CrowdStrike Falcon Identity
Threat Protection

CrowdStrike Falcon® Identity Threat Protection enables hyper accurate threat detection and real-time prevention of identity-based attacks combining the power of advanced AI, behavioral analytics and a flexible policy engine to enforce risk-based conditional access.

Start free trial Get a free AD Risk Review

Benefits


Gain visibility of workforce identities across multi-directory environments

Falcon Identity Threat Protection enables unified visibility and control of user access to applications, resources and identity stores, with actionable insights into user behavior and risks, eliminating security blindspots across hybrid environments.

Get hyper-accurate threat detection and reduce response times dramatically

Falcon Identity Threat Protection reduces false positives, brings down the mean time to detect and resolve incidents by eliminating the need for complex, error-prone log analysis, and improves SOC analysts’ efficiencies by cutting down alert fatigue.

Enable real-time prevention of identity-based attacks with conditional access policies

Falcon Identity Threat Protection enforces consistent risk-based policies to automatically block, allow, audit or step up authentication for every identity, at the same time ensuring a frictionless login experience for genuine users.

Technical features

How Does Falcon Identity Threat Protection Help?

Segment workforce identities

  • Provides continuous multi-directory visibility into the scope and the impact of access privileges for identities across Microsoft Active Directory (AD), Azure AD and cloud single sign-on (SSO) solutions.
  • Automatically classifies identities into hybrid (identities that are on on-premises and cloud AD) and cloud-only (identities that reside only on Azure AD).
  • Segments accounts into human, service, shared accounts and privileged accounts.
  • Provides a customizable attack surface overview with insights into user risk and behavior changes over time, like an increase in account lockouts, high-risk endpoints, compromised passwords, etc.
Suspicious movement identity protection

Automate threat detection and response

  • Enables hybrid identity store protection with continuous inspection of live authentication traffic, including encrypted protocols such as LDAP/S.
  • Flag accounts as honeytokens to securely lure, detect and stop adversaries. Provides continuous assessment of security and incidents around identity threats without requiring the ingestion of logs or complex analysis.
  • Uncovers reconnaissance (e.g. LDAP, BloodHound, SharpHound, credential compromise attacks), lateral movement (e.g., RDP, SMB to DC, mimikatz tool, unusual endpoint usage, unusual service logins, duplicate passwords, etc), and persistence (e.g. Golden Ticket attack) with advanced analytics and patented machine learning technology
  • Speeds up security investigations using intuitive threat hunting, with predefined search criteria, like but not limited to authentication events, unencrypted protocols, user roles, IP reputation and risk scores.
Zero trust automate

Verify identities with zero friction

  • Defines and enforces policies in real time, based on authentication patterns, behavior baselines and individual risk scores to verify identities using step-up authentication such as multifactor authentication (.e.g MFA).
  • Automatically secures access to identity stores and applications, with improved user experience, by triggering identity verification only when the risk increases or if there’s a deviation from normal behavior.
  • Reduces the attack surface by extending MFA to any resource or application, including legacy/proprietary systems and tools — for example, desktops that are not covered by cloud-based MFA solutions, and tools like PowerShell and protocols like RDP over NTLM.
  • Automatically resolves security incidents that the user approves using identity verification methods such as 2FA/MFA, without involving security analysts and help desk tickets.
Zero trust verify identities

Customers trust CrowdStrike

Expensify logo
Full logo
Verizon logo


Deloitte logo
Goldman Sachs logo
Lands End logo
 

Tested and proven leader

CrowdStrike is proud to be recognized a leader by industry analyst and independent testing organizations.

Gartner peer logo

“Simple and ready-to-use integrations with existing IAM platforms (Ping & Okta) and overall ease of deployment.” – Manager, $30B Services Company

Read the review

Gartner peer logo

“Provided significant visibility into our authentication environment — specifically, finding cases where service accounts were being used interactively, or where privileged accounts were being shared for convenience. It has enabled us to exert greater control over our privileged account infrastructure and reduce risk” – CISO, $10B Finance Company

Read the review

Frost and sullivan logo

“The overall savings using Falcon Identity Protection could be as much as $5,184,000.” – Frost and Sullivan, December 2020 Zero Trust Report

Read the review

Related resources

Learn More About Falcon Identity Threat Protection