At this week’s RSAC 2022 event, CrowdStrike released the CrowdStrike Asset Graph, a new graph database that it adds to its portfolio of cloud security services. In addition, the company introduced a Humio service for the Falcon that expands the amount of time telemetry data can be maintained.
The company also announced that it has expanded the reach of the Falcon Extended Detection and Response (XDR) service to provide integrations with security tools and platforms from Menlo Security, Ping Identity and Vectra AI.
Amol Kulkarni, chief product and engineering officer at CrowdStrike, said the CrowdStrike Asset Graph is particularly critical because it allows cybersecurity teams to visualize the attack on the surface that needs to be defended.
The first Falcon module to include the CrowdStrike Asset Graph is Falcon Discover, which has now been enhanced to provide access to additional dashboards, customizable filters and sharing options. Falcon Discover has also been integrated into ServiceNow’s IT service management (ITSM) platform.
Kulkarni said the size of the attack surface has become a big issue as so many cybersecurity attacks being launched continue to rise sharply. In fact, it is not clear whether cybersecurity in general is becoming less effective or whether only the number of IT platforms that need to be secured has expanded to the point where it has become very difficult to continue to defend. That issue is getting worse as more organizations add internet-of-things (IoT) applications to their IT environments, Kulkarni said.
The CrowdStrike Asset Graph extends the current capability of the threat graph to identify assets, identities and configurations across all IT platforms, including unmanaged devices connected to managed devices through a combination of agent software and techniques no agent, Kulkarni said.
The ability to store more telemetry data, meanwhile, is based on a Humio cloud log management and observability platform acquired by CrowdStrike last year. The overall goal is to make it simpler for cybersecurity teams to review both real-time and historical data to emerge indications of compromise.
As more cybersecurity platforms move to the cloud, it becomes easier for cybersecurity teams with chronic understaffs to manage cybersecurity. The challenge is simply understanding what assets make up the ever-changing surface of attack. As the IT environment becomes more complex, the challenge for the cybersecurity team is greater, Kulkarni said. More platforms continue to be added, but none of the legacy platforms are being replaced, he added.
In theory, of course, cybersecurity teams should always be aware of every change made in an IT environment. In fact, devices and new applications are deployed faster than the lackluster cybersecurity teams that can monitor them manually. In the absence of any automated asset detection strategy, there is little chance that cybersecurity teams will know how vulnerable their defensible attack surface is.
However, cybersecurity teams are still responsible for securing all of those platforms — regardless of whether they knew they existed in the first place.