At CrowdStrike Fal.Con 2023, CrowdStrike announced a new Falcon Raptor release with generative-AI capabilities and the acquisition of Bionic.
At CrowdStrike’s annual Fal.Con show in Las Vegas this week, the company announced a series of enhancements to its Falcon security platform, including a new Raptor release with generative-AI capabilities. The company also announced the acquisition of Bionic to add cloud application security to its portfolio.
Jump to:
CrowdStrike Falcon covers endpoint security, Extended Detection and Response, cloud security, threat intelligence, identity protection, security/IT Ops and observability. The new Raptor release adds petabyte-scale, fast data collection, search and storage to keep up with generative AI-powered cybersecurity and stay ahead of cybercriminals. It’s being rolled out gradually to existing CrowdStrike customers beginning in September of 2023.
The key elements of the Raptor release are:
“Raptor eliminates security noise and reduces the time analysts take to chase down incidents,” said Raj Rajamani, head of products at CrowdStrike, when I interviewed him at Fal.Con.
In earlier versions of Falcon, data existed in multiple backends, which increased the possibility of blind spots that could be exploited by hackers. Raptor provides a single data plane to bring the data together in the CrowdStrike platform.
“There is no longer a need for security analysts to go to different points to try to correlate CrowdStrike and third-party data, as everything is stitched together by Charlotte AI to reduce the time needed for triage and analysis,” said Rajamani.
This is achieved by decoupling the data from the compute power needed to compile, process and analyze it. Rajamani said this can take query response times down from hours to seconds and larger queries from days to a few hours.
As CrowdStrike Falcon consists of multiple modules that broadly address the security landscape, it competes on multiple fronts. On the EDR side, its main competitors are Microsoft and SentinelOne. On cloud security, it lines up against the likes of Microsoft and Palo Alto Networks. For identity protection, its primary competitor is probably Microsoft. Rajamani said that CrowdStrike has an advantage over Microsoft and others through its ability to build a unified data plane using a single agent and console for all security-related data.
“Others solve parts of the security puzzle but struggle to bring it all together without a 360-degree view,” he said. “The sum of the parts is greater than the whole.”
The other big announcement at CrowdStrike’s Fal.Con was an agreement to acquire Application Security Posture Management vendor Bionic. This extends CrowdStrike’s cloud native application protection platform to deliver risk visibility and protection across all cloud infrastructure, applications and services.
The crowded cloud-native software platform marketplace is led by PingSafe, Aqua Security, Palo Alto Networks, Orca and many others; the addition of ASPM from Bionic should give CrowdStrike an edge. ASPM adds app-level visibility to infrastructure, and it solves problems such as being able to detect which applications — even legacy applications — are operating within the enterprise and what databases and servers these apps are touching. This is accomplished without an agent.
Rajamani likened it to the difference between an X-ray (CNAPP) and an MRI (ASPM). The addition of Bionic provides CrowdStrike with the ability to detect a wider range of potential issues.
“The integration of Bionic means we can greatly reduce the number of alerts to enable analysts to zero in on the ones that matter,” said Rajamani. “As a result, CrowdStrike will be the first cybersecurity company to deliver complete code-to-runtime cloud security from one unified platform.”