Softcat Limited

Falcon X Threat Intelligence Solution

CrowdStrike FALCON X provides actionable threat intelligence capability using a holistic approach so entire organizations may understand adversaries, motivation, tradecraft, tooling, with analytical features to be used by security and intelligence teams. Features include indicators of compromise, adversary profiles, intelligence reports, sandboxes, malware searching, and more.

Features

  • Threat indicators of compromise with 29 types
  • threat adversary profile database detailing actor tradecraft and tooling
  • analyse malware samples and web sites in a sandbox environment
  • threat intelligence reporting covering nation state, ecrime, and hacktivist adversaries
  • malware search engine using yara rule threat hunting for analysis
  • manual, human conducted forensic analysis of malware samples
  • orchestrate defences with manually cultivated yara and snort rules
  • social media monitoring and paste sites, DDoS, and botnet activity
  • direct access to assigned intel analyst for customised intelligence
  • Customised, adhoc threat intelligence research by crowdstrike intelligence experts

Benefits

  • highly analytical, in-depth analysis covering any intelligence topic
  • analyst provided custom, organization specific intelligence with actionable, proactive notifications
  • uncover potentially malicious activity targeting your organization, brand, and service
  • conduct behavioural based detections within existing cyber security defence systems
  • detailed analysis of sensitive samples or malware leveraging zero-day exploits
  • understand multiple malware variants and relationship to targeted attacks
  • actionable strategic, operational, and tactical intelligence reports for the organization
  • understand malware intended behaviours, attack patterns, and attributed adversaries
  • understand adversary capabilities, tradecraft, tooling, with MITRE ATT&CK farmework mapping
  • gain enhanced visibility into malicious activity targeting your critical assets

Pricing

£15.60 a unit

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at psitq@softcat.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 1 1 1 7 3 1 5 4 2 2 3 7 3 2

Contact

Softcat Limited Charles Harrison
Telephone: 01612725766
Email: psitq@softcat.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Hybrid cloud
Service constraints
In order to consume the service the customer only needs access to a Browser
System requirements
  • Modern web browser installed on a modern operating system
  • Compatible with Chrome, Firefox, Safari, and Edge

User support

Email or online ticketing support
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
No
Support levels
4 levels of support available to customers: 1)Standard = Free with all Falcon subscriptions 2)Express = for small to medium size environments 3)Essential = in addition to reactive, this provides a proactive support service 4)Elite = our highest level of support with a dedicated TAM
Support available to third parties
No

Onboarding and offboarding

Getting started
CrowdStrike provided Falcon X onboarding sessions through our EMEA-based Strategic Threat Advisory Group. This may be accomplished either on-site or through video-conferencing tools such as Zoom, and WebEx. During the onboarding process we will walk-through the entire platform, demonstrating how to leverage the most common components and their use-cases. Attendees are free to ask questions, and open discussions are always encouraged to help ensure everyone completely understands the platform prior to completion of the session
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
CrowdStrike provided Falcon X onboarding sessions through our EMEA-based Strategic Threat Advisory Group. This may be accomplished either on-site or through video-conferencing tools such as Zoom, and WebEx. During the onboarding process we will walk-through the entire platform, demonstrating how to leverage the most common components and their use-cases. Attendees are free to ask questions, and open discussions are always encouraged to help ensure everyone completely understands the platform prior to completion of the session
End-of-contract process
"At the end of the contract, the customer can no longer consume the Falcon X service that includes:
- Indicators of Compromise
- Threat Adversary Profiles
- Falcon Sandbox
- Falcon MalQuery
- Weekly Wrap-Up Report

Falcon X Premium
- Threat intelligence reports
- YARA & Snort Rules
- Tailored Intelligence
- Human malware analysis
- Indicators of Compromise
- Threat Adversary Profiles
- Falcon Sandbox
- Falcon MalQuery

Falcon X Elite
- Assigned intelligence analyst
- Organization-specific intelligence via Priority Intelligence Requirements
- Custom intelligence analysis and reporting via Requests for Intelligence
- ThreatGraph queries
- Customized intelligence briefings
- Threat intelligence reports
- YARA & Snort Rules
- Tailored Intelligence
- Human malware analysis
- Indicators of Compromise
- Threat Adversary Profiles
- Falcon Sandbox
- Falcon MalQuery"

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Completely compatible with tablet based operating systems such as iPadOS 13.x+ with no degradation in capabilities. service is usable on mobile phones with smaller screens, however much of the interface is not using a responsive design, therefore scrolling around the UI is required
Service interface
Yes
Description of service interface
Service is completely accessible via a web browser. all features are leveraged through this web interface, with a clean menu with links to the various capabilities provided by the service
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
The Falcon Platform is tested with JAWS + VoiceOver for Mac as well as automated accessibility testing
API
Yes
What users can and can't do using the API
The Falcon X API is a REST-based API with a JSON response. oAuth 2.0 API keys may be generated and revoked at-will by users within the UI. Legacy keys may be generated by CrowdStrike Support for use with third-party products unable to make use of the newer oAuth 2.0 API keys. there are no API limitations; anything capable within the UI is similarly possible via the API
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
No
Customisation available
No

Scaling

Independence of resources
CrowdStrike Falcon is a native Cloud environment utilising automatic fault recovery and scalability capabilities in order to ensure performance and uptime for all users.

Analytics

Service usage metrics
Yes
Metrics types
Please ask a representative
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Crowdstrike

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
EU-US Privacy Shield agreement locations
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Falcon X is a consumption-based product, therefore there will generally be no data to export. If there are sandbox reports the clients would like to retain, they can quite easy be exported either via the API in PDF format or by downloading via the UI
Data export formats
  • CSV
  • Other
Data import formats
Other

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The SLA around Falcon Platform is 99.9% uptime. We leverage the Amazon cloud and have built the CrowdStrike platform to be fully cloud based from its inception. This means resiliency, redundancy, and high availability are the core facets of the solution. Our SLA's and services are tracked internally, and disruptions are disclosed to the customer along with details of resolutions.
Approach to resilience
The SLA around Falcon Platform is 99.9% uptime. We leverage the Amazon cloud and have built the CrowdStrike platform to be fully cloud based from its inception. This means resiliency, redundancy, and high availability are the core facets of the solution. Our SLA's and services are tracked internally, and disruptions are disclosed to the customer along with details of resolutions.
Outage reporting
We provide notification of issues or outages via Tech Alerts, both in our support portal or via email.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
Access restrictions in management interfaces and support channels
"Access to the Falcon Console is provided only through an Administrator account being created and then successful authentication via 2FA (QR code or integration with Ping / Okta / ADFS / AzureAD).
Administrators have granular role-based access in order to only be able to carry out the appropriate functions within the console - for instance a read-only administrator can carry out audit tasks but cannot affect the stance of the platform.
Access to the Support Portal is granted through CrowdStrike Support and only nominated admins from the buyer will be able to utilise this."
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
Yes
CSA STAR accreditation date
29/2/2020
CSA STAR certification level
Level 2: CSA STAR Attestation
What the CSA STAR doesn’t cover
None
PCI certification
No
Other security certifications
Yes
Any other security certifications
SOC 2 Type II attestation

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
CSA CCM version 3.0
Information security policies and processes
Details can be provided under NDA

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Details can be provided under NDA
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Details can be provided under NDA
Protective monitoring type
Undisclosed
Protective monitoring approach
Details can be provided under NDA
Incident management type
Undisclosed
Incident management approach
Details can be provided under NDA

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks
No

Pricing

Price
£15.60 a unit
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at psitq@softcat.com. Tell them what format you need. It will help if you say what assistive technology you use.