Categories: SecurityWorkspace

CrowdStrike Falcon Service Tracks Attacks Back To Source

For nearly a year, startup security firm CrowdStrike has talked up the concept of active defences: technologies and tactics that identify the attackers and their targets so companies can use the information to protect their data systems.

The company announced a managed service designed to allow companies to track attackers not by their malware or the vulnerabilities that they exploit, but by other components of their tradecraft.

‘Falcon’

Dubbed Falcon, the platform uses a threat model derived from defence circles to assign attacks to a specific group, a process the focuses on the adversary’s actions within the network.

“You don’t want to look for specific indicators, such as code or exploits,” Dmitri Alperovitch, chief technology officer for CrowdStrike, told eWEEK. “You want to focus on the objectives and the tradecraft – what they are doing.”

The Falcon platform monitors email, domain-name servers and each laptop and desktop for signs of attack. CrowdStrike analyses the attack information in its own security operations centre to gather intelligence on the various groups that are targeting its customers, said Alperovitch.

The company aims to give its customers the ability to know what kinds of attackers are targeting their systems and employees.

The concept of active defence – not to be confused with the legally questionable strategy of launching cyber-counterstrikes against attackers – aims to make the attacker’s job more difficult and more expensive.

In the past few years, nation-state-sponsored attacks targeting intellectual property have become a concern for major companies. CrowdStrike has focused on identifying the groups behind attacks by their tactics, techniques and procedures, or TTPs, rather than focusing on stopping the malware portion of the attack.

Real-time tracking

In addition, the company has gathered intelligence on the groups behind the attacks and links what its customers systems are encountering with additional intelligence. CrowdStrike observes in real-time what is happening and uploads details to the cloud, so that it can warn companies, not only of an attack in progress, but where a known group may attack next, based on its profile.

The company is aiming to count, not just large enterprises among its client base, but smaller ones as well, George Kurtz, president and chief executive of CrowdStrike, told eWEEK.

“The model that we have scales, not only because it is cloud-based, but we have augmented that with a high-end group of analysts that [small and midsize businesses] would never be able to hire,” he said. “Using that knowledge across the customer base is very valuable. At the end of the day, it is a very elastic model.”

Targeted attacks driven by foreign adversaries – whether companies engaged in industrial espionage or nation-state-funded attackers looking for intelligence – have become widespread in recent years. In February, incident response firm Mandiant released many of the details of a major campaign linked to China.

But other attackers – from Iran, North Korea and India – are also targeting US systems, Kurtz said.

Are you a security pro? Try our quiz!

Originally published on eWeek.

Robert Lemos

Robert Lemos covers cyber security for TechWeekEurope and eWeek

Recent Posts

US Finalises Billions In Awards To Samsung, Texas Instruments

US finalises $4.7bn award to Samsung Electronics, $1.6bn to Texas Instruments to boost domestic chip…

20 mins ago

OpenAI Starts Testing New ‘Reasoning’ AI Model

OpenAI begins safety testing of new model o3 that uses 'reasoning' process to ensure reliability…

49 mins ago

US ‘Adding Sophgo’ To Blacklist Over Link To Huawei AI Chip

US Commerce Department reportedly adding China's Sophgo to trade blacklist after TSMC-manufactured part found in…

1 hour ago

Amazon Workers Go On Strike Across US

Amazon staff in seven cities across US go on strike after company fails to negotiate,…

2 hours ago

Senators Ask Biden To Extend TikTok Ban Deadline

Two US senators ask president Joe Biden to delay TikTok ban by 90 days after…

2 hours ago

Journalism Group Calls On Apple To Remove AI Feature

Reporters Without Borders calls on Apple to remove AI notification summaries feature after it generates…

3 hours ago