Earlier this year, Adaptiva introduced OneSite Patch for CrowdStrike, a powerful solution that automates the patching of vulnerabilities for Windows, third-party apps, drivers and BIOS identified by CrowdStrike’s Falcon Exposure Management.
Anne Baker, CMO at Adaptiva, sat down with Michael Glyer, Product Manager at CrowdStrike, to discuss how Falcon Exposure Management helps organizations remediate, discover, assess and prioritize vulnerabilities—and how integrating with automated patching can help organizations eliminate vulnerabilities more efficiently.
Responses have been edited for length and clarity. The full video interview can be viewed here, or at the end of the article.
Adaptiva’s OneSite Patch integrates with the Falcon Exposure Management component of the CrowdStrike Falcon platform.
What is Falcon Exposure Management and how does it fit into the CrowdStrike Falcon platform?
At CrowdStrike we think of exposure management as an evolution of vulnerability management. The idea is that it is broader from an asset coverage perspective and we look beyond just CVEs to exposures and other things like misconfiguration that could expose a customer to risk. These all fit under this umbrella of exposure management.
And then for Falcon Exposure Management, we've brought together the capabilities of multiple different areas within the platform, all under the proactive security heading. We use that to make sure that we can cover all types of risks across what has been an expanding attack surface over the years.
The attack surface is growing, with risks emerging from multiple directions. Adaptiva’s partnership with CrowdStrike leverages real-time exposure insights from CrowdStrike’s expert AI, allowing IT and security teams to set customized patching rules and strategies.
How does Falcon Exposure Management prioritize vulnerabilities?
I think there are two sides to that coin: prioritization and contextualization of any vulnerability. That's where CrowdStrike’s ExPRT.ai comes in. It's an AI and machine learning model that takes data into account and is dynamic. Unlike CVSS, which is a static score and never changes, ExPRT.ai adjusts dynamically. For example, if our vulnerability intelligence finds that a vulnerability is being exploited in the wild, the ExPRT.ai severity rating will change —so you can focus on what's important. The other side is environmental contextualization, which is important for intelligently prioritizing vulnerabilities.
Exposure management includes external attack surface management, so we can identify which Falcon hosts are exposed to the internet. This is one of the top mechanisms organizations should use for patch prioritization. We also have other capabilities, including a rules engine that people can use to create criticality rules for their various assets. Finally, we use an AI model to predict the role of an asset, such as whether it's a web server or a jump host. All these features allow users to focus on the vulnerabilities that matter because you're never going to patch everything.
The criticality factor and AI are key differentiators for Falcon Exposure Management in the vulnerability management market.
What makes Falcon Exposure Management different from other vulnerability management solutions available today?
The way we think about it, it all starts with the agent because using Exposure Management doesn't require additional installation. If you're running the Falcon agent on one of your machines, you have vulnerability management happening automatically. The lower administrative bandwidth allows users time to spend on higher-priority tasks because they're not doing as much in the administrative world. The other thing, which I touched on briefly, is our ability to pair sensor data with internet scan data, identifying which hosts are exposed to the internet. This is a powerful and unique capability within the suite of tools that makes up Falcon Exposure Management.
ExPRT.ai provides data that enables more granular risk assessments for customers.
How is the data from ExPRT.ai different from other risk scores like CVSS?
The two things that make ExPRT.ai a valuable AI model is that it does a good job of predicting exploitation, and it has the input of strong vulnerability intelligence to know what's being exploited. While there are public sources like the CISA Known Exploited Vulnerabilities list or other public sources noting publicly exploited vulnerabilities, CrowdStrike—as part of our day-to-day business—is in those incident response situations and pulling in data with Falcon Overwatch. We have a ton of first-party information about what's being exploited that not only affects the ExPRT.ai score directly, but also indirectly because we can use that data to find which applications or operating systems are more likely to be exploited. This increases the power of our predictive model.
We've discussed the predictive model, discovery, assessment, and prioritization of vulnerabilities. Now, let's focus on the challenges of patching and remediation, especially since fewer than 60% of devices are patched within 14 days, and many take a month or more.
What is CrowdStrike seeing regarding threats from unpatched vulnerabilities, and why is patching so important?
When you think about the landscape of exploitation and breaches, it really falls into two categories. There are credential and phishing-based attacks, and then the other equally important side is people using vulnerabilities to make initial entry into a network. One area where this happens is unmanaged or out-of-scope network devices that frequently have vulnerabilities and aren't part of the regular patching cycle, exposing organizations to serious risk.
The rapid exploitation of vulnerabilities, with 25% of high-risk vulnerabilities being exploited the same day they were published, highlights the urgent need for organizations to proactively identify and patch vulnerabilities to reduce intrusion risk.
What are some key benefits of integrating Falcon Exposure Management with automated patching solutions like OneSite Patch, and how can it help organizations reduce that risk?
The rate at which CVEs are being reported keeps rising. If you rely on manual patching, you're never going to make a meaningful dent. Most companies don't patch everything anyway. Every day, hour, or minute a vulnerability is open gives attackers a larger window. We see the cycle in four phases: discovering assets, assessing vulnerabilities, prioritizing, and then remediating. If you don’t do the fourth, all previous work is wasted. The more tightly integrated your system is to make patching happen quickly, the more secure you’ll be, reducing the attacker's window and the risk.
Despite the instinct to slow down when patches go wrong, the increasing rate of vulnerabilities demands faster, controlled, and secure patching to keep risks down.
How does this partnership with Adaptiva align with CrowdStrike's mission to stop breaches?
That’s something CrowdStrikers think about every day—we focus on stopping breaches, and it's not just words. When you think about stopping breaches, there are two sides to that coin. There's the proactive side, where Exposure Management lives. Our goal is to identify the most important vulnerabilities so you can patch them, closing or limiting the window for the attacker. The great thing about our platform is it's paired with a world-class, real-time security element, so anything that gets through the first layer of proactive defense, CrowdStrike has you covered if and when that's going to happen.
Thank you, Michael, for joining Adaptiva and sharing more about Falcon Exposure Management!
Adaptiva will be at CrowdStrike’s Fal.Con conference September 16-19 in Las Vegas as well as Fal.Con Europe, November 6-7 in Amsterdam. Stop by the Adaptiva booth to see a demo of OneSite Patch for CrowdStrike and preview our new Mac and Linux patching capabilities. Sign up here for a demo at the event for a chance to win a new Serial 1 RUSH/CTY Speed eBike.
