CrowdStrike Falcon gets Humio! Effective Threat Hunting
CrowdStrike introduced Humio for Falcon, a new capability that extends data retention of CrowdStrike Falcon telemetry for up to one year or longer, enhancing threat analytics and threat hunting capabilities for organizations to meet compliance requirements.
Humio brings together the security platform in CrowdStrike Falcon, with the powerful search capabilities of CrowdStrike’s centralized logging offering. This gives security teams the ability to store security and IT telemetry from the Falcon platform, which is enriched and contextualized across endpoints, workloads and identities to address the challenge of operationalizing the ever-growing volumes of data.
It helps security teams analyze and act on all data both real-time and historical data in their environment. With longer data retention security teams can uncover and detect potential threats within their environments with deep, contextual analytics and sub-second search results at any scale through a modern, index-free architecture.
Humio for Falcon solves this problem by delivering scalable and cost-effective data retention that enables threat hunters and incident responders to look and hunt for threats.
Customers can feed Falcon platform data directly into Humio with the Falcon Data Replicator. This data is instantly searchable and can be cross-referenced with other incumbent data sources in Humio.
By analyzing multiple log sources as part of their security detections, customers can better define and narrow the scope of detections to match exact adversary techniques and behaviors, resulting in fewer false positives.
Benefits of Humio
- Threat hunting and troubleshooting at unprecedented scale
- Longer data retention to help meet compliance requirements and reduced cost
- New dashboard visualization for fast and custom search