I virtually attended sessions at the Crowdstrike Fal.con conference this week. Here are some of the highlights:
- They launched their XDR service. It incorporates their Humio acquisition to provide the SIEM functionality to handle other log sources.
- They've also made a free version of Humio (Community Edition) available.
- They announced their Fusion platform for building and managing SOAR activities. The demos focused on remediation actions at the endpoint and information gathering to support investigations.
- Falcon Filevantage is a new service that uses the Falcon agent for FIM.
Everything is available on demand. Most of the sessions were scheduled for 30 minutes but didn't always last that long. The 1 hour workshops typically include 10 minutes of CS platform overview then a scripted hands-on walkthrough of key capabilities where you had direct access to the CS console. After the session it was nice to be able to poke around.
If anyone has questions about EDR/MDR/XDR vendor capabilities please reach out. I'm helping several companies define requirements and choose a provider that best fits their needs and budgets.