CrowdStrike on Tuesday announced enhancements to four of its security products\u2013Falcon Insight, CrowdStrike Cloud Security, Humio, and Falcon Discover. The new features include XDR (extended detection and response), enhanced zero trust, new log management, and IoT security capabilities.\n\nThe first new offering is an extension to Crowdstrike\u2019s Falcon Insight that will include XDR capabilities. CrowdStrike will now allow all its EDR (endpoint detection and response) customers to activate XDR capabilities within Falcon Insight through connector packs that unlock cross-domain detections, investigations and response actions across all key security domains from a unified console. However, customers will have to pay an additional charge for the new features.\n\nXDR is an approach to threat detection and response that provides holistic protection against cyberattacks, unauthorized access and misuse. Falcon Insight XDR would be a combination of native XDR as well as hybrid XDR. \n\nNative XDR refers to integrating first-party data\u2014data that Falcon has from endpoints, cloud infrastructure, and identity capabilities\u2014and co-relating that with detections and incidents that span across these domains. \n\nHybrid XDR will take data from third parties including cloud XDR alliance partners and third-party vendors to create detections that span across the telemetry among these domains. \n\n\u201cOur XDR strategy has been clear from the beginning: bring the right information into the Falcon platform at the right time. With the introduction of Falcon Insight XDR, CrowdStrike is making it easier than ever for our customers to implement XDR and get EDR-like benefits from native integrations of other Falcon modules from the Falcon platform,\u201d said Michael Sentonas, chief technology officer at CrowdStrike, in a press note.\n\nCrowdStrike is integrating third-party telemetry from CrowdXDR Alliance partners, which now include Cisco, ForgeRock and Fortinet as new members, and third-party vendors, which now include Microsoft and Palo Alto Networks.\n\nThese additional integrations will be available in the fourth quarter of the fiscal year 2023, Crowdstrike said. \n\n\u201cWith the introduction of additional third-party integrations, we are empowering our customers to effectively and elegantly enrich a variety of data sources,\u201d Sentonas said. \u201cBy combining first-party and third-party integrations, security teams can create a detailed storyline on how an attack develops and progresses from detection to remediation." \n\nEnhancing Zero Trust capabilities\n\nCrowdstrike is also adding Cloud Infrastructure Entitlement Manage (CIEM) capabilities to its Cloud Security offering.\n\n\u201cTo maintain zero trust, it is critical that identities are managed with the least privileges from an entitlement and access perspective. To make sure that security teams can effectively manage the security posture,\u201d said Amol Kulkarni, chief product & engineering officer at CrowdStrike, at the company\u2019s press conference on Tuesday. \n\nTo achieve this, Crowdstrike is taking two steps. First, it is expanding its cloud-native application protection platform capabilities for CrowdStrike Cloud Security to add CIEM capabilities. \n\nSecond, it is integrating CrowdStrike Cloud Security with the CrowdStrike Asset Graph. The asset graph will provide cloud asset visualizations and visibility into the attack surface in the cloud across hosts, configurations, identities and applications to stop breaches.\n\n\u201cCIEM capabilities enable organizations to prevent identity-based threats resulting from improperly configured cloud entitlements across Amazon Web Services (AWS) and Microsoft Azure,\u201d Kulkarni said. \n\nImproving traditional log management \n\nTo expand its observability capabilities to help organizations leverage their data for security and non-security use cases, the company announced two new products based on the Humio technology it acquired in March, 2021.\u00a0\n\nThe first product is Falcon LogScale, available as a standalone module that enables organizations to ingest, search, transform and retain all of their log data and get answers in real-time. The second product is Falcon Complete LogScale, which is a new fully managed service offering that combines Falcon LogScale with CrowdStrike\u2019s dedicated team of service professionals.\n\n\u201cLog management has been a long and essential process for IT and security teams, and it is critical this is simplified. There are lot of inefficiencies here in the process and modules and Falcon LogScale with its efficient connection, index free storage and immediate time to value enables reducing that complexity to a large extent,\u201d said Kulkarni. \n\nUsing these two modern log management systems, security teams can search data with subsecond latency to find patterns, and apply analytics to address cybersecurity challenges.\n\n\u201cFor DevOps and ITOps teams, they can use data to have real-time visibility of the health and performance of their infrastructure and applications,\u201d the company said.\n\nSecuring key infrastructure\n\nThe fourth major announcement was an update to CrowdStrike\u2019s security and IT operations product suite, Falcon Discover.\n\nThe enhancements include a new module (Falcon Discover for IoT) to provide organizations with visibility for IoT systems and operational technology (OT) environments, and new capabilities for the Falcon Discover (Security Hygiene) module to help IT and security leaders holistically understand and minimize an organization\u2019s attack surface to reduce the risk of a potential breach.\n\n\u201cUniversally, Falcon Discover and Falcon Discover for IoT will be applicable for any organization whether they are advanced in their maturity lifecycle or very early on their journey in managing security. As it is the first step, visibility first, be it in runtime security or active security or proactive security,\u201d Kulkarni said.