CS POC : Customer Testing Guide

Overview

• The CrowdStrike Falcon® platform provides unparalleled protection for your enterprise, defending against all types of cyber threats across the entire attack lifecycle. Built on a cloud-native architecture and powered by advanced AI, the platform safeguards against everything from known malware to sophisticated attacks like zero-day exploits and ransomware.

With features like enterprise-grade EDR, signatureless NGAV, and behavioral analysis, CrowdStrike delivers proactive threat prevention, detection, and response. Additional capabilities such as device control for USB and Bluetooth, network containment, and integrated threat intelligence ensure comprehensive endpoint security, empowering your organization to stay ahead of evolving threats.

Success Criteria Validation

• To ensure that products meet your needs, it’s imperative that both parties understand the intended goal. This is accomplished by first establishing success criteria. We group success criteria into three core pillars: effectiveness, simplicity and performance. These are the most common claims tested by others.

Effectiveness

• Consistently prevents the execution of previously unknown, known and custom-crafted malware and payloads without the need for signatures
• High offline prevention rates
• Identify the existence of potentially unwanted programs and dual-use toolkits
• Blocks post-exploit memory attacks
• Prevents execution of unauthorized scripts
• Stops malicious Office macros
• Ability to block unauthorized external storage
• Reduces level of effort to detect and respond
• Gain quick visibility for root cause analysis

Simplicity

• Multi-OS support
• Replaces (or if necessary augment) existing anti-malware solutions
• Microsoft approved AV
• No on-premises equipment required thus saving CAPEX and OPEX
• Simple to deploy using GPO, login script or 3rd party software management packages
• Ease of ongoing agent maintenance. Minimal updates
• Uncomplicated and flexible policy options
• Transparent to the end user. No required changes to their processes or training
• Eases coverage for globally roaming users whether they are online or offline. No need to backhaul roaming users through the corporate security stack
• Does not require excessive (or any) policy exceptions for line of business applications to work
• Automate response actions to behavioral threats without human intervention

Performance

• Reduction in security alert “noise” once endpoints are in auto-quarantine mode
• Single console scales to millions of endpoints. No need for additional management components as you grow
• Non-disruptive to the environment. No reboot required including servers
• Does not interfere with the end user experience. Fully autonomous agent with a reasonable systems resources
  footprint:
  • No daily .DAT signature updates
  • Eliminates daily hard disk scans
  • Reduces aggregate CPU usage
  • Reduces Memory usage
  • Increases file transfer speeds
  • Reduces application launch time (Outlook, Word, IE, Chrome, etc.)
  • Extended battery usage through lower power consumption
• Extended system usable lifespan, e.g. older computers can run our lighter weight software longer
• Lowers network bandwidth usage by eliminating legacy solution DAT file distribution challenges
• Returns performance to VDI infrastructure while providing a more complete guest OS-based anti-malware solution compared to hypervisor-level malware-only scanning
• Anomalous behavior visibility
• Enterprise-wide attack indicator queries returned in seconds