CrowdStrike debuts Falcon Discover for IoT to gain visibility, reduce risk across IoT, OT environments


CrowdStrike, a specialist in cloud-delivered protection of endpoints, cloud workloads, identity and data, introduced new innovations to its Security and IT Operations product suite. This includes a new module (Falcon Discover for IoT) to provide organisations with breakthrough visibility for Internet of Things (IoT) and operational technology (OT) environments, and new capabilities for the Falcon Discover (Security Hygiene) module to help IT and security leaders holistically understand and minimise an organisation’s attack surface to reduce the risk of a potential breach.

Falcon discover for IoT: Visibility and risk reduction across ICS environments

Critical infrastructure systems continue to be vulnerable to cyber attacks by adversaries and organisations now recognise the security of their Industrial Control System (ICS) assets as fundamental to their business. Yet according to a 2021 SANS Institute report, “asset inventories continue to challenge most organisations, with only 58.2% having a formal process.” To address this challenge, CrowdStrike is extending the approach it pioneered with Falcon Discover and extending security hygiene across ICS, IT and OT environments with Falcon Discover for IoT. New capabilities include:

  • Minimise risk with asset inventory: Accelerate the IT/OT convergence with a centralised and up-to-date inventory of all IT, OT and IoT assets, combined with advanced behavioral analytics that helps identify and mitigate potential risks associated with connected devices and networks.
  • Comprehensive visibility: Eliminate blind spots associated with unmanaged or unsupported legacy systems and quickly uncover hidden threats with deep, contextual visibility and analysis across IT and OT environments.
  • Continuous real-time asset monitoring: Leverage CrowdStrike Asset Graph to provide contextual endpoint and network asset data to pinpoint unsupported and unmanaged devices that could lead to a breach.
  • Powerful context enrichment with third-party integrations: Integrate seamlessly with third-party IoT security vendors like Claroty to enrich asset and network visibility and achieve comprehensive understanding of all IT and OT managed and unmanaged devices, sessions and processes across ICS/OT environments.

“Gaining visibility and being able to manage both known and unknown assets is critical for us to maintain proper security hygiene. The introduction of Falcon Discover for IoT will provide a deeper understanding of the interconnected relationships between IT, OT and IoT assets across every system and enable us to better proactively secure our environment. I am excited to see what else is possible with CrowdStrike, because it has so much information and delivers incredible visibility,” says Serge Groven, senior corporate IT manager at StepStone.

“As organisations continue to modernise their OT environments by embracing new IoT devices and other highly connected cyber-physical systems, securing this modern OT landscape requires full, in-depth visibility as well as deploying protective and monitoring controls that cannot be achieved solely through traditional methods such as passive monitoring,” says Stephan Goldberg, VP, technology alliances at Claroty. “Unlike the status quo, Claroty and CrowdStrike have deepened their partnership to identify and trigger a response to potential threats. The result is holistic security that further extends to OT.”

Falcon discover enhancements: The path to proactive security posture management

Stopping modern attacks requires real-time visibility across managed and unmanaged assets no matter where they reside. Before organisations can be more proactive in managing security posture and risk, they need to understand the interconnected relationships between assets, cloud environments, identities and configurations across every system. CrowdStrike is introducing new enhancements for Falcon Discover to help organisations shift from legacy asset inventory to a real-time, continuous view into their attack surface and provide insight into complete system and organisational health. New capabilities include:

  • Proactively shutdown potential attack paths with holistic asset visibility: The newly enhanced Asset Dashboard unifies visibility into assets (managed and unmanaged) across the CrowdStrike Falcon platform to view key asset data and gain proactive recommendations to stop potential entry points into an environment.
  • See how every asset is related across your enterprise to reduce risk: With Asset Graph, the all-new relationship mapping tool provides a comprehensive visual map ofhow assets are connected to each other, including how many steps an internet-exposed device is from business critical assets to trace and shutdown potential adversary paths before they can be used.

“While visibility in an organisation’s environment is important, just defining what’s present doesn’t solve the problem,” says Amol Kulkarni, chief product and engineering officer at CrowdStrike. “Organisations need a security platform that can provide deep visibility into cross-domain data and an understanding of their attack surface in order to make the most informed, risk-based decisions resulting in a more predictive and proactive security posture. With CrowdStrike driving the convergence of security and observability with the Falcon platform, organisations can do more with their data and bridge the gap between OT and IT environments as well as IT and security operations.”

Falcon Discover enhancements are generally available for customers. Falcon Discover for IoT is currently in beta and will be generally available for customers in October.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow.