In today’s digital age, cybersecurity is of utmost importance for organizations of all sizes. Cyberattacks can have devastating consequences, from data breaches to financial losses and reputation damage. CrowdStrike now offers a range of services to protect organizations against cyber threats. One of CrowdStrike’s standout services is the Falcon Certification program, which trains professionals to detect, prevent, and stop breaches using the latest endpoint detection and response (EDR) technology tools and cyber threat intelligence. The program is designed to enable professionals to better defend their organization against today’s sophisticated cyberattacks.

Three Main CrowdStrike Falcon Certifications are Available:

— CrowdStrike Certified Falcon Administrator (CCFA): It is for administrators or analysts who have access to the administrative side of Falcon. Job positions that align with this certification include security analyst, security operations center (SOC) analyst, security engineer, IT security operations manager, security administrator, Falcon administrator, and endpoint security administrator. Those who hold this certification have demonstrated sufficient knowledge to effectively manage the Falcon instance. Specific duties may include managing users and role-based permissions, deploying and managing sensors, creating and managing groups, configuring prevention policy settings, allowing and blocking listings, excluding file paths, generating administrative reports, and more.

— CrowdStrike Certified Falcon Responder (CCFR): It is aimed at analysts who respond to detections or perform similar duties. Job titles that align with this certification include security analyst, SOC analyst, security engineer, IT security operations manager, security administrator, and endpoint security administrator. Individuals with this certification have demonstrated sufficient knowledge to effectively respond to detections within the Falcon interface and Activity app. Their specific duties may include initial detection triage, filtering, grouping, assigning, commenting, and status changes. They can perform basic investigations by conducting tasks such as host search, host timeline, process timeline, and user search using click-driven workflows. They can also perform basic proactive hunting for atomic indicators such as domain names, IP addresses, and hash values across enterprise event data, whether the indicator is related to an internal alert or external intelligence.

— CrowdStrike Certified Falcon Hunter (CCFH): It is intended for investigative analysts who are responsible for deeper detection analysis and response, as well as machine timelining and event-related search queries. These analysts are also often responsible for proactive investigation (hunting) based on intelligence reports and other sources of information, as well as insider threat-related investigations. Examples of positions that align with this certification include hunting team member, security analyst, SOC analyst, security engineer, IT security operations manager, security administrator, and endpoint security administrator. Those who hold this certification have demonstrated sufficient knowledge to effectively respond to a detection within the Falcon interface and Activity app. They understand how to use automated reports and queries to assist in machine auditing and proactive investigation. They can perform simple and intermediate-level search queries using the Splunk syntax and know how to navigate between and use multiple views in the Falcon interface, such as Process Explorer, Host Search, Host Timeline, and Process Timeline, to increase productivity and quickly obtain desired results.

Related Posts