The MITRE ATT&CK framework, a key resource for helping organizations defend against cyberattacks, is critical to advancing cybersecurity research. The MITRE Engenuity Center for Threat-Informed Defense’s public library of adversary-specific emulation plans has become a valuable component of the ATT&CK framework. Each plan in the library provides comprehensive ATT&CK tactics and techniques employed by well-known adversaries.

Today’s security practitioners face a daunting challenge: Staying ahead of sophisticated adversaries who have turned their attention to the expansive terrain of cloud environments. CrowdStrike observed a 95% year-over-year increase in cloud exploitation in 2022. This trend demands strategic reevaluation of how organizations protect their cloud environments and workloads, and emphasizes the importance of choosing the right cloud security capabilities.

Since announcing Charlotte AI, we’ve engaged with many customers to show how this transformational technology will unlock greater speed and value for security teams and expand their arsenal in the fight against modern adversaries. Customer reception has been overwhelmingly positive as organizations see how Charlotte AI will make their teams faster, more productive and learn new skills, which is critical to beat the adversaries in the emerging generative AI arms race.

Forrester has named CrowdStrike a Leader in The Forrester Wave™: Managed Detection And Response Services In Europe, Q4 2023, only a few months after naming CrowdStrike a Leader in The Forrester Wave™: Managed Detection and Response, Q2 2023. In Forrester’s MDR report for Europe, CrowdStrike Falcon® Complete received the highest scores in the Current Offering and Strategy categories, as well as the highest possible scores in 13 of 22 criteria.

It’s 10:30 p.m. and you’re heading to bed. Unfortunately, a threat actor has your organization in their crosshairs. While you’re brushing your teeth, they’re crafting a social engineering email to pilfer your employees’ credentials. While you’re putting on your pajamas, they’re finding a path to log in. While you’re asleep, is your organization protected?

CrowdStrike’s cloud security team discovered a new vulnerability (CVE-2023-29082) in Flexera’s FlexNet Inventory Agent. When exploited, an attacker can escape from a container and gain root access to the host. Exploitation of CVE-2023-29082 can allow an attacker to perform a variety of actions on objectives, including execution of malware and exfiltration of data.

We are well aware of the devastating effect insiders can have when using their legitimate access and knowledge to target their own organization. These incidents can result in significant monetary and reputational damages. Entities small and large, across all sectors, can fall victim to insider threats.

CrowdStrike is proud to announce the CrowdStrike Falcon® platform has achieved FedRAMP® High-Impact Level Ready status from the Joint Authorization Board (JAB), demonstrating our commitment to achieving the highest compliance authorization for the United States federal government and support for both the National Cybersecurity Strategy Implementation Plan (NCSIP) and the Executive Order on Improving the Nation’s Cybersecurity.

CrowdStrike is honored to be named Partner of the Year for several 2023 Geo and Global AWS Partner Awards at Amazon Web Services re:Invent 2023, where we are participating this year as a Diamond Sponsor. We are also proud to be a launch partner for AWS Built-in and achieve two AWS competencies.

The major news in technology policy circles is this month’s release of the long-anticipated Executive Order (E.O.) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. While E.O.s govern policy areas within the direct control of the U.S. government’s Executive Branch, they are important broadly because they inform industry best practices and can even potentially inform subsequent laws and regulations in the U.S. and abroad.