CrowdStrike doubles down on visibility with new graph database
CrowdStrike has introduced CrowdStrike Asset Graph, a new graph database powered by the CrowdStrike Security Cloud that provides IT and security leaders with a 360-degree view into all assets (both managed and unmanaged).
It also provides visibility into their attack surface across devices, users, accounts, applications, cloud workloads, operational technology (OT) and more to simplify IT operations and stop breaches, according to the company.
According to CrowdStrike, Visibility is one of the foundational principles of cybersecurity because businesses cannot secure and defend the assets they don't know exist. This, in turn, creates a race between adversaries and companies’ IT and security teams to find these blind spots.
According to a 2022 report from Enterprise Strategy Group (ESG), “69% of organisations have experienced a cyber attack in which the attack itself started through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset.”
CrowdStrike Asset Graph aims to solve this problem by dynamically monitoring and tracking the complex interactions between assets, providing a single holistic view of the risks those assets pose.
While other solutions simply provide a list of assets without context, Asset Graph provides graphic visualisations of the relationships between all assets such as devices, users, accounts, applications, cloud workloads and OT, along with the rich context necessary for proper security hygiene and proactive security posture management to reduce risk in their organisations.
CrowdStrike chief product and engineering officer Amol Kulkarni says, “Digital transformation has led to an equal and pronounced acceleration of security transformation in the modern enterprise. For companies furthest along on this journey, IT operations and security teams - once distinct silos - are converging, creating a far more proactive posture when it comes to security and risk management.
“Built specifically to address this new dynamic, CrowdStrike Asset Graph lets organisations see the assets they have and how they interact with each other, helping them make informed, risk-based decisions - from security to IT performance, utilisation, capacity, licence management and more - to proactively protect and manage their IT environment.”
The CrowdStrike Falcon platform was purpose-built with a cloud-native architecture to harness large amounts of high-fidelity security and enterprise data, and deliver solutions through a single, lightweight agent to keep customers ahead of sophisticated threats.
CrowdStrike’s graph technologies, which started with the company’s Threat Graph, form a distributed data fabric interconnected into a single cloud, the Security Cloud, that powers the Falcon platform and CrowdStrike’s solutions.
Using a combination of AI and behavioural pattern-matching techniques to correlate and contextualise information in the vast data fabric, CrowdStrike’s graphs create a “collect data once, reuse it multiple times” approach.
According to CrowdStrike, the three graph technologies underpinning the Falcon platform now include:
Threat Graph: CrowdStrike’s industry-defining Threat Graph takes trillions of security data points from millions of sensors, enriched by threat intelligence data and third-party sources, to identify and link threat activity together to provide full visibility of attacks and automatically prevent threats in real-time across CrowdStrike’s global customer base.
Intel Graph: By analysing and correlating large amounts of data on adversaries, their victims and their tools, Intel Graph provides unrivalled insights on the shifts in tactics and techniques, powering CrowdStrike’s adversary-focused approach with world-class threat intelligence.
Asset Graph: With this release, users are able to identify assets, identities and configurations accurately across all systems including cloud, on-premises, mobile, Internet of Things (IoT) and more, and connecting them together in a graph form. Unifying and contextualising this information will lead to new solutions that change how organisations enforce security hygiene and manage their security posture, the company states.
CrowdStrike states Asset Graph will enable new Falcon modules and features built on top of it to define, monitor and explore the relationships between assets within an organisation. The first Falcon module to use Asset Graph is Falcon Discover (Security Hygiene), which includes the following enhancements:
Newly enhanced dashboards, customisable filters and sharing options: IT teams can tailor their experience of Asset Graph’s map visualisation and powerful search capabilities, all presented conveniently within the Falcon Discover console.
New third-party data integration with ServiceNow: Combining this integration with Asset Graph and Falcon Discover, IT teams gain another layer of asset visibility around devices in a single console, providing enhanced monitoring over unmanaged and unsupported assets.