CrowdStrike has announced a series of new features in its Falcon Next-Gen Identity Security product, with the aim of expanding protection for human, non-human, and AI agent identities across hybrid IT environments.
The company has introduced FalconID, a phishing-resistant, passwordless multi-factor authentication (MFA) solution that uses FIDO2 standards, enhanced privileged access management, and identity-driven case management, all designed to address emerging challenges in identity security and access control.
Identity threats
The latest developments are designed to bolster defences in a landscape where enterprises are integrating more varied types of digital identities. With businesses rapidly adopting automation and artificial intelligence, the number and complexity of identities that must be secured has increased. This, in turn, has created new opportunities for threat actors to exploit weaknesses, particularly around initial access and privilege escalation.
Elia Zaitsev, Chief Technology Officer at CrowdStrike, explained the rationale behind the approach:
"Identity is the front line of modern attacks. In today's enterprise, access is constantly evolving across identities spanning human users, machines, and AI agents that operate dynamically in hybrid environments," said Elia Zaitsev, chief technology officer at CrowdStrike. "Traditional IAM and PAM were designed to manage access, not stop adversaries. CrowdStrike closes the gaps adversaries exploit with these fragmented solutions, securing every identity across every stage of the attack and environment. Our latest innovations provide deeper visibility, more powerful automation, and streamlined response to extend the unified advantage of Falcon Next-Gen Identity Security."
The updates reflect an acknowledgment that legacy solutions, even when paired with additional multi-factor authentication or implemented as isolated point services, have proved insufficient. One of the key shortcomings cited is the lack of consistent context sharing across attack surfaces and hybrid systems, an issue that can introduce complexity and increase risk exposure when stopping identity-driven attacks.
Product enhancements
FalconID, the new authentication offering, is deployed via the Falcon for Mobile app and leverages real-time identity and endpoint telemetry. According to the company, this technology prioritises more secure access decisions and aims to block techniques that can bypass traditional multi-factor authentication methods.
The enhanced Falcon Privileged Access component now supports simplified configurations for both Active Directory (AD) and Entra ID environments. It introduces automation for granting and revoking permissions using Microsoft Teams and Fusion SOAR, and provides real-time visibility into access patterns. The objective is to minimise unnecessary standing privileges and reduce associated risks.
The identity-driven case management tool is designed to streamline incident response by automatically correlating detections into a single Falcon Next-Gen SIEM (Security Information and Event Management) case. This case is enriched with endpoint, cloud, and SaaS telemetry data to supply a full picture of cross-domain attack activity, thereby aiming to accelerate investigation and response actions.
Unified approach
CrowdStrike emphasises that its Falcon Next-Gen Identity Security platform was created to integrate key capabilities – including unified initial access, privileged access management, identity threat detection and response, SaaS identity security, and agentic identity protection – to prevent breaches across multiple domains.
The company positions these latest innovations as a way to "eliminate blind spots and consolidate fragmented controls," and to give customers a single, unified method for protecting all identities, regardless of whether they belong to human users, service accounts, or automated agents.
The upgraded suite of identity security tools is designed to align with shifting enterprise requirements, as organisations increasingly manage a mix of cloud-based, on-premises, and hybrid environments populated by both people and machines performing complex, automated functions.
