Read the Gartner® Competitive Landscape: Network Detection and Response Report
Read the Gartner® Competitive Landscape: Network Detection and Response Report
START HERE
WHY CORELIGHT
SOLUTIONS
CORELIGHT LABS
Close your ransomware case with Open NDR
SERVICES
ALLIANCES
USE CASES
Find hidden attackers with Open NDR
Corelight announces cloud enrichment for AWS, GCP, and Azure
Corelight's partner program
10 Considerations for Implementing an XDR Strategy
April 24, 2024 by Sahidya Devadoss
In the ever-evolving landscape of cybersecurity threats, staying ahead requires more than just threat detection; it demands comprehensive correlation and analysis for informed decision-making. Understanding the context surrounding an alert is important for effective risk mitigation. That's why we're thrilled to announce the integration of CrowdStrike Falcon EDR with Investigator, part of Corelight’s Open NDR Platform.
Consider a scenario commonly encountered in security operations centers (SOC): a network security alert is triggered, indicating suspicious activity originating from a specific network IP address. Historically, without immediate access to detailed host information, analysts would face difficulties pinpointing the exact device or user responsible for the detected activity. This lack of context could lead to delays in response and potentially compromise the organization's security posture.
The integration of CrowdStrike Falcon EDR with Investigator effectively addresses this challenge. What does this mean for users?
Enhanced Context: The integration seamlessly enriches alerts with essential host details from CrowdStrike Falcon EDR, such as MAC addresses, hostnames, and operating systems. This enhanced context assists analysts map network IP addresses to specific hosts, removing the need to manually query different systems like Corelight logs or asset management databases. Analysts can access comprehensive host information directly from the Investigator interface.
Point-in-time Evidence: Host information is obtained at the time of the alert and retained within the Investigator platform, providing point-in-time evidence for thorough analysis, ensuring analysts have access to all relevant information precisely when needed.
In conclusion, by seamlessly combining EDR data with network detection capabilities, users can gain deeper insights into potential threats and respond more effectively to security incidents. Stay ahead of evolving threats and empower your security operations with enhanced context and comprehensive analysis – integrate CrowdStrike EDR with Investigator today.
Tagged With: NDR, Incident response, Crowdstrike, featured