Next Generation Antivirus (NGAV)
- Behavior Detection / AI / Machine Learning
- Detect and block known and unknown threats
Close
Close
Notice
[Updated March 2025] Four new menu options added to “CrowdStrike Falcon”
KDDI will add four menu options—“Falcon Next-Gen SIEM,” “Falcon for IT,” “Falcon Data Protection,” and “Falcon for Mobile”—to CrowdStrike Falcon starting February 28, 2025.
Falcon Next-Gen SIEM provides security information and event management, while Falcon for IT enables the automation of IT management when used in combination with features such as EDR, IT asset management, and vulnerability management.
Falcon Data Protection prevents the leakage or loss of confidential information and important data outside the organization.
Falcon for Mobile protects iOS and Android devices from threats at the application and network levels.
By adding these menu options you can achieve even stronger security measures, delivered through this product’s single agent, single platform approach.
■Menu options
■Service start date
February 28, 2025
■Pricing
Please contact your KDDI corporate sales representative or the Corporate Customer Center.
[Updated April 2024] Three new menu options added to “CrowdStrike Falcon”
KDDI will add three menu options—“Falcon Identity Threat Detection / Protection (ITD/ITP),” “Falcon Surface (Surface),” and “Falcon Exposure Management (Exposure Management)”—to CrowdStrike Falcon starting April 19, 2024.
For details, please refer to the following:
CrowdStrike Falcon
CrowdStrike Falcon is an endpoint security solution that stores and monitors log data collected from endpoints connected to an organization’s network to detect and prevent suspicious behavior and cyber attacks.
CrowdStrike Falcon delivers Falcon Prevent (Next Generation Antivirus), Falcon Insight (EDR (Note 1)), and Falcon OverWatch (Threat Hunting by Security Experts) on a single platform. It effectively detects and prevents breaches as a countermeasure against emerging attacks, such as ransomware, that are created every day.
- Note 1: EDR is an abbreviation for endpoint detection and response. Monitors the operation and behavior of endpoint devices and takes action in the event of an incident.
Background of EDR Solution Needed
As remote work and cloud services are increasingly being used, cyber attacks targeting endpoints are becoming more sophisticated. Security solutions such as traditional anti-virus products and firewalls have become harder to prevent attacks and increase threat risk.
Therefore, it is necessary to build an IT environment based on zero trust architecture that is not bounded by the boundaries of internal network or Internet.
EDR solutions not only protect against cyber attacks at the entrance, but also proactively contain risk by detecting and responding quickly to malware in the event of an attacker infiltrating an organization.
The EDR solution enables incident detection and immediate response, followed by rapid investigation and analysis.
- Note 2: EPP is an abbreviation for Endpoint Protection Platform. It protects devices from malware infections such as computer viruses.
List of functions by plan
Falcon Prevent
- Detect known and unknown threats by leveraging the vast amount of data gathered from endpoints
- Protect against malware with signature-free AI / machine learning engines
- Behavior detection technology protects against fileless attacks
Features / Specifications
| Block attacks that cannot be protected by AV Block |
The latest AI and machine learning engines prevent fileless attacks, exploits and more. In addition to IOC (Indicator of Compromise), IOA (Indicator of Attack) can be used, and behavioral blocks can be used by AV. |
|---|---|
| High defense | The av-comparatives Real-World Protection Test (August-November) showed high performance with a block rate of 99.9%. (Note 3) |
| Lightweight agent | No need for tasks that significantly degrade performance, such as signature updates or disk scans. A lightweight agent of about 25 MB with less than 1% CPU utilization. It’s a lightness that users don’t realize the agent is in. |
| Recommended added menu options | Firewall Management, Device Control List of added menu options |
- Note 3: Business Security Test 2022 (August - November) - AV-Comparatives (Redirects to an external site)
Falcon Insight
- Detects a wide range of known and unknown threats, from malware to fileless attacks
- Remotely isolate and repair hosts from the management console
- Investigate alerts by alert and multiple alerts by incident
- Visualize pre- and post-detection processes in chronological order
The Management screen displays a series of attacks as a process tree, along with threat ranking.
Intuitive visibility into the full picture of front-and-back attacks, plus drill-down for more detail, enables rapid investigation and response.
- * Images are for illustrative purposes.
Features / Specifications
| Agent operating in kernel mode | Agents operating in user mode will be stopped by the attacker. Agents operating in kernel mode are very difficult for attackers to stop working. |
|---|---|
| Variety of available logs | Since EDR detects from logs, the more log types, the more accurate the detection of threats. Capture and detect more than 200 types of logs, including process, registry, file, network, and Windows event logs. |
| Enhanced response capabilities | Another pillar along with the detection of the EDR is the handling function. It provides the ability to isolate from the network and perform a variety of remote operations on endpoints. It works in kernel mode, so you can get information such as READ / WRITE files, writes to the registry, and memory dumps. |
| Visualized Process Tree | Improve analysis efficiency by graphically displaying the attack process in a tree. |
| Recommended added menu options | Firewall Management, Device Control, Discover, Spotlight List of added menu options |
Falcon OverWatch
- Threat hunting service from CrowdStrike security experts
- 24/7/365, experts manually monitor attacks by logs uploaded to the cloud which hard to detect by next-generation antivirus and EDR
- Notify and assist administrators in responding to high-urgency attacks
Features / Specifications
| Security Expert | Experts from around the world use tools to isolate events that are uploaded from around the world and thoroughly suspicious to discover attacks that are difficult to detect only with tools that cannot be found with AI or machine learning. For those that are clearly under attack, notify the administrator directly by email. The experience and know-how accumulated by dealing with the latest attacks every day is reflected in the detection logic on the product side. |
|---|---|
| 24/7/365 constant monitoring | Unlike general threat hunting, which consultants enter and investigate for a period of time, we constantly monitor your environment 24/7/365, so you can stop the attack at any time. |
Firewall Management
Firewall Management
Centralized management and operation of host firewalls.
