CrowdStrike Launches Big Data Active Defense Platform

"CrowdStrike Falcon Platform" Offers Next-Generation Security Technology Fusing Real-Time Detection and Attribution of Targeted Attacks with Actionable Intelligence

Jun 18, 2013, 08:00 ET from CrowdStrike

IRVINE, Calif., June 18, 2013 /PRNewswire/ -- CrowdStrike, a security technology company focused on identifying and preventing damage from targeted attacks, today launched its big data Active Defense platform that enables enterprises to move beyond the existing passive defense security approaches that are incapable of stopping advanced adversaries and protecting your intellectual property. Under the CrowdStrike Falcon Platform, the Threat Protect and Adversary Intelligence applications are now immediately available.

The CrowdStrike Falcon Platform allows enterprises to not only detect zero-day attacks and identify advanced malware, but also to raise the cost and risk to the adversary by attributing the attack, providing a flexible range of response options and sharing information across an entire community of like-minded trusted defenders. Designed to continuously monitor, share, and mitigate the adversary's Tactics, Techniques, and Procedures (TTPs), the CrowdStrike Falcon Platform provides unmatched detection and attribution capabilities.

"With the CrowdStrike Falcon Platform, we are shifting the discussion from defending against malware to defending against the adversary," says George Kurtz, President and CEO of CrowdStrike. "Organizations realize they need to identify targeted attacks in real-time and move beyond periodically looking for indicators of compromise. If you are looking for the remnants of a compromise, it's too late." 

The CrowdStrike Falcon Platform is built on a redundant, highly scalable, and secure cloud architecture that correlates intelligence and security events in real time from CrowdStrike's global network of sensors. By storing and analyzing a vast amount of threat event data in a scalable, elastic cloud, the CrowdStrike Falcon Platform enables enterprises to pinpoint targeted attackers and their tradecraft in real-time. This massive intelligence repository is constantly mined, and advanced analytics are used to reveal intelligence insights that may escape currently available anti-malware and cyber threat intelligence products and services. Through its algorithmic approach to identify adversary behavior, CrowdStrike is pioneering the science of security. 

Among the CrowdStrike Falcon Platform's capabilities:

  • Detects zero-day threats and prevents damage from targeted attacks in real time
  • Identifies unknown malware and Adversary-in-Motion lateral movement activities and provides damage assessment and attacker attribution
  • Provides a flexible range of responses to raise the cost and risk to the adversary
  • Shares information across an entire community of like-minded trusted defenders
  • Leverages a cloud-based platform and a global network of event-driven security sensors

CrowdStrike Threat Protect Application

CrowdStrike Threat Protect is the cloud-managed next-generation detection application running on the CrowdStrike Falcon Platform. Threat Protect leverages a lightweight, host-based adversary detection sensor that shadows, captures, and correlates low-level operating system events to instantly identify the adversary tradecraft and activity through our patent-pending Execution Profiling technology. As opposed to focusing on malware signatures, indicators of compromise, exploits, and vulnerabilities, Threat Protect instead identifies mission objectives of the adversary leveraging the Kill Chain model and provides real time detection by focusing on what the attacker is doing, as opposed to looking for a specific, easily changeable indicator used in an attack.

Without performing intrusive and performance-impacting scans of the system, Threat Protect's highly efficient real time monitoring of all system activity is the only security solution that provides maximum visibility into all adversary activities, including Adversary-in-Motion: reconnaissance, exploitation, privilege escalation, lateral movement, and exfiltration. In addition to real time detection, Threat Protect provides continuous in-the-cloud retrospective insight into past attack and other execution activity with CrowdStrike's Activity Flight Recorder (AFR) technology. The intersection of recorded adversary attack information and next-generation targeted attack identification and attribution is a unique capability not offered by any other security technology.

CrowdStrike Threat Protect supports Microsoft Windows and Apple Mac workstations and servers.

CrowdStrike Adversary Intelligence Application

CrowdStrike Adversary Intelligence is the cutting-edge cyber threat intelligence application of the CrowdStrike Falcon Platform, providing strategic analysis and customized views of advanced attacker activity. With unprecedented insight into adversary TTPs, enterprises can leverage an extremely granular view into specific adversary campaigns and proactively defend against future attacks.

CrowdStrike Adversary Intelligence is a web-based intelligence subscription that includes full access to a variety of offerings, including:

  • CrowdStrike Intelligence Reporting
  • Actionable Intelligence Feeds & Indicator Data (host and network)
  • Malware Identification
  • Flash Reporting
  • CrowdStrike Adversary Profile Library
  • Quarterly Executive Intelligence Briefings
  • Expert Support

The Adversary Intelligence subscription provides an interactive worldview map that allows end users to navigate directly to countries and adversary groups of interest while automation provides organization-specific intelligence. The subscription allows end users to download full technical reports, actionable intelligence feeds, and indicator data; gain insight into adversary TTPs with the actor profile library; and submit malware samples for custom identification and reporting. Multiple intelligence workflows provide the ability to search a vast repository of intelligence data for known and unknown patterns and indicators.

Today's threat environment has proven that adversaries are constantly profiling and penetrating your corporate infrastructure to access and collect intellectual property, proprietary data, and trade secrets. "What we should focus on is who attacked us, what tradecraft they used, what their mission objectives are, what data they are after, and what we can do to raise the cost and risk to the adversary to deter the future threat," says CTO & Co-Founder of CrowdStrike, Dmitri Alperovitch. Through unprecedented and comprehensive analysis of intelligence data, the CrowdStrike Falcon Platform can quickly identify not only the attack but the specific adversary who launched it. Enterprises then leverage Active Defense strategies of detection, attribution, flexible response, and intelligence dissemination to raise the cost of adversaries and discourage them from attacking again.

In the future, the CrowdStrike Falcon Platform will also provide the means for enterprises to share adversary intelligence in real time, extending the ability of whole industries and supply chains to protect themselves from a given attack or adversary. "Up until now, passive defense solutions have focused on malware, but we're providing a way to identify the adversary and actually take action against them," Alperovitch said. "We believe Active Defense is the next-generation cybersecurity strategy that all organizations facing targeted attacks need to adopt."

About CrowdStrike

CrowdStrike is a security technology company focused on helping enterprises and governments protect their most sensitive intellectual property and national security information. Using big data technologies, CrowdStrike is developing a new and innovative approach to solving today's most demanding cyber-security challenges. CrowdStrike's core mission is to fundamentally change how organizations implement and manage security in their environment. The company was co-founded by George Kurtz, former founder and CEO of Foundstone and Worldwide CTO and GM at McAfee / Intel, Dmitri Alperovitch, former VP Threat Research at McAfee / Intel, and Gregg Marston, former CFO at Networks in Motion. Gerhard Watzinger, CEO of iGATE and former EVP of Corporate Strategy at McAfee, is Chairman of the Board.

You don't have a malware problem, you have an adversary problem™. | @CrowdStrike

SOURCE CrowdStrike