All news with #crowdstrike falcon tag

🔍 An IDC Business Value study shows organizations that standardized on the CrowdStrike Falcon platform realized a 441% return on investment over three years, with average payback in four months. Interviewed customers reported replacing five tools on average, reducing false positives by 86% (from 33% to 5%), and improving security operations efficiency by 44% after consolidating telemetry and workflows on the unified platform. The study attributes these gains to automated triage, AI-assisted investigation, and reduced alert noise, which together lower operational burden and accelerate response.

🔍 The Falcon macOS sensor (v7.29+) delivers Enhanced Network Visibility, an opt-in capability that augments process telemetry with protocol and TLS-inspection attributes. It parses plaintext HTTP, extracts TLS Client Hello details including JA4 fingerprints, and identifies application protocols across ports while minimizing impact via Apple content filter APIs. New Next‑Gen SIEM events (HttpRequest, HttpResponse, TlsClientHello, AppProtocolDetected) expose the telemetry for detection and hunting workflows, and the feature can be enabled from Mac Prevention Policies in the Falcon UI.

🔒 Falcon for XIoT now extends asset protection to medical devices and clinical systems, adding native visibility for protocols such as DICOM and HL7. The cloud-native Falcon sensor, available in beta, monitors device behavior and protocol communications to detect anomalies and block malicious actions before they affect patient care. It integrates device telemetry, AI-driven analytics, and CrowdStrike Exposure Management so security teams can discover legacy or unsupported assets, prioritize high-risk devices, and respond within existing SOC workflows. Integration with Falcon Next‑Gen SIEM and Falcon Fusion SOAR streamlines investigation and triage across IT and XIoT assets.

🔒 CrowdStrike announces sensor-based log collector deployment in Falcon Next-Gen SIEM, leveraging the existing Falcon sensor footprint to automate collector installation and management. The policy-driven model enables host-group scoping, incremental rollouts, and real-time installation telemetry without separate distribution tooling or packaging workflows. Organizations can onboard external log sources faster while retaining centralized governance and RBAC.

🛡️CrowdStrike has been independently assessed and assured against the UK National Cyber Security Centre’s CIR Standard. The CrowdStrike certification confirms independent evaluation of provider capability, technical competence, and service delivery for incident handling across the UK and Europe. It reinforces the company's incident response services—breach response, retainers, and resilience work—powered by the Falcon platform.

⚙️ Falcon Fusion SOAR simplifies SOC automation by enabling teams to start with single, high-impact workflows and scale to agentic, AI-driven orchestration. New capabilities — natural language Workflow Generation, a Test-and-Debug preview, and a Data Transformation Agent powered by Charlotte AI — lower the barrier to building reliable automations. It integrates endpoint, identity, cloud, and threat intelligence, keeps humans in the loop, and supports mature programs that adopt Charlotte Agentic SOAR for agent orchestration.

🔎 CrowdStrike has been named a Customers’ Choice in Gartner Peer Insights' 2025 Voice of the Customer for External Attack Surface Management (EASM), and is the only vendor to hold that distinction in both years the report has been published. Falcon Exposure Management unifies external attack surface visibility with internal exposure context, adversary-driven prioritization, and attack-path analysis. The platform discovers known and unknown internet-facing assets continuously, prioritizes vulnerabilities most likely to be exploited, and reduces operational overhead by delivering EASM natively within the Falcon platform. Customers praise its accuracy, continuous discovery, and ability to operationalize exposure insights across teams.

🛡️ CrowdStrike Falcon achieved a perfect 100% across detection, protection, legitimate accuracy and total accuracy in SE Labs’ October 2025 Enterprise Advanced Security (EDR) Ransomware test, with zero false positives. The evaluation used 649 ransomware samples and simulated attacks modeled on 11 real threat groups, using both direct and deep attack chains. SE Labs awarded Falcon its AAA certification for Advanced Security EDR Protection for this performance.

🔒 The CrowdStrike Falcon platform delivers unified protection for AI across endpoints, cloud workloads, identities, and data flows, extending proven security principles to machine‑speed operations. By combining a single lightweight sensor with integrated modules, Falcon provides visibility, identity governance, data protection, and continuous monitoring for models and AI agents. Customers use these capabilities to detect misconfigurations early, govern non‑human identities, and prevent sensitive data exfiltration while preserving developer velocity and operational scale.

🔍 CrowdStrike outlines an architectural approach to enable agentic defense across the Falcon platform. The blog highlights Enterprise Graph for semantic data unification, Charlotte AI expert agents for native reasoning, and Charlotte Agentic SOAR for adaptive orchestration. It stresses governed, auditable execution and the ability to build custom agents with Charlotte AI AgentWorks. The aim is a real-time digital twin so agents and analysts share a single, continuously updated context to accelerate triage and response.

