CrowdStrike Falcon Spotlight
Fast, Effective Vulnerability Assessment
The presence of vulnerabilities in applications and operating systems provides attackers with flaws they can exploit to compromise your systems. That’s why it’s critical that organizations detect and patch vulnerabilities quickly. However, it’s easier said than done — the large number of breaches that begin with the exploitation of a vulnerability proves it.
Scanless Instant Vulnerability Assessment
CrowdStrike Falcon Spotlight™ offers security teams a real-time assessment of vulnerability exposure on their endpoints that is always current. Falcon Spotlight’s native integration into the CrowdStrike Falcon platform enables customers to operate vulnerability assessment within a complete endpoint protection framework. Falcon Spotlight adds preparation and readiness to the unparalleled prevention, detection and response provided by the Falcon platform, resulting in a stronger security posture and unprecedented breach protection.
- Integrated Protection: Spotlight is a key part of CrowdStrike’s comprehensive and unified endpoint protection platform. With Spotlight and the Falcon platform, not only can you see your security gaps, you see which gaps your adversary is targeting, arming you with the proactive protection you need to block advanced attacks.
- Comprehensive Visibility: Spotlight requires no scanners to deploy and manage and no new agents — just turn it on and start seeing results. Spotlight gives you visibility across your enterprise, whether endpoints are physical or virtual, on- or off-premises, or on-the-move. You receive unparalleled visibility into vulnerabilities across your distributed enterprise without compromise.
- Effortless: Spotlight delivers always up-todate information seamlessly, putting it into the hands of security analysts. This helps you improve response time and reduces the effort required to understand your security posture and become more proactive.
- Zero-impact: CrowdStrike’s cloud-native architecture enables constant visibility into endpoint vulnerabilities without the need for cumbersome and resourceintensive network or host scans.
- Falcon Spotlight is the industry’s first scan-less endpoint vulnerability assessment solution. Built on the Falcon platform, it delivers timely, zero-impact assessments of endpoint security posture and provides on-demand access to the results, enabling security teams to make better decisions, faster.
- Provides holistic protection that bridges the gap between vulnerability assessment and threat prevention
- Offers seamless cloud-native deployment requiring no additional agents or new infrastructure
- Delivers timely, up-to-date knowledge on demand
- Provides zero-impact, scanless assessment
Vulnerabilities Impact Organizations of all Sizes, Giving Rise to Three Common Issues:
- Scanning is slow and burdensome
Legacy vulnerability scanners are dinosaurs; they are slow, hard to manage and can have a major impact on your environment. Scans can take days to deliver results, which may be obsolete as soon as they arrive.
- Vulnerability reports are unusable
Legacy vulnerability scanners generate a mountain of results and lock them away in a silo. Access is funneled through unwieldy thousand-page reports. During incident response, timely information on security posture could cut minutes or hours from response time, but not if that information is locked away in a massive PDF on the other side of the planet.
- Vulnerability scans have blind spots
Corporate assets are becoming increasingly fluid. With remote workers, virtualization and the cloud, assets are not always connected directly to the corporate network — which means assessments based on network scans will miss them.
It's time for a new approach
Falcon Vulnerability Management
- Holistic Protection
With Falcon Spotlight and the Falcon platform, you not only see your security gaps, you see which gaps your adversary is targeting. This arms you with powerful proactive protection to block advanced attacks
Falcon Spotlight delivers information that is always up to date, putting it seamlessly into the hands of security analysts to help improve response time and reduce the effort needed to understand your security
- Timely Knowledge On-Demand
There are no scanners to deploy and manage and no new agents. Just turn on Falcon Spotlight and start seeing results. Spotlight sees it all, whether the endpoint is physical or virtual, on- or off-premises, or on-the-move.
- Zero Impact
CrowdStrike’s cloud-based architecture enables constant visibility into endpoint vulnerabilities without cumbersome and resource-intensive network or host scans.
Key Product Capabilities
Falcon Spotlight solves the challenges that plague traditional vulnerability assessment and management solutions by delivering the following benefits:
Scanless Integration with The Falcon Platform
- Connects the dots
Tight integration with other Falcon modules means you can quickly pivot between vulnerability information, incidents details and endpoint activities, not only in real time but also historically.
- Prevent while you patch
The Falcon platform mitigates the risk from vulnerabilities that cannot be patched quickly by preventing and detecting exploit attempts as well as post exploitation activities. This buys you precious time to patch your systems against future attacks.
No Scanners, No New Agents
- Eliminate scanning
Falcon Spotlight uses the Falcon agent to continuously monitor the vulnerability status of endpoints and stream data to the cloud, eliminating the need for scheduled scans while still providing complete visibility into vulnerabilities.
- Visibility everywhere
Spotlight monitors all endpoints via the Falcon sensor, whether on- or off-network, on-premises, off-premises or in the cloud and on both physical and virtual endpoints.
- Zero impact on performance
Vulnerability management is scan-less and vulnerabilities are identified in the cloud with no additional impact to endpoints or the network.
Frictionless Access to Vulnerability Data
- Real-time dashboard and search
Falcon Spotlight makes data easily available to security analysts through a series of intuitive dashboards and real-time search. Legacy solutions lock critical information up in silos and thousand-page reports. Spotlight unleashes this information in real time — when and where it’s needed.
- Enhance existing vulnerability management solutions
Falcon Spotlight adds deeper visibility and provides threat context, enabling security teams to see both the presence of a vulnerability and evidence of exploitation attempts in their environments.
- Easy deployment
As part of the Falcon platform, Falcon Spotlight does not require the installation of additional agents, management infrastructure or management consoles, making deployment easy and efficient.
- Immediately operational
Falcon Spotlight can be deployed instantly for unrivaled time-to-value. As soon as it is installed, it hits the ground running, monitoring and identifying vulnerabilities across your organization without requiring reboots, query writing, staging or complex configuration.
- Seamless, cloud-based protection
Leveraging CrowdStrike’s cloud-native architecture, Falcon Spotlight gives security teams the power to protect systems — whether those systems are on-premises, off-network or in a cloud environment.
Download the CrowdStrike Falcon Spotlight Datasheet (.PDF)