Start-up CrowdStrike today made available its first product, called Falcon, designed to detect and block stealthy infiltrations of Microsoft Windows or Apple Macintosh-based endpoint machines and servers.
Falcon includes what it refers to as a "lightweight sensor" that resides hidden on the computer the enterprise wants to protect. These "sensors" are watching for events and traffic deemed to represent an attempt to take over computers by adversaries looking to infiltrate the corporate network--an attack often called an "advanced persistent threat" (APT), according to CrowdStrike's founders George Kurtz, president and CEO, and Dmitri Alperovitch, CTO.
Through CrowdStrike's cloud-based monitoring support, the continuous activity is analysed on a real-time basis. What's done next is up to the Falcon customer. "There are a range of flexible response options," says Alperovitch.
If Falcon detects infiltration of enterprise computers, it can be set up to respond via a range of choices. It can block the attack at once, or allow it to proceed while recording every move to see where that attacker goes; or even attempt to deceive the attacker by providing decoys and false information.
Falcon is a way to attain "real-time attribution of the adversary," said Kurtz, especially attacks often ascribed to nation-states such as China that aim to steal important information. Kurtz says part of the CrowdStrike service is to actively identify and track the attackers by tapping various sources confidentially but not revealing who the customer is.
CrowdStrike's sensors do not collect any customer data at all, but rather focus on technical network information about attacker patterns of activity.
CrowdStrike, at a minimum, is a way to do damage assessment, says Kurtz. "The idea is to provide visibility into what's happening," says Kurtz. The danger with infiltration attacks is that the longer the attackers are inside the corporate network looking for exactly what they really want to steal, the worse the situation will become.
All security detection products bring with them the possibility of false positives, and Falcon customers will inevitably ask whether that would be an issue. "There's no technology anywhere that's 100% accurate," Kurtz says.
Future versions of the product are expected to also include support for Linux and mobile platforms. Falcon, available now, starts at $50,000.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: [email protected].