CrowdStrike Falcon Threat Graph
Breach prevention engine
Power of security cloud
Harness the security cloud's formidable strength for comprehensive protection.
Fully operational in minutes
- Complete turnkey solution with no additional hardware or deployments.
Power of the crowd
- Use network effect to protect everyone against a new threat, regardless of where it is encountered.
Zero maintenance overhead
- See value from Day One, with no additional custom tuning, costly consulting, re-architecting or maintenance overhead.
Scale and elasticity
- Automatically scales and grows with demand and change.
Power of data
Unlock the transformative potential of data to drive innovation and informed decision-making.
Enriched telemetry
- Capture trillions of security events across endpoints, workloads and identities and enrich with threat intelligence, context and correlation markers.
Deep analytics
- Reveal contextual relationships between data elements to identify and respond to new and unusual threats in real time by applying graph analytics and ML algorithms.
Powerful search
- The robust query and search engine provides current and historical forensic details to arm responders for threat investigations.
Data availability
- On-demand access to enriched data with powerful visualization dashboards helps investigators understand the full context of the attack on any affected host, regardless of location.
Maximum security efficiency
Optimize security operations for maximum efficiency and effectiveness.
Actionable insights
- The industry’s leading collection of powerful insights gathers more than a trillion events per day spanning across 2 trillion vertices and analyzing over 15 petabytes of data.
Integrated threat intelligence
- Telemetry is enriched with real-world threats and identifies new attacks associated with known threat actors.
Accelerated response
- Real-time visualization and automated concurrent analysis lead to faster investigation and response times.
Proactive threat hunting
- Threat hunters can run ad hoc queries for successful and timely detections of unknown threats.
Single source of truth
Establish a single, authoritative source of truth for accurate and reliable information.
Single data source
- Gain rapid access to everything required to prevent, detect, investigate, and respond.
Single intelligent agent
- The lightweight agent provides smart-filtering capability streams relevant data for enrichment and correlation to the Threat Graph — with no performance impact.
Robust set of APIs
- Powerful APIs allow for security orchestration, automation, response and other advanced workflows.
Rich integrations
- APIs and bidirectional data flow enable tight integrations with third-party security and IT solutions to share insights from multiple data sources.
Cloud-delivered resources
- Threat Graph scales with demand and provides necessary storage, computing and rich analytics required, with up to a year of all detections encountered.
Enriched data archive
- Optional offline replica of enriched telemetry is available for archive, compliance requirements and additional analytics.