Joint solutions with NDR and NTA providers bring seamless integration of endpoint and network detection and response for comprehensive end-to-end security
CrowdStrike, a leader in cloud-delivered endpoint and workload protection, announced today a series of integrations with CrowdStrike Security Cloud that correlates the CrowdStrike Falcon® platform’s enriched endpoint and workload telemetry with network telemetry for greater end-to-end visibility and contextual insights to combat threats. These integrations with leaders in network detection and response (NDR) and network threat analytics (NTA) help mutual customers build a cohesive platform tailored to protect and defend against any threats across all enterprise software components, wherever those threats are encountered.
With the surge in remote workforces and ever-increasing cloud adoption, modern security operation centers (SOCs) are faced with increased attack surface blind spots and an uptick in operational challenges due in part to lack of interoperability across point security solutions. Security professionals are spending too much time and resources investigating increased alert volume impacting their productivity and efficiency in addition to compromising their security posture.
CrowdStrike customers desire a strong connection between the Falcon platform and the NDR ecosystem to boost their security efficiency and efficacy with shared contextual telemetry and indicators of compromise (IOCs). Today, along with our partners we are delivering to customers better ways to maximize their investment in the Falcon platform. With CrowdStrike’s integrations with ExtraHop, Vectra, Awake Security, Corelight, Darktrace, IronNet and ThreatWarrior, mutual customers can now integrate CrowdStrike’s industry-leading next-generation antivirus (NGAV) and endpoint detection and response (EDR) with leading NDR solutions that monitor east-west traffic and communications within the network itself and help surface any blind spots that span across network and cloud environments. Through these integrations, customers can take advantage of:
- Concise and actionable insights based on coordination of alerts and telemetry across CrowdStrike and leading NDR solutions
- Integrated data feeds that enable enhanced response capabilities to identify and isolate risks faster with cloud-scale artificial intelligence (AI)
- Enhanced threat intelligence to pinpoint novel attack methods with identification of new attack signatures
- Customizable response actions are available for partners to execute leveraging Real-Time Response capabilities (RTR) on the Falcon platform, based on early attack behaviors observed on the network
- Open ecosystem of purpose-built integrations for cloud-delivered extensibility and flexibility
“The increased complexity in corporate networks, coupled with the heightened sophistication of cyber threats, can quickly overwhelm today’s security analysts. While many point solutions promise comprehensive security, security teams are often not only left with blind spots in their environments but also siloed tools and data in the IT stacks that put security teams at risk of missing or overlooking critical alerts,” said Amol Kulkarni, chief product officer, CrowdStrike. “CrowdStrike’s Security Cloud is an open platform enabling seamless integration with best of breed solutions. This integration with NDR partners provides mutual customers a comprehensive, holistic cybersecurity solution with enhanced visibility, streamlined detection and response and frictionless automation to address protection and operational challenges, while helping drive total cost of ownership down.”
CrowdStrike is committed to fostering a powerful open ecosystem, built on the cloud-scale AI-powered CrowdStrike Security Cloud, capable of processing trillions of events per week. To learn more about all of these differentiated NDR integrations, please visit the CrowdStrike technology partner page.
“The power of EDR and NDR isn’t some imagined future state. Our customers are already using the best-of-breed integration between ExtraHop and CrowdStrike, combining real-time endpoint and network telemetry to defend against the most advanced cyber attacks,” said Raja Mukerji, co-founder and chief customer officer at ExtraHop. “Our decision to partner with CrowdStrike was intentional, as our respective platforms both offer massively scalable, cloud-native detection and response capabilities. Our ongoing collaboration is designed to maximize the combined value of NDR and EDR, and we look forward to continuing to work together in service of our customers.”
“Enabling Vectra Cognito to integrate with other best-in-class products allows our customers to understand and stop threats faster, which is why we invest in and promote an open ecosystem,” said Kevin Kennedy, Vectra vice president of product management. “Integration with CrowdStrike combines valuable context from the endpoint with Vectra network and cloud detections to paint a comprehensive, unified picture of an active cyberattack that allows analysts to take immediate action to mitigate the threat. The result is more efficient SOC investigation workflows and faster response.”
“Integrating the Awake platform with CrowdStrike Falcon Insight is a combination that will empower our joint customers to identify and respond to threats even more quickly,” said Rajdeep Wadhwa, vice president of product management at Awake Security. “By capturing and analyzing every packet that crosses the network, Awake gives security teams the ability to see managed and unmanaged devices and surface malicious intent in a way that’s immediately actionable. By integrating with CrowdStrike, users now have even more information at their fingertips that will allow them to see threats and make remediation decisions faster.”
Lana Knop, chief product officer at Corelight says, “With CrowdStrike and Corelight, customers get the same level of insight from their networks that they’ve come to expect from their endpoints. Corelight’s Open NDR Platform, powered by Zeek and Suricata, delivers fast answers to any question a security analyst may have for events occurring beyond the endpoint. The synthesis of both technologies provides full enterprise visibility and immediate context for accelerated investigation, detection and response.”
“CrowdStrike and Darktrace have mutual customers who see the value of integrating endpoint data with self-learning, autonomous AI,” said Eloy Avila, Darktrace America’s CTO. “As a self-learning technology, interoperability with CrowdStrike enables dynamic, real-time protection of the endpoint, allowing threats at the host level to be thwarted with speed and precision, whenever they strike.”
Don Closser, chief product officer at IronNet Cybersecurity, said, “The speed, volume, and sophistication of modern cyber attacks are requiring organizations to up their defensive game with integrated solutions that provide full visibility across both the endpoint and network. The ability to trace anomalous behavior from the network to a compromised device, and vice versa, is critical for enabling security teams to quickly identify and respond to threats. Partnering with CrowdStrike will provide IronNet’s customers an even greater level of Collective Defense.”
“Unifying network and endpoint security drastically strengthens an organization’s security posture,” said Rob Lancaster, senior vice president of Strategic Alliances and Product at ThreatWarrior. “Integrating ThreatWarrior’s network-based threat detection with CrowdStrike’s endpoint protection provides customers with complete visibility, detailed context, and active response across public, hybrid, and multi-cloud digital estates. This unique pairing ensures that no infrastructure or device is compromised, while speeding up attack detection and resolution. We’re thrilled to be partnering closely with CrowdStrike to bring simple solutions to complex cybersecurity problems for our joint customers and partners.”
This press release contains forward-looking statements that involve risks and uncertainties, including statements regarding benefits customers may experience as a result of integrations with CrowdStrike Security Cloud. There are a significant number of factors that could cause actual results to differ materially from statements made in this press release.
You should not rely on these forward-looking statements, as actual outcomes and results may differ materially from those anticipated or implied by these forward-looking statements as a result of such risks and uncertainties. All forward-looking statements in this press release are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.