Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

October 2022

Importing Logs with CrowdStrike Falcon LogScale Log Collector

For this how-to guide, we’ll walk through how to use the CrowdStrike Falcon LogScale Log Collector to collect and send log events to your CrowdStrike Falcon® LogScale repository. Although the log shipper supports several types of log sources (see the list here), we’ll cover the use case of collecting log events from journald.

How to Complete Your LogScale Observability Strategy with Grafana

CrowdStrike Falcon® LogScale, formerly known as Humio, provides a full range of dashboarding and live query capabilities out of the box. Sometimes, however, you’ll work in an environment where there are other solutions alongside LogScale. For example, let’s say your operations team takes an observability approach that includes metrics scraped by Prometheus, tracing with Jaeger, and dashboard visualizations with Grafana.

Discovering the Critical OpenSSL Vulnerability with the CrowdStrike Falcon Platform

OpenSSL.org has announced that an updated version of its OpenSSL software package (version 3.0.7) will be released on November 1, 2022. This update contains a fix for a yet-to-be-disclosed security issue with a severity rating of “critical” that affects OpenSSL versions above 3.0.0 and below the patched version of 3.0.7, as well as applications with an affected OpenSSL library embedded.

From Data to Deployment: How Human Expertise Maximizes Detection Efficacy Across the Machine Learning Lifecycle

Security is a data problem. One of the most touted benefits of artificial intelligence (AI) and machine learning (ML) is the speed at which they can analyze potentially millions of events and derive patterns out of terabytes of files. Computational technology has progressed to the point where computers can process data millions of times faster than a human could.

Falcon Insight XDR and Falcon LogScale: What You Need to Know

CrowdStrike Falcon Insight XDR™ and CrowdStrike Falcon LogScale™ were hot topics at Fal.Con 2022. We weren’t surprised — both are transformational technologies. They’re also complementary, which spurred some questions about how they work together to solve the toughest IT and security challenges. Here, we dig into the details and clear up some common questions about what these tools do, when they should be used and the value they provide.

Election Security: Continued Vigilance Is Key

Cyber threats to elections in the U.S. and abroad remain at an elevated level and continue to evolve. It’s appropriate and encouraging to see continued growth and investment in cybersecurity efforts within elections communities. As a longstanding leader in defending elections globally, CrowdStrike understands the importance of these efforts and we want to do our part to help raise and sustain awareness.

CrowdStrike Identifies New Kiss-a-Dog Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Infrastructure

CrowdStrike has identified a new cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructure. Called “Kiss-a-dog,” the campaign targets Docker and Kubernetes infrastructure using an obscure domain from the payload, container escape attempt and anonymized “dog” mining pools.

Create Automated Workflows with Pre-Built Falcon Fusion Playbooks

CrowdStrike Falcon Fusion is an extensible framework built on the Falcon Platform that allows the orchestration and automation of complex workflows. These workflows can be used to simplify tasks, accelerate response time, and save valuable time for security teams. Falcon Fusion is included in the Falcon platform and available to all customers. Available in console now are Falcon Fusion playbooks. Playbooks are pre-built workflow templates centered around common use cases.

Playing Hide-and-Seek with Ransomware, Part 2

In Part 1, we explained what Intel SGX enclaves are and how they benefit ransomware authors. In Part 2, we explore a hypothetical step-by-step implementation and outline the limitations of this method. Watch this live attack demo to see how the CrowdStrike Falcon® platform and the CrowdStrike Falcon Complete™ managed detection and response team protect against ransomware.

CrowdStrike Advances to Research Partner with MITRE Engenuity Center for Threat-Informed Defense to Help Lead the Future of Cyber Defense

CrowdStrike is now a Research Partner with the MITRE Engenuity Center for Threat-Informed Defense, joining a select list of cybersecurity companies and research foundations to take a hands-on approach to transforming state-of-the-art, threat-informed defense against sophisticated adversaries into a state of practice for organizations. Building on its previous role as Research Sponsor, CrowdStrike is reaffirming its commitment to fostering an open and collaborative security ecosystem.

CrowdStrike and Google Chrome: Building an Integrated Ecosystem to Secure Your Enterprise Using the Power of Log Management

Organizations today face an onslaught of attacks across devices, identity and cloud workloads. The more security telemetry an organization has to work with, the better threat hunters can contextualize events to find and remediate potential threats. Google recently announced Chrome Enterprise Connectors Framework, a collection of plug-and-play integrations with industry-leading security solution providers.

