CrowdStrike Spurs AI-Native SOC Rollsout Falcon Next-Gen SIEM

In order to free clients from the limitations of outdated SIEM solutions and enable the AI-Native SOC, CrowdStrike unveiled new advancements for its CrowdStrike Falcon Next-Gen SIEM. All Falcon Insight clients will receive 10 terabytes of free third-party data input each day to experience the speed and performance of Falcon Next-Gen SIEM, which will expedite SOC transition.

Breakout times are now measured in minutes, thus security operations must keep up with the adversary’s pace to halt breaches. For legacy SIEMs to provide the security results that consumers need, they are too complicated and sluggish.

Security analysts now have to navigate a variety of tools, consoles, and data sources in order to conduct investigations and derive sense from the data found in SIEMs, which have turned into data dumps.

However, point solutions positioned as alternatives to SIEMs suffer from sluggish search speeds, few choices for data visualization and analysis, and a data onboarding procedure that necessitates drawn-out installations while increasing total expenses.

The contemporary security operations center (SOC) needs a platform that integrates data, security, and IT and has AI and process automation integrated right in to provide security teams with the speed they need to halt breaches. With this release of Falcon Next-Gen SIEM, CrowdStrike establishes the benchmark for the SIEM of the future, designed to fuel the AI-Native SOC.

“The speed of today’s cyberattacks requires security teams to rapidly analyze massive amounts of data to detect, investigate and respond to threats faster. This is the failed promise of SIEM. Customers are hungry for better technology that delivers instant time-to-value and increased functionality at a lower total cost of ownership,” said George Kurtz, CEO and co-founder, CrowdStrike. “The vast majority of the critical security data is already resident in the Falcon platform, saving the time and cost of data transfer to a legacy SIEM. Our single-agent, single platform architecture unifies native and third-party data with AI and workflow automation to deliver on the promise of the AI-native SOC.”

The AI-Native SOC: Full Visibility. Faster Detection and Response.

With up to 150x quicker search speed and an 80% lower total cost of ownership than traditional SIEMs and systems positioned as SIEM alternatives, Falcon Next-Gen SIEM is the industry’s response to power the AI-Native SOC. The most recent Falcon Next-Gen SIEM version includes the following new and enhanced innovations:

Generative AI and Workflow Automation:

• Charlotte AI for all Falcon Data: For all Falcon data in Next Gen SIEM, Charlotte AI, a Generative AI security analyst from CrowdStrike that turns every user into a power user, is now accessible. Analysts may quickly receive a simple language response to any query they have about Falcon data from the Falcon platform, product documentation, or knowledge bases.
• Investigate with Charlotte AI: Increases investigation speed and efficiency by automatically combining all relevant information into a single event. An incident summary powered by LLM is produced for comprehension by security analysts with varying levels of expertise.
• New GenAI Promptbooks: The most popular analyst workflows across detection, investigation, hunting, and reaction are driven with velocity by new, off-the-shelf promptbooks. Teams may also create unique prompts to standardize and reuse certain detection and response routines, which will enable them to respond to incidents more quickly and effectively.
• Native SIEM and SOAR Integration: With a freshly updated user interface (UI), Falcon Fusion SOAR offers a drag-and-drop method for creating playbooks and workflows, which speeds up detection, investigation, and response. An expanding library of connectors and actions for automating crucial security and IT use cases across divided teams and technologies is included in Falcon Next-Gen SIEM.
• Automated Investigations and Threat Hunting: Workflow automation for threat hunting and investigation is made possible by Falcon Fusion SOAR. All data in Falcon Next-Gen SIEM may be automatically queried by analysts, who can then visualize the outcomes or coordinate actions between Falcon and other tools to complete the loop.

Rapid Data Ingestion to Consolidate Detection and Response:

• Expanded Data Ecosystem: Falcon Next-Gen SIEM has new and improved connectors that help integrate third-party IT data and security into a single, cohesive platform.
• New Cloud Connectors: Has broad connection to GCP, Azure, and Amazon. AWS provides coverage for all of the main cloud services, such as GuardDuty, Security Hub, and S3 Access Logs. Two instances of Azure connections are Microsoft Exchange Online and Microsoft Defender for Cloud.
• Automated Data Normalization on a Common Standard: Data onboarding is streamlined and made simpler with new parsers. The automatic normalization of third-party data via the new CrowdStrike Parsing Standard creates a common understanding that enables prompt, accurate detection and response across all data sources.
• Automated SIEM Data On-boarding: New data management capabilities simplify the understanding of data input, including its status, amount, and health. It is possible to easily add additional data sources, including on-premises log collectors, by managing and editing custom parsers.
  A Modern Analyst Experience with Incident Workbench Innovations:
• Automated Incident Enrichment: By adding context to indicators that an analyst adds to an event for full context from the Falcon platform, including adversary TTPs, host and user data, and related vulnerabilities, new automated enrichment capabilities shorten the time it takes to conduct an investigation.
• Case Management and Incident Collaboration: A streamlined user interface with customizable views, direct access to Advanced Event Search from the Incident Workbench, automated change notifications when another analyst adds a note, and severity and naming modification are just a few of the new and improved features that support analyst collaboration and ease of use.
• Add Threat Intelligence with Custom Lookup Files: Easily add threat intelligence or custom content to Falcon Next-Gen SIEM to drive searches, without cumbersome manual processes.

