CrowdStrike Adds Automated Asset Discovery to Cloud Platform

At the RSAC 2022 event this week, CrowdStrike unveiled CrowdStrike Asset Graph, a new graph database it has added to its cloud security services portfolio. In addition, the company introduced a Humio for Falcon service that extends the amount of time that telemetry data can be retained.

The company also announced it has extended the reach of the Falcon Extended Detection and Response (XDR) service to provide integrations with security tools and platforms from Menlo Security, Ping Identity and Vectra AI.

Amol Kulkarni, chief product and engineering officer at CrowdStrike, said the CrowdStrike Asset Graph is especially critical because it enables cybersecurity teams to visualize the attack surface that needs to be defended.

The first Falcon module to integrate CrowdStrike Asset Graph is Falcon Discover, which has now been enhanced to provide access to additional dashboards, customizable filters and sharing options. Falcon Discover is also now integrated with ServiceNow’s IT service management (ITSM) platform.

Kulkarni said the size of the attack surface has become a major issue as the sheer volume of cybersecurity attacks being launched continues to exponentially increase. In fact, it’s not clear whether cybersecurity in general is becoming less effective or if simply the number of IT platforms that need to be secured has expanded to the point where it has become too difficult to consistently defend. That issue is becoming further exacerbated as more organizations add internet-of-things (IoT) applications to their IT environments, noted Kulkarni.

The CrowdStrike Asset Graph extends an existing threat graph capability to identify assets, identities and configurations across all IT platforms, including unmanaged devices connected to managed devices via a combination of agent software and agentless techniques, Kulkarni said.

The ability to store more telemetry data, meanwhile, is based on a Humio cloud log management and observability platform that CrowdStrike acquired last year. The overall goal is to make it simpler for cybersecurity teams to analyze both real-time and historical data to surface indications of compromise.

As more cybersecurity platforms are shifted to the cloud, it’s becoming easier for chronically understaffed cybersecurity teams to manage cybersecurity. The challenge is simply understanding what assets make up a constantly changing attack surface. The more complex the IT environment becomes, the greater the challenge for the cybersecurity team, noted Kulkarni. More platforms are constantly being added, but none of the legacy platforms are ever replaced, he added.

In theory, of course, cybersecurity teams should always be aware of every change made to an IT environment. In reality, devices and new applications are being deployed faster than understaffed cybersecurity teams can track them manually. In the absence of any automated approach to asset discovery, there is little chance cybersecurity teams will know exactly how vulnerable their defensible attack surface is.

Nevertheless, cybersecurity teams are still being held accountable for securing all those platforms—regardless of whether they ever knew they existed in the first place.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 747 posts and counting.See all posts by mike-vizard