CrowdStrike is expanding the capabilities of CrowdStrike Falcon® Data Protection and introducing a new offering, SaaS Threat Services, enabling security teams to protect sensitive data across endpoints, cloud environments, and GenAI and SaaS applications.
Today’s adversaries are targeting data wherever it resides. As GenAI adoption accelerates, misconfigured applications and unsecured usage create new vectors for data exposure. Legacy data loss prevention solutions, which often require separate tools for endpoint and cloud environments, aren’t enough to defend against modern attacks.
CrowdStrike is closing the gaps adversaries exploit to steal data by protecting sensitive information across modern hybrid environments. Falcon Data Protection now delivers real-time protection for data at rest and in motion, from endpoint to cloud. We are expanding the capabilities of Falcon Data Protection for Endpoint with Encryption Detection, GenAI Data Leak Prevention, and macOS Expanded Coverage to strengthen data protection on the endpoint. In addition, we are introducing Falcon Data Protection for Cloud, a new solution that brings our real-time data loss prevention to cloud workloads.
In addition to new innovations in Falcon Data Protection, CrowdStrike is launching SaaS Threat Services, generally available today. This expert-led offering helps organizations identify and mitigate risks across SaaS environments, where sensitive data is often exposed and under-protected.
Table of Contents
Stronger Data Protection Across Endpoint, Cloud, and SaaS
Falcon Data Protection consists of two separate offerings: Falcon Data Protection for Cloud, announced today, and Falcon Data Protection for Endpoint, now updated with new capabilities.
Falcon Data Protection for Cloud
The need for visibility into how data moves within and beyond cloud environments has never been more urgent — but traditional data protection tools weren’t designed for the speed and complexity of today’s cloud-native architectures.
Falcon Data Protection for Cloud, launching in beta, provides runtime protection for cloud data at rest and in motion. It gives security teams real-time visibility into data flows across cloud storage, SaaS applications, APIs, internal services, and databases. Leveraging extended Berkeley Packet Filter (eBPF) technology, Falcon Data Protection for Cloud detects and monitors unauthorized data movement in real time, with minimal performance impact.
With this, security teams gain immediate insight into where sensitive data is moving, when it’s moving, and who is moving it. They are alerted as violations happen, not after they occur — giving them a critical edge in responding to potential leaks. Enforcement policies keep data within approved boundaries, helping organizations address compliance requirements and avoid accidental exposure.
Falcon Data Protection for Cloud runs on the unified AI-native CrowdStrike Falcon® platform, with no additional agents or overhead. It shares classifications across endpoint and cloud environments, eliminating silos and reducing the risk of misconfigurations. With these capabilities, organizations gain the speed, precision, and control they need to protect sensitive data in modern cloud environments.
Falcon Data Protection for Endpoint
Data loss can unfold in myriad ways: A well-meaning employee may paste sensitive information into a GenAI tool; an adversary may stealthily encrypt and exfiltrate files. Traditional data protection tools have long struggled to detect these activities in time to stop them. New capabilities in Falcon Data Protection for Endpoint enable faster detection and response.
Encryption detection: CrowdStrike is launching an industry-first solution with Falcon Data Protection for Endpoint Encryption Detection, which provides full content inspection of encrypted archives as they are created and proactively classifies sensitive data before it’s locked away and exfiltrated. By capturing the full content of files at the point of encryption, organizations can detect and stop data theft in its tracks without disrupting legitimate workflows. This reduces investigation time, helps eliminate encrypted blind spots, and supports compliance efforts.
GenAI data leak prevention: Another enterprise concern is sensitive data leaking into GenAI tools. Falcon Data Protection for Endpoint delivers real-time GenAI data leak prevention, using Similarity Detection DNA technology to recognize sensitive content even when modified or repackaged for GenAI tool upload. It enforces policies by content type, source, or sensitivity label — preventing inadvertent exposure of sensitive information while blocking data leakage across managed and unmanaged GenAI applications.
macOS security coverage: Falcon Data Protection for Endpoint coverage also now extends to macOS. This capability, launching in beta, extends unified data protection to macOS environments. This allows teams to monitor data flows, apply consistent controls, and protect sensitive information across diverse operating systems.
These new innovations come together to form a powerful defense against insider threats, operational blind spots, and new data loss vectors. And because they run on the same lightweight Falcon sensor that powers the rest of the CrowdStrike Falcon cybersecurity platform, they’re easy to deploy and deliver immediate value.
SaaS Threat Services
As businesses increasingly rely on SaaS applications to drive productivity and collaboration, they must address security gaps that adversaries and malicious insiders can exploit to access sensitive data. Misconfigured permissions, unvetted integrations, and overly permissive access controls can all lead to data exposure and account compromise.
CrowdStrike is introducing SaaS Threat Services to help organizations reduce these risks. These expert-led engagements, powered by CrowdStrike Falcon® Shield technology and industry-leading threat intelligence, proactively hunt, assess, and respond to SaaS security threats, helping organizations protect sensitive data and reduce risk.
SaaS Threat Services is built to expose SaaS attack patterns, from token hijacking to valid account abuse, as well as risky SaaS-to-SaaS integrations. As more organizations move sensitive data and operations to SaaS platforms, adversaries are quickly adapting. The CrowdStrike 2025 Global Threat Report warns SaaS exploitation will be a threat to watch in 2025. Adversaries like SCATTERED SPIDER are already abusing SaaS apps to locate credentials, conduct lateral movement, and launch broader attacks.
With SaaS Threat Services, CrowdStrike provides assessments that turn visibility into action. By correlating telemetry from Falcon Shield, these engagements identify abnormal behavior, misconfigurations, and risky integrations, giving organizations a clear path to reduce risk and improve SaaS security posture with speed and precision.
Comprehensive Data Protection to Fight Modern Threats
With Falcon Data Protection for Endpoint, Falcon Data Protection for Cloud, and CrowdStrike SaaS Threat Services, organizations gain deep insights across every layer of the hybrid enterprise. All of these offerings run on the Falcon platform, giving security teams more power without adding complexity.
Together, these launches represent the next evolution of data security: real-time, unified, and built to keep pace with how organizations work. By combining powerful technology with expert-led services, CrowdStrike is closing the gaps that traditional data protection solutions leave behind.
Additional Resources
Leave a Reply