Because of all the new technologies being used and the move to the cloud, the number and types of assets an organization needs to manage has increased nearly fourfold in the past 10 years. As a result, organizations are at risk to adversaries, who constantly conduct reconnaissance to identify, target and exploit soft targets and vulnerabilities. The proliferation of assets also creates an unreliable situation for IT to reduce service disruption as asset configurations are changed and patches applied. Having visibility and the ability to manage both known and unknown assets is critical to maintaining proper security hygiene and a proactive security posture, but remains an unresolved challenge for almost every organization.
The scale of the challenge is enormous: hundreds of thousands of assets and devices, with hundreds of thousands of accounts logging into those workloads, with thousands of applications running. For true cloud-based solutions, this problem becomes more difficult in the hundreds millions of assets, hundreds millions of users, running tens of thousands of applications.
One of the biggest barriers today to the operation of security posture management is the lack of understanding of the coming impact of any configuration change. For a very long time, security posture management tools have focused on the security impact of proposed simplifications, but they do not understand the operational impact of such simplification on the organization. This creates a gap between security and IT teams, resulting in large barriers for implementing any change.
Let’s take a simple example of vulnerability mitigation in a deployed product. First, it is nearly impossible for any organization to track published vulnerabilities and associated patches because of the speed at which vulnerabilities are discovered. Second, even if an organization knew about a mitigation, they could not deploy it fast enough before the exploits were available in the wild. That is due to the aforementioned lack of insight into the ITOps impact of any patch. The result is an ever-increasing number of attacks and the IT and security teams often clashing.
Having a unified, unified, 360-degree view of assets, identity and configuration across all systems-including cloud, on-premises, mobile, IoT and more-and understanding how to interact each of these assets to each other, provides a bridge to IT and security operations.
For security teams, this level of dynamic visibility enables them to discover and catalog each asset and its interrelated relationships to better understand the configurations, vulnerabilities, and exposures that may be attempted to be exploited. of an opponent. And IT operations can better manage, maintain and monitor assets throughout the organization to better reduce service disruption, ensure system time and support other critical IT projects.
CrowdStrike has always been committed to solving the difficult problem first by developing innovative, scalable solutions, and we now apply the same approach to this area of security posture management. That’s why I’m excited to announce that CrowdStrike has today released CrowdStrike Asset Graph, a new graph database underpinning the CrowdStrike Falcon platform.
The CrowdStrike Asset Graph dynamically tracks and monitors complex interactions with assets, providing a holistic view of the risks posed by those assets. Asset Graph provides graph visualizations of relationships across all assets such as devices, users, accounts, applications, cloud workload and operations technology (OT), along with the rich context necessary for proper security cleanliness and proactive security posture management to reduce risk to their organizations – without affecting IT.
Asset Graph: Strengthens the Falcon platform and the future of IT SecOps
CrowdStrike has once again done the difficult, architectural task ahead of time to deliver superior protection, performance and value from the Falcon platform.
Asset resolution-the aggregation of small pieces of information from different sources and systems into a single asset view-continues to be an unmet challenge in the industry. For example, one system in an IT environment may register a device by IP address, while another system registers it by user name. This problem becomes more complicated depending on how and where the asset is used (internal networks, in cloud networks, etc.) and the number of data sources used to track inventory. According to ESG, nearly one-third (32%) of organizations use 10 or more data sources to track and inventory their assets for security purposes.
As such, it is very difficult for organizations to have a unified view of their assets-and conversely, it makes it difficult to ensure that diverse assets are not combined with another asset with a similar name from a different system. Data exists to make these differences, but resolving assets in different systems has proven elusive, until now.
Figure 1-The CrowdStrike Asset Graph shows each entity (device, IOT, identities, etc.) in a customer network and how they all interact. This insight helps organizations make better decisions – from security to IT performance, utilization, capacity, license management and more – to proactively protect and manage their IT environment.
The CrowdStrike Falcon platform was specifically built using cloud-native architecture to leverage a wealth of high-fidelity security and enterprise data, and deliver solutions through a single, lightweight agent to keep customers ahead of today’s sophisticated competitors.
CrowdStrike’s groundbreaking graph technologies, starting with the company’s renowned Threat Graph, help build a powerful, fluid and distributed data fabric, interconnected in a single cloud-the CrowdStrike Security Cloud-that enables Falcon platform and CrowdStrike industry -leading solutions.
Using a combination of artificial intelligence (AI) and behavior pattern matching techniques to relate and contextualize information into the broad fabric of data, CrowdStrike graphs create a “collect data once, reuse it multiple times ”approach to solving the biggest problems faced by customers. With the introduction of Asset Graph, CrowdStrike applies the same approach to solving the most difficult, unmet challenges of customers with an eye on proactive security, as well as unprecedented IT visibility and risk management.
Three highly advanced graph technologies that underlie the Falcon platform now include:
Threat Graph: The Threat Graph that defines the CrowdStrike industry draws trillions of security data points from millions of sensors, enriched with threat intelligence data and third-party sources, to identify and correlate threat activity. together to provide full visibility of attacks and automatically prevent real-time threats across CrowdStrike’s overall customer base.
Intel Graph: By analyzing and linking vast amounts of data to adversaries, their victims and their tools, Intel Graph provides unparalleled insights into changes in tactics and strategy, enabling strategy-focused to the opponent of CrowdStrike using world-class threat intelligence.
Asset Graph: In this release, CrowdStrike solves one of today’s most complex customer problems: accurately identifying assets, identities, and configurations across all systems including cloud, on-premises, mobile, IoT and more, and combining them into a graph form. Consolidating and organizing this information into context will lead to powerful new solutions that are changing how organizations implement security hygiene and dynamically manage their security posture.
Falcon Discover 2.0: The first module powered by Asset Graph
The CrowdStrike Asset Graph will allow new Falcon modules and features built on top of it to identify, track and explore the relationships of assets within an organization. The first Falcon module to use Asset Graph was Falcon Discover, CrowdStrike’s security hygiene solution, which includes the following enhancements:
New enhanced dashboards, highly customizable filters and sharing options: IT teams can tailor their experience with Asset Graph map visualization and powerful search capabilities, all conveniently presented within the Falcon Discover console.
New integration of third-party data with ServiceNow: By integrating ServiceNow with Asset Graph and Falcon Discover, IT teams get another layer of asset visibility around devices in a single console, providing enhanced tracking of unmanaged and unsupported assets.
Manage risk by thinking like an opponent
CrowdStrike has long advocated for an opponent -focused security strategy. This means staying ahead of moving the opponent’s tradecraft and tactics so you know how they’ll chase you. It also means having deep visibility into your critical assets and technology environment to understand where they will also be chasing you.
The introduction of the Asset Graph will allow organizations to have a deeper understanding of their complete technology environment and how it interacts, more accurately assess the risk posture of their assets, and take action. to proactively adapt their security posture to defend against today’s adversaries without interrupting IT operations.
.