Sunnyvale, CA, USA
Jan 20, 2022   |  By Brett Shaw
Deloitte, a leader in managed security services, has launched MXDR by Deloitte — a Managed Extended Detection and Response suite of offerings — within which the CrowdStrike Falcon® platform will power a number of solutions. MXDR by Deloitte combines an integrated, composable and modular managed detection and response SaaS platform with managed security services in a unified offering of advanced, military-grade threat hunting, detection, response and remediation capabilities.
Jan 20, 2022   |  By James Lovato
In an incident response investigation, CrowdStrike analysts use multiple data points to parse the facts of who, what, when and how. As part of that fact-finding mission, analysts investigating Windows systems leverage the Microsoft Protection Log (MPLog), a forensic artifact on Windows operating systems that offers a wealth of data to support forensic investigations. MPLog has proven to be beneficial in identifying process execution and file access on systems.
Jan 19, 2022   |  By CrowdStrike Intelligence Team
On Jan. 15, 2022, a set of malware dubbed WhisperGate was reported to have been deployed against Ukrainian targets. The incident is widely reported to contain three individual components deployed by the same adversary, including a malicious bootloader that corrupts detected local disks, a Discord-based downloader and a file wiper. The activity occurred at approximately the same time multiple websites belonging to the Ukrainian government were defaced.
Jan 13, 2022   |  By Janani Nagarajan
Organizations need to stay ahead of the ever-evolving security landscape. It’s no secret that Zero Trust security is crucial for successful endpoint protection. Due to the rapid transition to a remote workforce and shift from the traditional data center into dynamic cloud infrastructure we’ve witnessed in the last year, more and more companies are finding the need to accelerate their digital transformation to keep pace with the expanding threat surface.
Jan 13, 2022   |  By Mihai Maganu
Malware targeting Linux-based operating systems, commonly deployed in Internet of Things (IoT) devices, have increased by 35% in 2021 compared to 2020, according to current CrowdStrike threat telemetry, with the top three malware families accounting for 22% of all Linux-based IoT malware in 2021.
Jan 11, 2022   |  By Alex Talyanski
Microsoft recently published two critical CVEs related to Active Directory (CVE-2021-42278 and CVE-2021-42287), which when combined by a malicious actor could lead to privilege escalation with a direct path to a compromised domain. In mid-December 2021, a public exploit that combined these two Microsoft Active Directory design flaws (referred also as “noPac”) was released.
Jan 11, 2022   |  By Paul Pratley, Mark Goudie
During a recent client engagement for a tabletop exercise (TTX), it became apparent that the client did not have a methodology for tracking indicators and building an incident timeline. The CrowdStrike Services team wanted to provide more information to our client on how incidents can and should be tracked, but nothing was available in the public domain.
Jan 11, 2022   |  By Anmol Maurya
The TellYouThePass ransomware family was recently reported as a post-exploitation malicious payload used in conjunction with a remote code execution vulnerability in Apache Log4j library, dubbed Log4Shell. TellYouThePass was first reported in early 2019 as a financially motivated ransomware designed to encrypt files and demand payment for restoring them. Targeting both Windows and Linux systems, TellYouThePass ransomware re-emerged in mid-December 2021 along with other ransomware like Khonsari.
Jan 7, 2022   |  By David Puzas
It should come as little surprise that when enterprise and IT leaders turned their attention to the cloud, so did attackers. Unfortunately, the security capabilities of enterprises have not always kept up with the threat landscape. Poor visibility, management challenges and misconfigurations combine with other security and compliance issues to make protecting cloud environments a complex endeavor.
Following the Dec. 9, 2021, announcement of the Log4j vulnerability, CVE 2021-44228, CrowdStrike Falcon OverWatch™ has provided customers with unrivaled protection and 24/7/365 vigilance in the face of heightened uncertainty. To OverWatch, Log4Shell is simply the latest vulnerability to exploit — a new access vector among a sea of many others.
Dec 22, 2021   |  By CrowdStrike
This video will demonstrate how organizations can use Falcon FileVantage, CrowdStrike's File Integrity Monitoring (FIM) solution, to monitor for file and system changes required to satisfy compliance regulations.
Dec 20, 2021   |  By CrowdStrike
The CrowdStrike®️ Falcon OverWatch™️ team is one of the industry’s most sophisticated threat hunting teams, responsible for continuous hunting across a massive global data set. Key to the team’s success is OverWatch’s carefully tuned methodology, SEARCH, which supplies the framework needed to balance the people, process, and technology, providing successful threat hunting results every minute of every day and leaving the adversary nowhere to hide.
Nov 10, 2021   |  By CrowdStrike
This video will focus on Spotlight's ExPRT.AI rating and how it can be used to prioritize and resolve the vulnerabilities that pose the highest levels of risk.
Nov 8, 2021   |  By CrowdStrike
This video will review look at how Falcon Insight's scheduled searches can be used to automate queries, send notifications and download event data.
Nov 2, 2021   |  By CrowdStrike
