Combining security orchestration, automation and response (SOAR) and endpoint detection and response (EDR) is a no-brainer. CrowdStrike has been the greatest evangelist of the 1-10-60 security benchmark (that’s one minute to detect a breach, 10 minutes to triage it, and 60 minutes to contain it), and with most companies falling considerably short of this benchmark, automation and orchestration can bring you that much closer.
Today we are delighted to announce that the Siemplify SOAR platform is available from the CrowdStrike store, making it easier than ever for CrowdStrike customers to combine SOAR with the Falcon platform.
As the only true SOAR platform on the CrowdStrike store, here is what CrowdStrike users can expect:
- Seamless Cloud-Native Deployment: With most SOAR platforms lagging and offering on-premises deployments (or cloud-“hosted” options at best), Siemplify’s cloud-native architecture means deployment alongside Falcon is effortless. CrowdStrike customers can be up and running with SOAR in minutes with just a few clicks.
- Prepackaged Use Cases: The Siemplify platform was built for fast time-to-value. We’ve introduced packaged use cases to help organizations hit the ground running and address common scenarios using the tools they already invested in, so it should come as no surprise that the Siemplify Marketplace includes CrowdStrike-specific use cases. Expect more use cases down the road from Siemplify, as well within the Siemplify Community built by real-life security operations practitioners.
- A Complete Security Operations Workbench: In addition to playbooks that orchestrate CrowdStrike solutions, as well hundreds of additional tools, Siemplify is a complete SecOps workbench, with robust case management, an investigation canvas, integrated threat intelligence (TIP), crisis management, collaboration and much more!
The Rubber Hits the Road
With Siemplify, security teams can better manage CrowdStrike alerts and reduce manual workload with playbooks that automate everything from alert enrichment to response. With Siemplify and CrowdStrike you can ingest endpoint related alerts, automate data collection to speed up investigation and orchestrate response across all the endpoints – all within one interface.
Here’s just some of the things you could do:
- Enrich alerts using CrowdStrike behavioral analytics and threat intelligence information.
- Automatically close alerts as false positives if all enrichment data comes back negative.
- Execute a series of CrowdStrike mitigation activities, such as host quarantine.
- Automatically hunt for similar threats found in threat intelligence that may have gone undetected.
- Automatically create a ServiceNow ticket for IT to reimage an infected machine.
Combining CrowdStrike and Siemplify and taking your SecOps to the next level has never been easier. Experience it for yourself by installing Siemplify from the CrowdStrike store. Also make sure to join the Siemplify Community for free expert support, tutorials and ideas exchange with the best SecOps pros in the world.
Nimmy Reichenberg is CMO at Siemplify.
Sign up for our newsletter and join thousands of your peers who receive monthly security operations tips and tricks.