On August 8, 2023, CrowdStrike, the renowned American cybersecurity technology company, introduced its latest initiative, the “CrowdStrike Falcon Intelligence” and “CrowdStrike Falcon OverWatch“, aimed at detecting and disrupting advanced cyber adversaries.
Enhancing Threat Intelligence
The introduction of these new initiatives signifies CrowdStrike’s proactive approach to staying ahead of cyber threats.
“CrowdStrike Falcon Intelligence” integrates threat intelligence seamlessly into endpoint protection, bridging the gap between information and safeguarding. This integration promises a more comprehensive defense against evolving cyber threats.
A notable feature of CrowdStrike’s counter-adversary operations is the “CrowdStrike Falcon OverWatch” service, which operates as a managed threat-hunting service.
This service harnesses the power of threat hunters and intelligence analysts to identify and disrupt potential breaches. By leveraging the telemetry events from the AI-driven CrowdStrike Falcon platform, this service equips defenders with the tools to effectively detect and halt modern breaches.
Addressing Evolving Adversary Tactics
The threat intelligence report provided by CrowdStrike underscores the need for such advanced countermeasures. The report sheds light on the changing tactics of adversaries, revealing a surge in identity-focused intrusion tactics targeting cloud exploitation. Additionally, the rise in Kerberoasting attacks, which allow adversaries to obtain legitimate credentials for Active Directory service accounts, poses a significant challenge.
Staying One Step Ahead
In response to these evolving threat landscapes, CrowdStrike Counter Adversary Operations has introduced its inaugural offering, “CrowdStrike Falcon OverWatch Elite Identity Threat Hunting.”
This new service integrates real-time intelligence on adversary motives, techniques, and procedures, providing a comprehensive understanding of potential threats.
By combining this intelligence with the prowess of Falcon OverWatch threat hunters, the service offers continuous coverage, ensuring the rapid identification and resolution of compromised credentials and lateral movement.
A Vision for the Future
As today’s adversaries continue to adapt and evolve, CrowdStrike’s new counter-adversary operations stand as a pioneering model for the cybersecurity industry. With the capability to disrupt adversaries swiftly and effectively, this initiative represents a significant step towards fortifying the digital realm against modern breaches.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.