CrowdStrike Falcon Forensics Gains FedRAMP Authorization

CrowdStrike’s Falcon Forensics solution is now available on the Federal Risk and Authorization Management Program marketplace.

The FedRAMP-approved solution is hosted within GovCloud and is designed to streamline the collection of point-in-time and historic forensic triage data. It also provides increased visibility and automated analysis of attacker activity, enabling swift response and remediation of critical security incidents, CrowdStrike said.

Thomas Etheridge, senior vice president of CrowdStrike Services, noted that the time-consuming process of consolidating forensic data often hinders government agencies from getting ahead of fast-moving threats.

“Falcon Forensics for GovCloud simplifies threat hunting and forensic triage analysis, capturing the right forensic artifacts at-scale and presenting them in an easy-to-consume interface allowing agencies to make decisions faster and more confidently as they improve their cyber posture,” Etheridge said in a statement.

With Falcon Forensics, users can leverage preset dashboards to quickly identify relevant data about an incident and speed up investigations.

The ready-made deployment status dashboard generates a list of trends for the past 24 hours while the host info dashboard allows users to examine a high-level view of telemetry within a single system.

The cloud-based solution also makes it possible to quickly identify potential misconfigurations and hacker activity through the quick wins dashboard. The fourth and final dashboard, host timeline, is used for generating a visual representation of artifacts for a specific timeline of events.