CrowdStrike, a leader in cloud-delivered endpoint and workload protection, recently announced enhancements to the CrowdStrike Falco platform that significantly improve Security Operations Center (SOC) efficiency and effectiveness, allowing security teams to focus on critical priorities and fortify their organizations’ proactive stance against cyber threats.
CrowdStrike customers can accelerate their security operational response with new notification workflows and Real Time Response (RTR) capabilities within the CrowdStrike Falcon platform, automating full-cycle incident response.
The new capabilities help SOCs to optimize their operations to meet CrowdStrike’s 1/10/60 response rule, prescribing one minute for security teams to detect an attack, 10 minutes to understand it and 60 minutes to contain it.
“Security teams today are overwhelmed by the expanded attack volume, disparate alert notifications and complex security workflows,” said Patrick McCormack, senior vice president of Cloud Engineering at CrowdStrike.
Customers can streamline their SOC operations with the new CrowdStrike Falcon notification workflows that provide automated real-time notifications tailored to specific types of events, conditions and cloud security posture findings and then be seamlessly delivered via email, generic webhooks or through Slack and PagerDuty integrations.
Customers can now deploy automated security, response and vulnerability remediation playbooks from CrowdStrike Store partners, such as recently launched Tines and Vulcan Cyber, to leverage detections and incidents from the Falcon platform, and bring speed, consistency and scale to distributed SOC teams.
- Accelerate response with customized workflows: Teams can streamline incident response by configuring custom actions and notifications, based on events, triggers and thresholds, resulting in reduced mean time to respond and remediate threat detections.
- Augment your staff by automating the mundane and repetitive tasks: Security teams can automate repetitive manual tasks with consistent workflows, enhance productivity applications to enable faster context and response or automate mitigation actions – ultimately protecting business-critical assets from fast-moving threats.
- Enhance investigation user experience: Analysts can quickly visualize and identify individual detections as being a part of an incident, streamline team assignments and quickly contain all impacted hosts – including those impacted by lateral movement – with a single click.
(Image Courtesy: www.foodengineeringmag.com)