CrowdStrike Solutions
PROTECTING LINUX WITH
THE FALCON PLATFORM
Falcon unifies the technologies required to protect
workloads across all environments
ONE PLATFORM FOR
ALL LINUX WORKLOADS
Linux is one of the primary operating systems for a majority of
business-critical applications, making Linux servers a frequent
attack target. Since Linux servers can be found on-premises or
in private or public clouds, protecting them requires a solution
that provides runtime protection and visibility for all Linux hosts,
regardless of location.
The CrowdStrike Falcon® platform simply and effectively
protects Linux workloads, including containers, running in all
environments, from public and private clouds to on-premises
and hybrid data centers.
KEY BENEFITS
Provides integrated container protection
Defends Linux hosts and containers against active
attacks
Enables end-to-end visibility with endpoint detection
and response (EDR) for Linux and containers
Reduces complexity by providing consistent
protection across all supported Linux distributions and
deployments — physical, virtual, cloud and containers
Identifies Linux containers running in your
environment, including those running with potentially
risky configurations
Enables and accelerates threat hunting and
investigation
 CrowdStrike Solutions
PROTECTING LINUX WITH THE FALCON PLATFORM
KEY CAPABILITIES
PREVENTION
The CrowdStrike® Falcon platform
combines protection technologies including
machine learning (ML), artificial intelligence
(AI), behavior-based indicators of attack
(IOAs) and custom hash blocking to defend
Linux workloads against malware and
sophisticated threats:
ML and AI prevent known and unknown
malware, including those running within
containers, without requiring scanning or
signatures
Behavior-based IOAs block suspicious
processes and prevent sophisticated
fileless and malware-free attacks
Custom IOAs enable you to define unique
behaviors to detect and block
Hash prevention allows you to define
your own blacklist
Integrated threat intelligence delivers the
complete context of an attack, including
attribution
Managed threat hunting 24/7 ensures that
stealthy attacks don’t go undetected and
that breaches are stopped
INTELLIGENT EDR
The CrowdStrike Falcon platform’s intelligent
EDR:
Continuously monitors events to provide
visibility into Linux workload activities,
including activities running inside
containers; a full set of enriched data
and event details allows investigations
against ephemeral and decommissioned
workloads
Captures unique network events for Linux
to identify processes that are making
network connections, the protocol used,
and local and remote server details and
FALCON CONTAINER
SECURITY
count showing the number of connections
made in the last hour — with events recalled
for up to 90 days Secures the host and
container via a single agent
Provides unified visibility across all running on the Linux host
workloads, enabling detection and
investigation of attacks that span multiple Investigates container
workload types and cloud environments incidents easily when
detections are associated
Includes CrowdScore™ Incident Workbench
with the specific container
to unravel attacks and improve response time and not bundled with the
by distilling and correlating security alerts into host events
incidents, automatically triaging, prioritizing
and highlighting those that deserve urgent Captures container start,
attention stop, image and runtime
information, and all events

Provides response capabilities that generated inside the
allow you to contain and investigate container, even if it only runs
compromised workloads for a few seconds

Accelerates investigation by mapping
alerts to the MITRE ATT&CK® framework Provides visibility into
container footprint —
including on-premises
MULTI-CLOUD WORKLOAD DISCOVERY and cloud deployments
— and shows container
To provide visibility into the scope and nature usage, including trends,
of public and hybrid cloud footprints, Falcon: uptime, images used and
configuration to identify

Automatically discovers existing cloud risky and misconfigured
workload deployments — without installing containers
an agent — by enumerating existing
Amazon Web Services (AWS) Elastic Offers a single management
Compute Cloud (EC2) instances, Google console for host and
Cloud Platform (GCP) Compute Engine container security
instances and Microsoft Azure virtual
machines

Provides real-time information about Linux
workloads, including context-rich metadata
about system size and configuration,
networking, and security group information
for AWS, GCP and Azure

Identifies Linux workloads that are not
protected by the Falcon platform

Offers insight into your cloud footprint so
you can secure all workloads, uncover and
mitigate risks, and reduce the attack surface
 CrowdStrike Solutions

PROTECTING LINUX WITH THE FALCON PLATFORM

SIMPLICITY AND PERFORMANCE 

Installation and day-to-day
operations bear zero impact on hosts
FALCON PROVIDES

CrowdStrike’s cloud-native platform — even when analyzing, searching BROAD SUPPORT
eliminates complexity and simplifies and investigating
security operations to drive down

Falcon enables proactive threat
operational cost
hunting across all workloads and CrowdStrike Falcon

It operates without the need for systems from the same console provides comprehensive
constant signature updates, on- protection coverage that

It deploys and is operational in
premises management infrastructure can be deployed across
minutes Linux distributions (Amazon
or complex integrations
Linux, Red Hat, CentOS,
Oracle, SUSE, Debian and
Ubuntu). It is compatible
with all public clouds —
AWS, GCP and Microsoft
Azure.
ABOUT CROWDSTRIKE Broad container support
CrowdStrike® Inc. (Nasdaq: CRWD), a global cybersecurity leader, is redefining includes Open Container
Initiative (OCI)-based
security for the cloud era with an endpoint protection platform built from
containers such as Docker
the ground up to stop breaches. The CrowdStrike Falcon® platform’s single
and Kubernetes and also
lightweight-agent architecture leverages cloud-scale artificial intelligence (AI) and
self-managed and hosted
offers real-time protection and visibility across the enterprise, preventing attacks orchestration platforms
on endpoints on or off the network. Powered by the proprietary CrowdStrike such as GKE (Google
Threat Graph®, CrowdStrike Falcon correlates over 3 trillion endpoint-related Kubernetes Engine),
events per week in real time from across the globe, fueling one of the world’s most EKS (Amazon Elastic
advanced data platforms for security. Kubernetes Service), ECS
(Amazon Elastic Container
Service), AKS (Azure
Kubernetes Service) and
OpenShift.

Start Free Trial

of Next-Gen AV

Learn more at www.crowdstrike.com

© 2020 CrowdStrike, Inc. All rights reserved.