CrowdStrike Uncovers Advanced Attacks with Falcon


CrowdStrike Uncovers Advanced Attacks with Falcon

By Greg Tavarez

Indicators of attack, or IoAs, a term CrowdStrike introduced  more than a decade ago, brought a new approach to stopping breaches based on real adversary behavior, irrespective of the malware or exploit used in an attack.

CrowdStrike also pushed the boundaries of applying AI in cybersecurity to identify and stop the most advanced, emerging attacks. According to the 2022 CrowdStrike Global Threat Report, almost two-thirds of attacks are malware-free. These fileless attacks can be carried out entirely in memory, creating a blind spot for threat actors to exploit

Now, CrowdStrike is leveraging powerful AI techniques to create new IoAs at machine speed and scale — new innovations for fileless attack prevention at scale and enhanced visibility for stealthy cloud intrusions. 

Delivered on the CrowdStrike Falcon platform and powered by the CrowdStrike Security Cloud, these new detection and response capabilities stop emerging attack techniques and enable organizations to optimize the threat detection and response lifecycle with speed, scale and accuracy.

With the Falcon platform, organizations:

  • Detect new classes of attacks, faster: Find emerging attack techniques with new IoAs created by continuously learning AI models.
  • Drive automated prevention with high-fidelity detections: Shutdown attacks based on a chain of behaviors, irrespective of the specific malware or tools used, with cloud-native AI models constantly delivered to the Falcon agent with newly-found IoAs.
  • Activate IoAs at cloud scale, trained on human-led expertise: Synthesize insights with AI-powered IoAs from CrowdStrike’s threat hunting team to minimize false positives, maximize analyst productivity and deploy threat hunting at scale.
  • Prevent the most advanced fileless attacks: Stop advanced persistent threats and prevalent tools with advanced memory scanning techniques that augment AI/ML and IoA detections with fast scanning of all memory at unprecedented scale.
  • Leave bloated memory scanning behind and switch to high-performance memory scanning techniques, optimized for Intel CPU/GPUs.
  • Initiate memory scans on behavior, not a fixed schedule: Automate scans with behavior-based triggers to find and stop fileless attack patterns in real time, not after a potential breach.

“We are changing the game again with the addition of AI-powered indicators of attack, which enable organizations to harness the power of the CrowdStrike Security Cloud to examine adversary behavior at machine speed and scale to stop breaches in the most effective way possible,” said Amol Kulkarni, chief product and engineering officer at CrowdStrike.

The Falcon platform was built in the cloud with a single lightweight-agent architecture to deliver rapid and scalable deployment, protection and performance, reduced complexity and immediate time-to-value.

Edited by Erik Linask

MSPToday Editor

Related Articles

Unifi Connects Employees to T-Mobile 5G Network

By: Greg Tavarez    9/28/2022

Unifi selected T-Mobile and Hyperion for a Managed Mobility program to give employees a personal 5G smartphone.

Read More

Teams Direct Routing for MSP Revenue

By: Gary Audin    9/27/2022

Team Direct Routing is a way to connect Microsoft's Phone System to the PSTN via an existing PBX, Unified Communications system, or a third-party tele…

Read More

End-User Privacy and Mobile Security Coexist in Q-Scout

By: Greg Tavarez    9/27/2022

Quokka believes end-user privacy and mobile security should coexist in a secure BYOD network and launched Q-Scout to provide proactive, privacy-first …

Read More

CrowdStrike Intros Partner Progam, Adds Elite Tier for Business Growth

By: Stefania Viscusi    9/27/2022

The CrowdStrike Powered Service Provider Program (CPSP) includes value-added solution bundles and is adding an elite tier to incentivize MSPs.

Read More

Escalating Ransomware Diminishes Organizations' Confidence

By: Greg Tavarez    9/26/2022

SpyCloud revealed in its "2022 Ransomware Defense Report" that 90% of organizations were affected by ransomware in some capacity over the past 12 mont…

Read More