Falcon X Premium FAQ

Falcon X Premium is CrowdStrike’s premier threat intelligence subscription that enables organizations to predict and prevent nation-state, eCrime and hacktivist attacks. Falcon X Premium provides security operations center (SOC), incident response (IR) and cyber threat intelligence (CTI) teams with everything they need to quickly detect, understand and take action against today’s most sophisticated cyber threat actors.

Falcon X Premium includes all Falcon X offerings and widens the focus to include daily threat alerts, finished intelligence reports and global threat research. In addition, Falcon X Premium provides technical/tactical intelligence to strengthen your automated security defenses, support threat hunting, improve alerting and increase situational awareness.

To differentiate between threat intelligence solutions, begin by looking at the sources of information used to generate the intelligence. Since vendors have access to different information, the way they collect and analyze that data has a profound impact on the intelligence they produce.

CrowdStrike uses an “all source” method of data collection to make threat intelligence assessments, which means data can come from everywhere and across multiple disciplines. A critical data source, the CrowdStrike Falcon platform, is unique to Falcon X Premium.

The CrowdStrike Falcon platform gathers information from millions of protected endpoints across 176 countries, collecting trillions of events per week. These events provide visibility into how adversaries operate worldwide in real time. CrowdStrike uses this data to assess trends and behaviors and expose adversaries’ motives and intent, capabilities and infrastructure, and tactics, techniques and procedures (TTPs). In addition, CrowdStrike employs a broad data collection strategy that harvests data from the technical processing of millions of malware samples, incident response engagements, forensics analysis, honeypots and honeynets, network telemetry, web forums, human intelligence gathering, open source and much more.

To analyze this data and create intelligence, a world-class team is required. The CrowdStrike Intelligence team is a pioneer in adversary analysis, tracking more than 130 cybercrime, espionage and hacktivist groups, studying their intent and analyzing their tradecraft. This team of threat intelligence analysts, security researchers, cultural experts and linguists uncovers unique threats and provides groundbreaking research that fuels CrowdStrike’s ability to deliver proactive security that dramatically improves security posture.

Threat intelligence benefits organizations of all sizes and across all industries by helping them better understand the cybersecurity risks they face. Falcon X Premium offers unique advantages in the following areas:

• SOC Teams: Accelerates alert triage and simplifies incident analysis
• IR Teams: Eliminates manual threat investigations
• CTI Teams: Delivers threat research and visibility, while improving situational awareness
• Vulnerability Management Teams: Helps prioritize patching activity
• Information Technology: Improves the effectiveness of existing security controls
• Leadership: Informs risk management and security decision-making

No. While CrowdStrike EPP modules are recommended and proven to stop breaches, they are not a requirement. All organizations can benefit from Falcon X Premium’s comprehensive capabilities.

Falcon X offers tiered levels of service, enabling organizations to choose the option that best fits their business requirements and resources:

– Falcon X: Built on the CrowdStrike Falcon® platform, Falcon X brings endpoint protection to the next level by combining malware sandboxing, malware search and threat intelligence into one integrated solution. Falcon X performs automated threat investigations within seconds rather than hours or days — enabling better and faster security decisions.

– Falcon X Premium: This includes all Falcon X capabilities and adds global threat research and reporting from the CrowdStrike Intelligence team. Falcon X Premium includes daily threat alerts, comprehensive intelligence reports and global threat research. In addition, Falcon X Premium provides technical/tactical intelligence to strengthen your automated security defenses, support threat hunting, improve alerting and increase situational awareness.

– Falcon X Elite: This option delivers threat intelligence expertise and expanded capabilities to Falcon X Premium subscribers. As an Elite program customer, you are assigned a CrowdStrike threat intelligence analyst with vast experience battling nation-state and eCrime adversaries. The Falcon X Premium Elite analyst acts as a member of your team, ensuring you have actionable, relevant and timely visibility into threats that matter most, including those to your organization, sector and region.

Falcon X Premium provides a variety of malware analysis options:

• Falcon X processes an unlimited number of PE files (such as .EXEs, .DLLs, etc.) quarantined by Falcon Prevent.
• You can submit an additional 500 files per month for malware analysis. If you need more than 500 files, the Falcon X Expansion Pack increases the quota up to 25,000 files per month. Contact sales@crowdstrike.com for more information.
• Falcon X Premium enables you to escalate malware to a CrowdStrike expert for in-depth research. You can submit up to five files per month for human analysis.

YARA and SNORT rules increase the ability to detect sophisticated attacks by identifying malware from a behavioral or infrastructure standpoint, rather than relying on signatures. YARA rules can be ingested into tools such as threat intelligence platforms to identify and classify malware families and find related threats. In a similar fashion, SNORT rules can be used with intrusion detection systems (IDS) to augment alerting.

YARA and SNORT rules are used by automated systems, and therefore they must be crafted by experts to ensure precision and eliminate false positives. CrowdStrike expertly crafts and tests YARA and SNORT rules so you can identify emerging, sophisticated threats with confidence.

Yes. Falcon X Premium includes a comprehensive set of easy-to-use APIs and pre-built integrations to orchestrate SIEMs, threat intelligence platforms, IDS systems, firewalls, proxy servers, network systems and more. The available APIs provide real-time access to IOCs, actor profiles, intelligence reports, tailored intelligence, malware analysis and YARA/SNORT rules.

Yes. Available separately, Falcon X Premium Request for Information (RFI) Packs provide up to five RFIs. An RFI is a request for threat intelligence research on a specific topic of your choosing. For example, if your organization is looking to implement a two-factor authentication solution, you may want to know “What threats or vulnerabilities exist in two-factor authentication?” to help guide your purchasing decision. You can submit this question as an RFI, and CrowdStrike will assign a domain expert, perform research on your behalf and deliver a custom intelligence response.

Each Falcon X Premium RFI Pack includes up to five RFIs that can be used throughout the term of the Falcon X Premium subscription. If you exhaust the allotment of five RFIs, additional packs are available for purchase. Please contact Sales for more information.

Falcon X Premium is licensed on a subscription basis per endpoint or company size . Pricing starts at $25.00 per endpoint, per year (minimums apply). For more information, please contact us.