CrowdStrike has today announced Falcon Fusion, a new workflow automation platform that aims to improve security operation centre (SOC) efficiency.
The platform's workflows were designed to help enterprise customers simplify their incident investigation, response and remediation capabilities, CrowdStrike says. This, in turn, will assist enterprises in meeting the 1-10-60 challenge: one minute to identify a breach, 10 minutes to investigate, and 60 minutes to remediate.
“Our customers are dealing with expanding attack surfaces across multi-cloud environments and distributed workforces, making it increasingly burdensome for security teams to sift through an ever-growing number of alerts and keep their business secure,” says CrowdStrike chief product officer Amol Kulkarni.
“We built Falcon Fusion to provide our customers with rich contextual insights and valuable customisation to not only meet their immediate needs but also deploy repeatable workflows at scale.”
The platform will utilise CrowdStrike's Security Cloud to improve SOC and IT efficiency, Kulkarni says. Its graphical user interface and customisable triggers based on detection will hand analysts the ability to define active response workflows in real-time.
This enables SOC teams to improve the overall efficiency of their workflows, providing them with the necessary context to mitigate security risks to their organisations.
Kulkarni says, “Falcon Fusion combines CrowdStrike Security Cloud's comprehensive visibility across all business entities with the powerful incident response capabilities delivered by the lightweight Falcon agent to automate and simplify complex SOC workflows.
Key features of Falcon Fusion include:
Orchestrate and automate complex workflows: Build consistent and customisable workflows using intuitive no-code logic or custom code options for faster active response.
Simplify security operations: Automation of workflows reduces the need to switch between different security tools and tasks and improves the efficiency of security team operations, allowing them to focus on more business-critical strategic tasks.
Accelerate incident triaging and real-time response: Speed-up incident triaging and incident response by configuring custom actions and notifications based on contextual insights from managed workloads and endpoints, resulting in reduced mean time to respond and remediate threats.
Cut costs and resources: Free up skilled resources and improve cost efficiency by building and scaling workflows on demand employing no-code automation to create repeatable and reliable processes.
Build open ecosystems: Deploy partner applications from the CrowdStrike Store to bring in additional telemetry to enrich their detection and response logic to further enhance security and IT operations.
The announcement coincides with two other announcements from CrowdStrike: multiple updates to its Falcon Platform, including expanded macOS coverage, and new features for CrowdStrike Falcon Horizon Cloud Security Posture Management (CSPM).