Crowdstrike Falcon is a best-of-breed cloud-based endpoint security tool suite featuring both endpoint protection ("EPP") and endpoint detection and response ("EDR") capabilities. Falcon combines the most effective prevention technologies and full attack visibility with built-in threat intelligence.
Relying upon a single endpoint and a cloud-native service, the Crowdstrike Falcon suite includes a broad range of modules to cover most endpoint security functions:
- Falcon Prevent - Next-Generation Antivirus
- Falcon Insight - Endpoint Detection and Response
- Falcon Device Control
- Falcon Overwatch - Threat Hunting
- Falcon Discover - IT Hygiene
- Falcon Spotlight - Vulnerability Management
- Falcon X - Threat Intelligence
- Falcon Search - Malware Search
- Falcon Sandbox - Sandboxing and Malware Analysis
This lab provides a sandbox environment that can be used to evaluate the Falcon suite of products across a wide variety of endpoints, including both Windows and Unix-based operating systems. There is also an attack machine, running Kali Linux from which a user can deploy benign, non-weaponized malware to test the efficacy of these tools.