CrowdStrike Falcon Spotlight
Scanless Vulnerability Management
Falcon Spotlight: Scanless Vulnerability Management
Falcon Spotlight provides real-time visibility across your enterprise - giving you relevant and timely information you need to reduce your exposure to attacks with zero impact on your endpoints.
Real-Time Vulnerability Management and Prioritization
CrowdStrike Falcon Spotlight provides an immediate, scanless solution for comprehensive vulnerability assessment, management and prioritization for IT analysts. Built on the CrowdStrike Falcon platform, it offers vulnerability prediction and dynamic rating capabilities as well as intuitive reports, dashboards and filters to help your IT staff improve your security posture.
Using Falcon Spotlight, you can see the vulnerabilities exposed within your organization’s environment and easily prioritize these with the Exploit Prediction Rating AI (ExPRT.AI) model. ExPRT.AI relies on a vast database of sources, including CrowdStrike’s own threat intelligence, to enable you to more accurately prioritize vulnerabilities that are critical to your business. After you've prioritized your vulnerabilities and remediations, use the built-in integrations with the Falcon platform to deploy emergency patches, create custom dashboards to monitor your remediation efforts, and kick off external IT workflows with reports, integrations and APIs.
Powered by the CrowdStrike Security Cloud and world-class AI, Falcon Spotlight sits within the CrowdStrike Falcon Platform, leveraging the single lightweight-agent architecture. With Falcon Spotlight continuously monitoring for vulnerability exposures, IT staff will always have access to up-to-date information, with virtually no impact to your endpoints.
Key Benefits of Choosing Falcon Spotlight
Unified Threat and Vulnerability Managemnet
As part of an integrated platform that prevents exploits and post-exploit activity, Falcon Spotlight allows you to research common vulnerabilities and exposures (CVEs) to examine threat actor profiles and targets.
Scanless and Fast
Spotlight utilizes scanless technology, delivering an always-on, automated vulnerability management solution with prioritized data in real time. It eliminates bulky, dated reports with its fast, intuitive dashboard.
Zero Impact
The cloud-native CrowdStrike Falcon platform and single lightweight agent collect data once and reuse it many times. As a result, Spotlight requires no additional agents, hardware, scanners or credentials - simply turn on and go.
Exploit Prediction AI and Dynamic Rating to Predict Relevant Vulnerabilities
ExPRT.AI and Rating Offers Ever-Adapting AI
- ExPRT.AI is an advanced AI model relying on a vast database of resources including CrowdStrike threat intelligence
- Identify vulnerabilities with greater accuracy than ever before thanks to an ever-adapting AI model
- Use ExPRT.AI Rating to get a dynamic rating that adjusts as data flows through the ExPRT.AI algorithm
- Gain valuable insights, predict which vulnerabilities are most relevant for your organization
Vulnerability Assessment in Real Time
- Continuously monitor the vulnerability status of all endpoints wherever they reside: on-premises, off-premises or in the cloud
- Leave bulky legacy reports behind - Spotlight serves up vulnerability data in seconds via intuitive dashboards
- The robust application programming interface (API) makes external integrations simple
Scan-free and No New Agents
- Continuous vulnerability assessment using CrowdStrike’s single, lightweight Falcon agent
- No scanning overhead, no lag time for systems or endpoints
- No hardware appliances or infrastructure required
- Works seamlessly with other security tools in your vulnerability solution set
Shorten Response Time with At-Your-Fingertips Endpoint Data
- See everything instantly: Go beyond the dashboard to research in real time or historically, get instant results on any type of vulnerability and filter by CVE, host, product, status and other categories
- Pivot quickly from Spotlight to other Falcon modules to get contextual information about threat actors or potential targeted attacks
- Utilize the full CrowdStrike Falcon® platform to actively monitor all endpoints, detect any incident, investigate and remediate quickly
Key Capabilities
Reduce Vulnerability Prioritization Effort
Falcon Spotlight is a dynamic vulnerability management solution equipped with intuitive dashboards and powerful filtering capabilities, enabling you to improve your organization’s security posture by serving up the most relevant information. Dashboard capabilities include:
- ExPRT rating: Immediately prioritize which vulnerabilities are truly relevant to your organization with a dynamic rating that more accurately shows risk levels. The rating is adjusted according to a vast database of source data.
- Exploit status: Using integrated vulnerability exploit and threat intelligence, you can easily identify which vulnerabilities in your environment represent the greatest risk, and build reports and dashboards that keep track of these vulnerabilities.
- Recommended remediations: Ensure that your remediation efforts are reducing the most risk. Falcon Spotlight intelligently recommends the highest-impact patches to deploy, reducing the chances of deploying a superseded patch.
- Installed patches: Use the Installed Patches page to identify which patches are active across your environment, or which patches have been installed but are pending a reboot.
Automate Vulnerability Assessment
Take advantage of the Falcon platform and lightweight agent to eliminate the burden of lengthy, performance-impacting scans. With scanless technology, automated data collection and a real-time user interface, your IT staff gains a continuous, comprehensive picture of all endpoints in your organization - no more outdated reporting or long scans slowing down regular business processes.
Improve Security Operation Efficiency
Streamline your vulnerability management program with custom dashboard features. Create and save custom filters so staff can quickly navigate and research critical issues. Use the custom team dashboards to share insights across your entire team, and set remediation timeframes to speed vulnerability resolution and increase your team’s efficiency.
Reduce Overall Complexity
Falcon Spotlight does not require an additional agent, and endpoints no longer need to use cumbersome hardware or weighty agents, or be on the network to be assessed. Falcon Spotlight is always on, seamlessly bridging the gap between vulnerability management and the rest of the Falcon platform, enriching threat detection and intelligence use cases. Simply select a vulnerability within the dashboard to see a wealth of data around threat actors, including threat intelligence reports and additional insights. Since all data is housed within the same console, analysts can pivot quickly to those vulnerabilities that show the most significant risk to resolve them first.
For hosts with critical vulnerabilities that need remediation instantly, IT staff can take advantage of emergency patching - it’s a simple one-click action for Windows patch updates.
Documentation:
Download the CrowdStrike Falcon Spotlight Datasheet (.PDF)