud workloads, identity, email, network traffic, virtual containers, and more.
• Step 2. Detection: Analyze and correlate data to automatically detect hidden threats using advanced artificial intelligence (AI) and machine learning (ML).
• Step 3. Respond: Prioritize threat data by severity so threat investigators can quickly analyze and triage new events and automate investigations and responses.