Indicators of attack, or IoAs, a term CrowdStrike introduced more than a decade ago, brought a new approach to stopping breaches based on real adversary behavior, irrespective of the malware or exploit used in an attack.
CrowdStrike also pushed the boundaries of applying AI in cybersecurity to identify and stop the most advanced, emerging attacks. According to the 2022 CrowdStrike Global Threat Report, almost two-thirds of attacks are malware-free. These fileless attacks can be carried out entirely in memory, creating a blind spot for threat actors to exploit
Now, CrowdStrike is leveraging powerful AI techniques to create new IoAs at machine speed and scale — new innovations for fileless attack prevention at scale and enhanced visibility for stealthy cloud intrusions.
Delivered on the CrowdStrike Falcon platform and powered by the CrowdStrike Security Cloud, these new detection and response capabilities stop emerging attack techniques and enable organizations to optimize the threat detection and response lifecycle with speed, scale and accuracy.
With the Falcon platform, organizations:
- Detect new classes of attacks, faster: Find emerging attack techniques with new IoAs created by continuously learning AI models.
- Drive automated prevention with high-fidelity detections: Shutdown attacks based on a chain of behaviors, irrespective of the specific malware or tools used, with cloud-native AI models constantly delivered to the Falcon agent with newly-found IoAs.
- Activate IoAs at cloud scale, trained on human-led expertise: Synthesize insights with AI-powered IoAs from CrowdStrike’s threat hunting team to minimize false positives, maximize analyst productivity and deploy threat hunting at scale.
- Prevent the most advanced fileless attacks: Stop advanced persistent threats and prevalent tools with advanced memory scanning techniques that augment AI/ML and IoA detections with fast scanning of all memory at unprecedented scale.
- Leave bloated memory scanning behind and switch to high-performance memory scanning techniques, optimized for Intel CPU/GPUs.
- Initiate memory scans on behavior, not a fixed schedule: Automate scans with behavior-based triggers to find and stop fileless attack patterns in real time, not after a potential breach.
“We are changing the game again with the addition of AI-powered indicators of attack, which enable organizations to harness the power of the CrowdStrike Security Cloud to examine adversary behavior at machine speed and scale to stop breaches in the most effective way possible,” said Amol Kulkarni, chief product and engineering officer at CrowdStrike.
The Falcon platform was built in the cloud with a single lightweight-agent architecture to deliver rapid and scalable deployment, protection and performance, reduced complexity and immediate time-to-value.
Edited by
Erik Linask
