CrowdStrike Falcon Spotlight
Scanless Vulnerability Management
Falcon Spotlight provides real-time visibility across your enterprise — giving you relevant and timely information you need to reduce your exposure to attacks with zero impact on your endpoints.
A new approach to vulnerability assessment
The fastest and simplest solution to decrease risk and exposure, close security gaps and be better prepared to respond to attacks
The presence of vulnerabilities in applications and operating systems provides attackers with flaws they can exploit to compromise your systems. That’s why it’s critical that organizations detect and patch vulnerabilities quickly. However, it’s easier said than done — the large number of breaches that begin with the exploitation of a vulnerability proves it.
Scanless Instant Vulnerability Assessment
CrowdStrike Falcon Spotlight™ offers security teams a real-time assessment of vulnerability exposure on their endpoints that is always current. Falcon Spotlight’s native integration into the CrowdStrike Falcon platform enables customers to operate vulnerability assessment within a complete endpoint protection framework. Falcon Spotlight adds preparation and readiness to the unparalleled prevention, detection and response provided by the Falcon platform, resulting in a stronger security posture and unprecedented breach protection.
- Integrated Protection: Spotlight is a key part of CrowdStrike’s comprehensive and unified endpoint protection platform. With Spotlight and the Falcon platform, not only can you see your security gaps, you see which gaps your adversary is targeting, arming you with the proactive protection you need to block advanced attacks.
- Comprehensive Visibility: Spotlight requires no scanners to deploy and manage and no new agents — just turn it on and start seeing results. Spotlight gives you visibility across your enterprise, whether endpoints are physical or virtual, on- or off-premises, or on-the-move. You receive unparalleled visibility into vulnerabilities across your distributed enterprise without compromise.
- Effortless: Spotlight delivers always up-todate information seamlessly, putting it into the hands of security analysts. This helps you improve response time and reduces the effort required to understand your security posture and become more proactive.
- Zero-impact: CrowdStrike’s cloud-native architecture enables constant visibility into endpoint vulnerabilities without the need for cumbersome and resourceintensive network or host scans.
Key Benefits of Choosing Falcon Spotlight
Unified Threat and Vulnerability Managemnet
As part of an integrated platform that prevents exploits and post-exploit activity, Falcon Spotlight™ allows you to research common vulnerabilities and exposures (CVEs) to examine threat actor profiles and targets.
Scanless and Fast
Spotlight utilizes scanless technology, delivering an always-on, automated vulnerability management solution with prioritized data in real time. It eliminates bulky, dated reports with its fast, intuitive dashboard.
The cloud-native CrowdStrike Falcon® platform and single lightweight agent collect data once and reuse it many times. As a result, Spotlight requires no additional agents, hardware, scanners or credentials — simply turn on and go.
Key Product Capabilities
Falcon Spotlight solves the challenges that plague traditional vulnerability assessment and management solutions by delivering the following benefits:
Seamless Integration with The Falcon Platform
Connects the dots
Tight integration with other Falcon modules means you can quickly pivot between vulnerability information, incidents details and endpoint activities, not only in real time but also historically.
Prevent while you patch
The Falcon platform mitigates the risk from vulnerabilities that cannot be patched quickly by preventing and detecting exploit attempts as well as post exploitation activities. This buys you precious time to patch your systems against future attacks.
No Scanners, No New Agents
Falcon Spotlight uses the Falcon agent to continuously monitor the vulnerability status of endpoints and stream data to the cloud, eliminating the need for scheduled scans while still providing complete visibility into vulnerabilities.
Spotlight monitors all endpoints via the Falcon sensor, whether on- or off-network, on-premises, off-premises or in the cloud and on both physical and virtual endpoints.
Zero impact on performance
Vulnerability management is scan-less and vulnerabilities are identified in the cloud with no additional impact to endpoints or the network.
Frictionless Access to Vulnerability Data
Real-time dashboard and search
Falcon Spotlight makes data easily available to security analysts through a series of intuitive dashboards and real-time search. Legacy solutions lock critical information up in silos and thousand-page reports. Spotlight unleashes this information in real time — when and where it’s needed.
Enhance existing vulnerability management solutions
Falcon Spotlight adds deeper visibility and provides threat context, enabling security teams to see both the presence of a vulnerability and evidence of exploitation attempts in their environments.
As part of the Falcon platform, Falcon Spotlight does not require the installation of additional agents, management infrastructure or management consoles, making deployment easy and efficient.
Falcon Spotlight can be deployed instantly for unrivaled time-to-value. As soon as it is installed, it hits the ground running, monitoring and identifying vulnerabilities across your organization without requiring reboots, query writing, staging or complex configuration.
Seamless, cloud-based protection
Leveraging CrowdStrike’s cloud-native architecture, Falcon Spotlight gives security teams the power to protect systems — whether those systems are on-premises, off-network or in a cloud environment.
Download the CrowdStrike Falcon Spotlight Datasheet (.PDF)