In order to free clients from the limitations of outdated SIEM solutions and enable the AI-Native SOC, CrowdStrike unveiled new advancements for its CrowdStrike Falcon Next-Gen SIEM.

All Falcon Insight clients will receive 10 terabytes of free third-party data input each day to experience the speed and performance of Falcon Next-Gen SIEM, which will expedite SOC transition.

Breakout times are now measured in minutes, thus security operations must keep up with the adversary’s pace to halt breaches. For legacy SIEMs to provide the security results that consumers need, they are too complicated and sluggish.

Security analysts now have to navigate a variety of tools, consoles, and data sources in order to conduct investigations and derive sense from the data found in SIEMs, which have turned into data dumps.

However, point solutions positioned as alternatives to SIEMs suffer from sluggish search speeds, few choices for data visualization and analysis, and a data onboarding procedure that necessitates drawn-out installations while increasing total expenses.

The contemporary security operations center (SOC) needs a platform that integrates data, security, and IT and has AI and process automation integrated right in to provide security teams with the speed they need to halt breaches. With this release, CrowdStrike establishes the benchmark for the SIEM of the future, designed to fuel the SOC that is AI-native.

“The speed of today’s cyberattacks requires security teams to rapidly analyze massive amounts of data to detect, investigate and respond to threats faster. This is the failed promise of SIEM. Customers are hungry for better technology that delivers instant time-to-value and increased functionality at a lower total cost of ownership,” said George Kurtz, CEO and co-founder, CrowdStrike. “The vast majority of the critical security data is already resident in the Falcon platform, saving the time and cost of data transfer to a legacy SIEM. Our single-agent, single platform architecture unifies native and third-party data with AI and workflow automation to deliver on the promise of the AI-native SOC.”

The AI-Native SOC: Full Visibility. Faster Detection and Response.

With up to 150x quicker search speed and an 80% lower total cost of ownership than traditional SIEMs and systems positioned as SIEM alternatives, Falcon Next-Gen SIEM is the industry’s response to power the AI-Native SOC.

The most recent Falcon Next-Gen SIEM version includes the following new and enhanced innovations:

Generative AI and Workflow Automation:

• Charlotte AI for all Falcon Data: For all Falcon data in Next Gen SIEM, Charlotte AI, a Generative AI security analyst from CrowdStrike that turns every user into a power user, is now accessible. Analysts may quickly receive a simple language response to any query they have about Falcon data from the Falcon platform, product documentation, or knowledge bases.
• Investigate with Charlotte AI: Increases investigation speed and efficiency by automatically combining all relevant information into a single event. An incident summary powered by LLM is produced for comprehension by security analysts with varying levels of expertise.
• New GenAI Promptbooks: The most popular analyst workflows across detection, investigation, hunting, and reaction are driven with velocity by new, off-the-shelf promptbooks. Teams may also create unique prompts to standardize and reuse certain detection and response routines, which will enable them to respond to incidents more quickly and effectively.
• Native SIEM and SOAR Integration: With a freshly updated user interface (UI), Falcon Fusion SOAR offers a drag-and-drop method for creating playbooks and workflows, which speeds up detection, investigation, and response. An expanding library of connectors and actions for automating crucial security and IT use cases across divided teams and technologies is included in Falcon Next-Gen SIEM.
• Automated Investigations and Threat Hunting: Workflow automation for threat hunting and investigation is made possible by Falcon Fusion SOAR. All data in Falcon Next-Gen SIEM may be automatically queried by analysts, who can then visualize the outcomes or coordinate actions between Falcon and other tools to complete the loop.

Rapid Data Ingestion to Consolidate Detection and Response:

• Expanded Data Ecosystem: Falcon Next-Gen SIEM has new and improved connectors that help integrate third-party IT data and security into a single, cohesive platform.
• New Cloud Connectors: Has broad connection to GCP, Azure, and Amazon. AWS provides coverage for all of the main cloud services, such as GuardDuty, Security Hub, and S3 Access Logs. Two instances of Azure connections are Microsoft Exchange Online and Microsoft Defender for Cloud.
• Automated Data Normalization on a Common Standard: Data onboarding is streamlined and made simpler with new parsers. The automatic normalization of third-party data via the new CrowdStrike Parsing Standard creates a common understanding that enables prompt, accurate detection and response across all data sources.
• Automated SIEM Data On-boarding: New data management capabilities simplify the understanding of data input, including its status, amount, and health. It is possible to easily add additional data sources, including on-premises log collectors, by managing and editing custom parsers.

A Modern Analyst Experience with Incident Workbench Innovations:

• Automated Incident Enrichment: By adding context to indicators that an analyst adds to an event for full context from the Falcon platform, including adversary TTPs, host and user data, and related vulnerabilities, new automated enrichment capabilities shorten the time it takes to conduct an investigation.
• Case Management and Incident Collaboration: A streamlined user interface with customizable views, direct access to Advanced Event Search from the Incident Workbench, automated change notifications when another analyst adds a note, and severity and naming modification are just a few of the new and improved features that support analyst collaboration and ease of use.
• Add Threat Intelligence with Custom Lookup Files: Easily add threat intelligence or custom content to Falcon Next-Gen SIEM to drive searches, without cumbersome manual processes.

Falcon Next-Gen SIEM is widely available. For further details:

• Get a demo at RSA, booth #N-6144
• Registerfor the virtual AI-Native SOC Summit
• Visit the Falcon Next-Gen SIEM pageor request a free virtual test drive