Protecting Users from Malicious Sites with Falcon for Mobile Falcon for Mobile protects users by preventing connections to malicious sites on both iOS and Android devices. Some examples of sources for these malicious connections are texts, emails, apps, or even QR codes. Falcon for mobile can block navigating to malicious sites and notifying the user why it was blocked, educating the user and reducing the risk in the future.
Sep 2, 2021   |  By CrowdStrike
In this video, we will demonstrate how Falcon Forensics can help organizations efficiently collect and analyze forensic artifacts as part of incident investigations, compromise assessments and enterprise data triage.
Aug 18, 2021   |  By CrowdStrike
Falcon Fusion is a unified, SOAR platform that allows you to easily build and automate complex workflows using contextual insights provided by CrowdStrike’s security cloud and partner apps.
Aug 16, 2021   |  By CrowdStrike
Wizard Spider is a criminal group behind the core development and distribution of a sophisticated arsenal of criminal tools that allow them to run multiple different types of operations. This interview with Nina Padavil, Strategic Threat Advisor, CrowdStrike, and Robert Bruno, Commercial Illustrator, will highlight Wizard Spider’s targets, tactics and motivations. You don't have a malware problem, you have an adversary problem – stay ahead of the adversaries and learn more at the Adversary Universe.
Aug 11, 2021   |  By CrowdStrike
In this video, we will look at Falcon Horizon, CrowdStrike’s cloud security posture management (CSPM) solution. Falcon Horizon delivers continuous monitoring of multi-cloud environments to proactively report misconfigurations and suspect behaviors along with compliance documentation and recommended remediations.
Aug 9, 2021   |  By CrowdStrike
Judgment Panda is a highly capable adversary with a likely nexus to the Chinese Ministry of State Security. This interview with Jake Kwon, Strategic Threat Advisor, CrowdStrike, and Robert Bruno, Commercial Illustrator, will highlight Judgment Panda's targets, tactics and motivations. You don't have a malware problem, you have an adversary problem – stay ahead of the adversaries and learn more at the Adversary Universe.
Dec 20, 2021   |  By CrowdStrike
Visibility in the cloud is an important but difficult problem to tackle. It differs among cloud providers, and each one has its own positive and negative aspects. This guide covers some of the logging and visibility options that Amazon Web Services (AWS) and Google Cloud Platform (GCP) offer, and highlights their blind spots and how to eliminate them.
Dec 20, 2021   |  By CrowdStrike
Since a majority of the breaches are credential based, securing your multi-directory identity store - Microsoft Active Directory (AD) and Azure AD - is critical to protecting your organization from adversaries launching ransomware and supply chain attacks. Your security and IAM teams are concerned about securing AD and maintaining AD hygiene - and they need to be in sync, for example, to ensure that legacy and deprecated protocols like NTLMv1 are not being used and that the right security controls are in place to prevent breaches in real time.
Dec 1, 2021   |  By CrowdStrike
You have to secure your workforce identities immediately, to protect your organization from modern attacks like ransomware and supply chain threats. Your environment could be just Microsoft Active Directory (AD), or a hybrid identity store with AD and Azure AD, and it's important to have a holistic view of the directories and a frictionless approach to securing them. If you're considering Microsoft to secure your identities and identity store (AD and Azure Active Directory), you should ask these five questions.
Dec 1, 2021   |  By CrowdStrike
Learn about how to strengthen and modernize your agency's security protection, detection and remediation with Zero Trust. This white paper explains the unique risk factors federal agencies face, what a superior Zero Trust framework includes, and how cloud and endpoint security can help modernize federal security from the endpoint to the application.
Nov 1, 2021   |  By CrowdStrike
Cloud adoption remains a key driver for digital transformation and growth for today's businesses, helping them deliver applications and services to customers with the speed and scalability that only the cloud can provide. Enabling them to do so safely is a critical objective for any enterprise IT security team.
Nov 1, 2021   |  By CrowdStrike
Network segmentation has been around for a while and is one of the core elements in the NIST SP 800-207 Zero Trust framework. Although network segmentation reduces the attack surface, this strategy does not protect against adversary techniques and tactics in the identity phases in the kill chain. The method of segmentation that provides the most risk reduction, at reduced cost and operational complexity, is identity segmentation.

CrowdStrike protects the people, processes and technologies that drive modern enterprise. A single agent solution to stop breaches, ransomware, and cyber attacks—powered by world-class security expertise and deep industry experience.

Many of the world’s largest organizations already put their trust in CrowdStrike, including three of the 10 largest global companies by revenue, five of the 10 largest financial institutions, three of the top 10 health care providers, and three of the top 10 energy companies.

A Radical New Approach Proven To Stop Breaches:

  • Cloud Native: Eliminates complexity and simplifies deployment to drive down operational costs.
  • AI Powered: Harnesses the power of big data and artificial intelligence to empower your team with instant visibility.
  • Single Agent: Delivers everything you need to stop breaches — providing maximum effectiveness on day one.

One platform. Every industry. Superior protection.