3 min Security

Fal.Con 2024: CrowdStrike unveils Project Kestrel, Signal, improved next-gen SIEM

Fal.Con 2024: CrowdStrike unveils Project Kestrel, Signal, improved next-gen SIEM

At its Fal.Con event in Las Vegas, CrowdStrike unveiled the latest innovations for the Falcon Platform. A unified interface, additional AI insights into attack techniques and an improved next-gen SIEM are the key announcements.

Project Kestrel is the name of the revamped user experience within CrowdStrike Falcon. It is an interface where organizations can see their resources, vulnerabilities and misconfigurations at a single glance. The emphasis, as is often the case with CrowdStrike, is on the rapid impact of the insights visible on the interface.

Project Kestrel in action.

CrowdStrike makes this promise more concrete by stating that IT specialists can operate at the same speed as the attacker thanks to Project Kestrel.

Project Kestrel begins as a beta, which users can sign up for starting now.

AI insights

CrowdStrike Signal was also announced at Fal.Con. This is a set of AI-driven engines that prioritizes events and alerts for analysts so they can work more efficiently. The engines are designed to detect new attack techniques.

In the area of cloud security, CrowdStrike has Falcon Cloud on offer. Here, too, speed is the magic word. Real-time visibility, risk prioritization and application protection in pre-runtime and runtime merge here. Such an integrated platform cannot come soon enough. For example, CrowdStrike itself detected a 75 percent increase in cloud compromises by 2023.

Next-gen SIEM

Another persistent problem is slow recovery. According to CrowdStrike, 70 percent of critical incidents take more than 12 hours to resolve. Time for a “next-gen” SIEM to solve this, according to the company.

Next-Gen SIEM is not a newcomer within CrowdStrike Falcon. It was announced back in May during RSA 2024. However, new innovations make the solution significantly more effective. These include new automation capabilities for workflows, new defense layers and migration capabilities from legacy SIEM solutions.

Automation takes place in the new CrowdStrike Falcon Fusion SOAR. Much creativity is not needed initially, as more than 300 actions are already pre-built. 200 of these target third-party tools. Falcon Fusion SOAR is henceforth included with the rest of CrowdStrike’s software suite and is thus not a paid add-on.

SIEM migrations also got a little easier. 45 new data connectors and 58 new parsers have been added since May. So those who want to get rid of Splunk or IBM QRadar, for example, can now switch more quickly.

Also read: Cybersecurity needs AI as much as AI needs cybersecurity