⚡ CrowdStrike’s Malware Analysis Agent, launched as part of the Threat AI initiative at Fal.Con 2025, automates file triage to produce near-real-time, confidence-scored intelligence for analysts. The agent runs parallel static analysis and dynamic sandbox detonations, correlates findings with CrowdStrike’s threat repository and more than 5,000 YARA rules, and synthesizes behavioral summaries, classification, and remediation guidance. Integrated with Falcon Fusion SOAR and APIs, it can trigger automated hunts, deploy protections, export IOCs, and isolate hosts to accelerate response and reduce analyst backlog.

🔒 CrowdStrike and NVIDIA operationalized Nemotron LLMs to enable natural-language-to-CQL translation inside the Falcon platform. They leveraged millions of analyst queries, AST-based deduplication, and a PII scrubbing pipeline, then used NVIDIA NeMo Data Designer to generate synthetic natural-language descriptions for fine-tuning. Fine-tuning Llama-3.3-Nemotron-Super-49B-v1.5 with LoRA produced improved accuracy, interpretability through intermediate reasoning, and 96% valid-query accuracy versus frontier alternatives.

⚙️ Falcon for IT provides turnkey automations—prebuilt content packs that let operators query endpoints, run remediation, and enforce baseline configurations without custom scripts. Packs execute through the existing Falcon sensor and cover application resilience, file indexing, Linux device control, and operational tasks with CrowdStrike and partner-contributed content. Built-in dashboards surface pack activity and remediation outcomes to accelerate response and reduce operational overhead.

🔍 CrowdStrike has expanded exposure management with Falcon Exposure Management, merging continuous telemetry, AI-driven prioritization, and a unified Risk Knowledge Base to reduce noise and accelerate remediation. The Exposure Prioritization Agent reasons in real time about exploitability, environment-specific preconditions, and business impact to deliver actionable “fix first” recommendations. AI Discovery surfaces LLMs, MCP servers, and AI agents to map the emerging AI attack surface and associated risks, integrating natively with Falcon telemetry and SOAR workflows.

🔒 The CrowdStrike Falcon platform achieved 100% detection, 100% protection, and zero false positives in the 2025 MITRE ATT&CK® Enterprise Evaluations, which for the first time assessed cross-domain tactics across endpoint, identity, and cloud. Falcon delivered technique- and sub‑technique-level detail and real-time cloud prevention. The outcome highlights AI-native prevention with unified telemetry and automated response across domains.

🛡️ AWS and CrowdStrike have launched an automated integration experience for CrowdStrike Falcon Next-Gen SIEM in AWS Marketplace that streamlines cloud-native security monitoring. The guided wizard automates connector configuration and provisions least-privilege IAM roles, Amazon SQS queues, EventBridge rules, and SNS topics. Security teams can quickly enable agentic AI-assisted investigation, advanced correlation, and automated response across their AWS Organization, and subscribe via new pay-as-you-go pricing.

🔒 The Falcon platform automates executive exposure reporting by correlating telemetry from Falcon Exposure Management, Falcon Cloud Security, and Falcon Next-Gen SIEM into decision-ready summaries. Falcon Fusion SOAR schedules or triggers workflows, and Charlotte AI agentic workflows translate correlated data into plain-language, prioritized reports on demand. The result is near real-time, adversary-aware reporting that maps exploitable vulnerabilities to critical assets and suggests prioritized remediation actions, dramatically reducing manual analyst effort.

🛡️ In SE Labs’ September 2025 Enterprise Endpoint Security evaluation, CrowdStrike Falcon earned the AAA EPS certification and recorded 100% Protection Accuracy, 100% Legitimate Accuracy and 100% Total Accuracy with zero false positives. SE Labs tested 75 targeted and 25 general attacks across full kill chains; Falcon detected and blocked or neutralized every attempt. The platform also won three SE Labs awards, including Enterprise Endpoint (Windows), Enterprise Ransomware, and Falcon Go for Small Business New Endpoint.

🔒 CrowdStrike has identified active exploitation of Git vulnerability CVE-2025-48384 and confirms that Falcon detections can block the observed attack chain. The vulnerability, which affects macOS and Linux, arises from inconsistent handling of carriage return characters in configuration and submodule path parsing and can enable arbitrary file writes during a recursive clone. Observed attacks combined social engineering with malicious repositories that place crafted .gitmodules entries and submodule hooks to execute post-checkout scripts. CrowdStrike urges organizations to patch Git, enable layered protections, deploy provided detection rules and hunting queries, and use Falcon Insight XDR prevention settings to reduce exposure.

🔒 CrowdStrike has enhanced Falcon Insight for ChromeOS with automated device response actions and GovCloud availability. The update enables instant device disabling and placement into restricted organizational units to block further activity and reduce lateral movement. Response actions can be executed manually from the Falcon console via a prebuilt Falcon Foundry app or automated through Falcon Fusion SOAR workflows. These capabilities ingest native ChromeOS telemetry without extra agents to simplify detection and containment.