CrowdStrike Brings AI and Cloud Application Security to Falcon

At CrowdStrike Fal.Con 2023, CrowdStrike announced a new Falcon Raptor release with generative-AI capabilities and the acquisition of Bionic.

Image: Sundry Photography/Adobe Stock

At CrowdStrike’s annual Fal.Con show in Las Vegas this week, the company announced a series of enhancements to its Falcon security platform, including a new Raptor release with generative-AI capabilities. The company also announced the acquisition of Bionic to add cloud application security to its portfolio.

Jump to:

Table of Contents

What’s new in the Falcon Raptor release?

CrowdStrike Falcon covers endpoint security, Extended Detection and Response, cloud security, threat intelligence, identity protection, security/IT Ops and observability. The new Raptor release adds petabyte-scale, fast data collection, search and storage to keep up with generative AI-powered cybersecurity and stay ahead of cybercriminals. It’s being rolled out gradually to existing CrowdStrike customers beginning in September of 2023.

The key elements of the Raptor release are:

Charlotte AI Investigator automates incident creation and investigation, correlates related context into a single incident and generates a large language model incident summary.
CrowdStrike Endpoint Detection and Response provides customers with access to native XDR to accelerate investigations, thereby adding endpoint, identity, cloud and data protection telemetry from across the company’s platform.
The XDR Incident Workbench accelerates investigation and response times by focusing on incidents rather than alerts.

“Raptor eliminates security noise and reduces the time analysts take to chase down incidents,” said Raj Rajamani, head of products at CrowdStrike, when I interviewed him at Fal.Con.

In earlier versions of Falcon, data existed in multiple backends, which increased the possibility of blind spots that could be exploited by hackers. Raptor provides a single data plane to bring the data together in the CrowdStrike platform.

“There is no longer a need for security analysts to go to different points to try to correlate CrowdStrike and third-party data, as everything is stitched together by Charlotte AI to reduce the time needed for triage and analysis,” said Rajamani.

This is achieved by decoupling the data from the compute power needed to compile, process and analyze it. Rajamani said this can take query response times down from hours to seconds and larger queries from days to a few hours.

Main competitors to Falcon

As CrowdStrike Falcon consists of multiple modules that broadly address the security landscape, it competes on multiple fronts. On the EDR side, its main competitors are Microsoft and SentinelOne. On cloud security, it lines up against the likes of Microsoft and Palo Alto Networks. For identity protection, its primary competitor is probably Microsoft. Rajamani said that CrowdStrike has an advantage over Microsoft and others through its ability to build a unified data plane using a single agent and console for all security-related data.

“Others solve parts of the security puzzle but struggle to bring it all together without a 360-degree view,” he said. “The sum of the parts is greater than the whole.”

More Falcon-related announcements

Falcon Foundry is a no-code app dev platform to solve custom IT and security workloads including scanning for vulnerabilities. Now available.
Falcon Data Protection offers policy enforcement of content instead of files to enable users to protect data as it travels across the enterprise and prevent the unauthorized egress of sensitized information. Currently in the beta testing phase.
Falcon for IT provides real-time IT visibility into all system events, state and performance. Now available.
Falcon Exposure Management gives an inside-out and outside-in view of enterprise risk. Now available.

Bionic acquisition should give CrowdStrike an edge in CNAPP market

The other big announcement at CrowdStrike’s Fal.Con was an agreement to acquire Application Security Posture Management vendor Bionic. This extends CrowdStrike’s cloud native application protection platform to deliver risk visibility and protection across all cloud infrastructure, applications and services.

The crowded cloud-native software platform marketplace is led by PingSafe, Aqua Security, Palo Alto Networks, Orca and many others; the addition of ASPM from Bionic should give CrowdStrike an edge. ASPM adds app-level visibility to infrastructure, and it solves problems such as being able to detect which applications — even legacy applications — are operating within the enterprise and what databases and servers these apps are touching. This is accomplished without an agent.

Rajamani likened it to the difference between an X-ray (CNAPP) and an MRI (ASPM). The addition of Bionic provides CrowdStrike with the ability to detect a wider range of potential issues.

“The integration of Bionic means we can greatly reduce the number of alerts to enable analysts to zero in on the ones that matter,” said Rajamani. “As a result, CrowdStrike will be the first cybersecurity company to deliver complete code-to-runtime cloud security from one unified platform.”