The Anatomy of Wiper Malware, Part 4: Less Common "Helper" Techniques

In Part 3, CrowdStrike’s Endpoint Protection Content Research Team covered the finer points of Input/Output Control (IOCTL) usage by various wipers. The fourth and final part of the wiper series covers some of the rarely used “helper” techniques implemented by wipers, which achieve secondary goals or facilitate a smaller portion of the wiping process.

Playing Hide-and-Seek with Ransomware, Part 1

At CrowdStrike, our mission is to stop breaches. To achieve this, we’re always on the lookout to defend customers against active attacks and preemptively protect them against emerging threats. In July 2021, researchers from Royal Holloway, University of London, published a white paper, “RansomClave: Ransomware Key Management using SGX,” that presents a novel ransomware based on an Intel feature called Software Guard Extension (SGX).

CrowdStrike Enables Federal Departments and Agencies to Meet CISA Operational Directive 23-01

In support of the Executive Order on Improving the Nation’s Cybersecurity, the Cybersecurity and Infrastructure Security Agency (CISA) recently published a Binding Operational Directive (BOD) 23-01, designed to improve cybersecurity for the Federal Civilian Executive Branch (FCEB) enterprise and their respective unclassified assets.

CrowdStrike Achieves Red Hat OpenShift Certification: Streamlining Visibility and Automating Protection for OpenShift

As organizations expand their cloud-native initiatives and increase their use of containers and Kubernetes in production, they face challenges regarding container security, monitoring, data management and networking. To meet this growing need, we’re pleased to announce our certification of Red Hat OpenShift through the CrowdStrike Falcon® platform — giving joint customers comprehensive breach protection for OpenShift nodes, workloads and containers.

Evolving Threats in the Cloud and What They Mean

As organizations move data and infrastructure into the cloud, they open themselves up to new and novel cyber threats, often without realizing it. In this Fal.Con 2022 session, Duke McDonald, Strategic Threat Advisor, CrowdStrike, explains how to not only highlight threats in the cloud based on real adversary tactics and attacks, but also how to meaningfully address these risks.

Innovate with AWS and Secure with CrowdStrike

In the last two years, the shift to cloud adoption has only accelerated. This rapid shift has reinforced the profound importance of protecting IT assets from the latest cyber threats. AWS and CrowdStrike are working together to provide joint solutions for wherever you are in your cloud journey. From migrating VMware-based workloads in a lift or shift fashion or completely modernizing your infrastructure with microservices and containers, AWS and CrowdStrike have a solution to help you innovate and secure your infrastructure.

Cloud-Native Application Platform (CNAPP): Bridging the GAP for DevSecOps

As businesses move their applications, workloads and critical data to the cloud, it becomes more important to rethink how to protect those resources and how to manage those protections. Unfortunately, organizations race to adopt cloud workload protection tooling without considering the bigger picture of how all cloud security controls must work together across all layers of their technology stack, especially the application layer. As a result, they often end up with different security solutions and controls working in silos, which leads to a lack of visibility, a lack of security consistency and security gaps.

DirtyCred: Opening Pandora's Box to Current and Future Container Escapes

DirtyCred is a new Linux kernel exploitation technique that allows kernel Use After Free (UAF) or Double free vulnerabilities to swap a credential or file structure on the kernel heap memory to escalate privileges to root. The replaced credential or file structure provides root access on a Linux host and breaks out of the container at the same time. Ph.D.

Improve Threat Hunting with Long-Term, Cost-Effective Data Retention

What if you could easily extend the retention of your CrowdStrike Falcon® detection data for a year or longer? Would that help with compliance? Investigations? Threat hunts? In Part 1 of this series, we covered the basics of Falcon Long Term Repository (Falcon LTR). To recap, Falcon LTR is an option available to Falcon customers. It offers a simple and cost-effective way to retain your Falcon detection data long term, which has historically been a costly and complex endeavor for security teams.

Better Together with CrowdStrike and Proofpoint

CrowdStrike and Proofpoint have partnered to provide joint customers with an innovative approach to handling threats, offering enhanced security postures from email to the device itself. CrowdStrike and Proofpoint are focused on the shared vision of protecting people and their devices from today’s most sophisticated threats.

Ingesting CrowdStrike Falcon Platform Data into Falcon Long Term Repository

Threat hunters and security teams need more data about the IT environment to add context to their investigations. To add that additional information to your Falcon environment, Falcon Data Replicator (FDR) gives you a way to pull raw event data from the CrowdStrike Falcon® platform. Now, customers can ingest, transform and analyze the data as part of their standard process.