CrowdStrike Falcon's common management console
Create, manage, and enforce policies for OS-native hosted firewalls such as Windows.
The policies created are delivered immediately and deploy and work in minutes.
Gain rapid visibility and enhancement across your environment to better protect against networked threats.
- * Images are for illustrative purposes.
Device Control
Device Control
A service that provides visibility and control over the usage of devices connected to your internal environment.
You can view usage history of USB devices, export history, etc.
You can also save and export these as logs.
Allows policy-driven granular control of each device class.
- * Images are for illustrative purposes.
Discover
Discover
Gain visibility into your computer, applications, user accounts, and more.
A service that allows you to properly manage endpoint hygiene.
You can visualize not only the host on which the agent is deployed, but also unmanaged hosts and NW devices in the same network as the host.
HW information, resources, encryption status, account permissions and usage status, failed logon enforcement,
Visualize from multiple perspectives, including the version of the application installed on the device and whether it is deployed.
- * Images are for illustrative purposes.
Spotlight
Spotlight
A service that identifies vulnerabilities on a host, including OS and common application vulnerabilities.
Identify, record, and prioritize vulnerabilities in operating systems, common client- and server-based applications.
Not only [CVE (Common Vulnerabilities and Exposures)] but also [KB (Knowledge Base)] is also visible from the perspective, so vulnerability management can be easily performed.
- * Images are for illustrative purposes.
Identity Threat Detection, Identity Threat Protection
Identity Threat Detection /
Identity Threat Protection
A service that protects identities from compromise of Active Directory.
It protects customer identities through three functions: visualization of risks in Active Directory, incident detection,
and flexible policy control.
- * Images are for illustrative purposes.
Surface
Surface
A service that visualizes, assesses, and protects externally exposed assets.
It discovers internet-facing assets in real time and prevents unintended exposure with guided remediation steps.
It also enables customers to flag and prioritize risks according to their policies.
- * Images are for illustrative purposes.
Exposure Management
Exposure Management
A service bundling Falcon Spotlight (vulnerability visibility), Discover (IT asset management),
and Surface (external asset visibility).
A dedicated dashboard enables comprehensive visibility into vulnerabilities, asset criticality, and more.
It dynamically evaluates assets based on characteristics such as internal/external exposure and criticality,
making risk visualization and management easier.
- * Images are for illustrative purposes.
Falcon Next-Gen SIEM
Falcon Next-Gen SIEM
A next-generation platform service that performs security information and event management.
It delivers automated investigation and response, a fast and scalable security data lake, and AI-based detection capabilities.
It also ingests logs from third-party products, enabling easy correlation analysis across all devices,
including CrowdStrike Falcon EDR logs.
- * Images are for illustrative purposes.
Falcon for IT
Falcon for IT
A service that automates IT management when used in combination with features like EDR, IT asset management,
and vulnerability management.
From compliance and forensic perspectives, it allows periodic review of endpoint information.
It also enables deletion of files/folders, uploading/executing arbitrary files, and deletion/editing registry keys.
- * Images are for illustrative purposes.
Falcon Data Protection
Falcon Data Protection
A service that prevents the leakage or loss of confidential information and important data outside the organization.
It immediately visualizes data movement and leakage and allows analysis from a single console.
Policies can be created based on file source, file type, file patterns (such as PII),
presence/absence of labels (MIP), destination websites,
and user/group, and file behaviors that match configured policies can be blocked.
- * Images are for illustrative purposes.
Falcon for Mobile
Falcon for Mobile
A service that secures and protects iOS and Android devices against threats at the application
and network levels.
It can detect and record behaviors on mobile devices.
Additionally, it can detect and defend against rooting (jailbreaking), malicious applications,
access to phishing sites, and app manipulation.
- * Images are for illustrative purposes.
Post-implementation operational support
Operating an EDR solution requires accurate event awareness when an alert is detected and prompt action after detection. Without an organization such as SOC, operational loads are often a challenge because of the need for tuning and expert knowledge to properly manage large volumes of alerts.
KDDI Managed Security Services help you monitor and operate the security of your IT environment with 24/7/365 real-time log analysis and detection, as well as analyst research and analysis.
You can view incident information and log data through a centralized customer portal that manages multiple security service log incidents, extract important events from a vast range of logs, and provide advice on cause identification and response policies.
With a comprehensive log analytics platform, security talent, and operational skills and know-how, customers can deploy EDR Solution Zero Trust Security without having to prepare new security monitoring systems or human resources.
For more information, Check KDDI Managed Security Services.
Contracts outside Japan
Comprehensive customer support
KDDI local staff will provide support in the local language not only for the Japanese side but also for local staff on the overseas side before and after the solution is introduced.
You can also entrust us with the support of your contract.
In addition to Japanese contracts, we also accept contracts on the overseas side. We are able to respond to your budget and business structure.
If you are considering using it overseas, please contact us from the following.
(Provision details and charges, etc., differ depending on the providing country. Please contact us.)
Inquiries about the Service
KDDI Corporate Sales Representative will consult with you and provide you with an estimate for the introduction.
If you have any questions, please feel free to contact us.
Category
Keyword