CrowdStrike Falcon Device Control
Endpoint USB Device Protection
Falcon Device Control: USB Security
Falcon Device Control provides the needed visibility and granular control to limit risks associated with USB devices.
Ensuring Safe and Accountable Device Usage
The portability and usability of USB devices make them essential in today’s enterprise environments. Yet these devices pose a significant security risk of bringing malware into organizations and leaking data out, both intentionally and unintentionally. Although device control solutions exist, they don’t provide the contextual visibility and granular control required to understand and manage today’s powerful devices.
Falcon Device Control ensures the safe utilization of USB devices across your organization. Built on the CrowdStrike Falcon® platform, it uniquely combines visibility and granular control, allowing administrators to ensure that only approved devices are used in your environment. When used with Falcon Insight endpoint detection and response (EDR), visibility is extended, adding searchable history and logs of USB device usage, including files written to devices.
Leveraging the power of the Falcon platform and accessed through the Falcon management console, Falcon Device Control is the industry’s only 100% cloud-delivered and managed device control solution.
Key Benefits of Choosing Falcon Insight
the single solution for collecting and analyzing detailed forensic data
MITIGATE RISKS ASSOCIATED WITH USB DEVICES
Falcon Device Control provides the insights and granular control required to enable safe usage of USB devices across your organization
GAIN AUTOMATIC VISIBILITY OF USB DEVICE USAGE
Automatically gain the complete visibility needed to monitor how USB devices are used in your environment according to your prescriptive policies
IMPLEMENT AND MANAGE POLICIES WITH EASE
Falcon Device Control does not require any additional endpoint software installation or hardware to manage
Effortless Visibility Across USB Device Usage
- Discover devices automatically: Gain continuous insight into USB devices across your organization, including those not covered by a policy. Falcon Device Control automatically reports device type (e.g., mass storage, human interface, etc.) with manufacturer, product name and serial number. You have visibility into all devices operating over the USB bus, including internal/non-removable USB devices and those not categorized as USB by Windows.
- Tap into a wealth of information at your fingertips: Immediately see which devices are used in your environment and how they are being used at a glance via usage dashboards. Falcon Insight paired with Falcon Device Control provides insight into processes executed from USB storage, users, and hosts where USB devices were used.
- Gain immediate and powerful search capabilities: Falcon Device Control provides fast and powerful search capabilities. Examine your environment for vital information such as the devices used on a specific machine. When used with Falcon Insight, search expands to include historical logs of device usage or blocking.
- Extend Falcon Insight visibility: Monitor files written to storage, giving you visibility into what's being copied to devices.
Precise and Granular Policy Control
- Ensure strict policy enforcement: Define device control policies for endpoint groups, and allowlist and blocklist devices by class, vendor, product serial number and/or specific device ID. Define device control policies for endpoints both on and offline.
- See the impact of policies before implementing them: Alerts and dashboards allow you to see how your policies will impact users before rolling them out.
- Define granular policies for drives: Allow read/write or read-only access, while blocking execution of applications on USB drives.
- Automatically get device information for quick and easy policy creation and management workflows: Falcon Device Control automatically obtains devices’ vendor, class model and serial number, without requiring the use of external tools or device managers, allowing you to create policies for all devices being used in your environment.
Seamless Integration with Falcon Endpoint Protection and Extended Falcon Insight Visibility
- One agent, one console, one platform: As a 100% cloud-managed and delivered solution, Falcon Device Control is enabled via the same lightweight Falcon agent, managed by the same console and fully integrated with the Falcon platform.
- Immediate implementation and management: Falcon Device Control hits the ground running and is operational in minutes.
Documentation:
Download the CrowdStrike Falcon Device Control Datasheet (.PDF)