CrowdStrike today launched a number of updates to its security platform as part of its Fal.Con 2022 event. These included updates to its extended detection and response (XDR), cloud-native application protection platform (CNAPP), log management, and IoT and operational technology (OT) security products.

The security vendor bolstered its open XDR approach by expanding its CrowdXDR Alliance and third-party partners, and now the vendor calls the framework “hybrid XDR.”

“Hybrid XDR is taking third-party data and correlating that with our first-party data through the XDR alliance partners offering both of these as a fundamental platform capability,” CrowdStrike Chief Product and Engineering Officer Amol Kulkarni explained. “What we are doing with this approach is really breaking down silos that the open XDR approaches have tried to do. Anything which is essentially focusing only on first-party products is very narrow and limited.” 

CrowdStrike created its CrowdXDR Alliance last October to define “the standard for what XDR technology should be,” CTO Michael Sentonas said in an earlier interview. Cisco, Fortinet, and ForgeRock are among the group's newest members. 

In addition to alliance partners, CrowdStrike also aims to integrate telemetry with third-party vendors, which now include Microsoft (for Microsoft 365 and Azure Active Directory) and Palo Alto Networks.  

To open this “hybrid XDR” service to more clients, CrowdStrike now allows all of its endpoint detection and response (EDR) customers to access its XDR services through simple-to-consume connector packs, and its EDR platform becomes Falcon Insight XDR.

“We are enabling all customers to leverage the power of our unique XDR approach, which combines native XDR that is taking all of our first-party data and providing cross-domain detections across endpoint, identity, cloud, mobile, and so on … without of course impacting any of the existing EDR capabilities or workflows,” Kulkarni said. 

Kulkarni did add that alliance membership still has its privileges.

“We are essentially doing the same kind of data ingestion for inbound data from all partners, whether it's CrowdXDR Alliance partners or third-party vendors,” Kulkarni said. “What is different though is with CrowdXDR Alliance we have a shared schema that we are developing along with our partners to make that exchange far easier and make it bi-directional.”

The vendor also integrates Falcon Insight XDR with Zscaler’s Zero Trust Exchange platform to extend integrated response actions from XDR detections or via automated Falcon Fusion security orchestration, automation, and response (SOAR) workflows.

CrowdStrike also added cloud infrastructure entitlement management (CIEM) features to its CNAPP portfolio, “which enables organizations to prevent identity-based threats,” Kulkarni noted. 

CIEM helps organizations prevent identity-based threats resulting from improperly configured cloud entitlements across cloud service providers. CrowdStrike’s CIEM supports Amazon Web Services (AWS) and Microsoft Azure.

“The one-click remediation testing feature stands out amongst the new CIEM capabilities for CrowdStrike cloud security,” IDC group VP Frank Dickson said in a statement. It is “a powerful tool that can enable SOC analysts to quickly detect and remediate identity-based threats for faster, more effective response.”

Gartner touts CNAPPs to consolidate previously siloed capabilities including CIEM, runtime cloud workload protection platform (CWPP), cloud security posture management (CSPM), development artifact scanning, and infrastructure-as-code (IaC) scanning.

CrowdStrike’s CNAPP offerings also include Falcon Horizon CSPM and Falcon CWP platforms. It also integrates its Asset Graph capabilities into the portfolio for cloud asset visualization, which was first introduced during this year’s RSA Conference. 

CrowdStrike added its new Falcon Discover for IoT module to its Security and IT Operations product suite, which offers visibility for IoT and OT environments.

“Critical infrastructure has been increasingly under attack and we've seen a lot of breaches around it,” Kulkarni said. “It is very important that an organization have full visibility into their entire estate, including their IT and OT infrastructure, and their industrial control system infrastructure.”

Falcon Discover for IoT “helps the IT and security leaders to span across and understand that asset inventory in real time [and] continuously updated so that they have an instantaneous view into their attack surface and then can take steps to minimize risk and improve their security posture,” he added.

CrowdStrike also introduced its Falcon LogScale module for log management and observability and Falcon Complete LogScale managed service building on technologies from its recent Humio acquisition.