CrowdStrike has announced a significant expansion of its Falcon Next-Gen SIEM platform, now offering support for third-party endpoint detection and response (EDR) solutions, starting with Microsoft Defender. This evolution allows organizations to modernize their Security Operations Centers (SOC) by integrating diverse telemetry without the need to replace existing endpoint agents. The update aims to eliminate the "data tax" associated with legacy SIEMs while providing a unified environment for investigation and response.
Key technical enhancements include the integration of Falcon Onum for real-time data control and filtering, which reduces storage costs and noise, and Federated Search capabilities that allow analysts to query data in external stores like Amazon S3 and ExtraHop without re-ingestion. Additionally, the new Third-Party Indicator Management system operationalizes external threat intelligence at scale, correlating behavioral signals with CrowdStrike’s native adversary intelligence to improve detection accuracy.
Top comments (0)