Normal view

There are new articles available, click to refresh the page.
Before yesterdayCrowdStrike

CrowdStrike Named Overall Leader in Industry’s First ITDR Comparative Report

✇CrowdStrike
By: Venu Shastri
30 April 2024 at 09:10

The industry’s first identity detection and response (ITDR) analyst report names CrowdStrike an Overall Leader and a “cyber industry force.”

In KuppingerCole Leadership Compass, Identity Threat Detection and Response (ITDR) 2024: IAM Meets the SOC, CrowdStrike was named a Leader in every category — Product, Innovation, Market and Overall Ranking — and positioned the highest for Innovation among all eight vendors evaluated. We received the top overall position in the report and a perfect 5/5 rating in every criteria, including security, functionality, deployment, interoperability, usability, innovativeness, market position, financial strength and ecosystem.

CrowdStrike pioneered ITDR to stop modern attacks with the industry’s first and only unified platform for identity protection and endpoint security powered by threat intelligence and adversary tradecraft — all delivered on a single agent. The market has continued to recognize our leadership, with CrowdStrike being positioned furthest to the right of all eight vendors evaluated in KuppingerCole’s report.

Figure 1. The Overall Leader chart in the KuppingerCole Leadership Compass, Identity Threat Detection and Response (ITDR) 2024: IAM Meets the SOC

A Leader in Innovation

In 2023, 75% of attacks used to gain initial access were malware-free, highlighting the prevalence of identity-based attacks and use of compromised credentials. Since releasing CrowdStrike Falcon® Identity Threat Protection in 2020, CrowdStrike has been constantly innovating on the product to deliver a mature solution that stops modern identity attacks.

In the report, CrowdStrike was positioned furthest to the right and highest in Innovation, demonstrating our commitment to delivering cutting-edge technology. “CrowdStrike is a cyber industry force, and its Falcon Identity Protection demonstrates real attention to detail where threats are related,” KuppingerCole states.

The cloud-native architecture of Falcon Identity Protection is another point of differentiation, delivering the speed and scale that businesses need, with minimal hardware requirements.

“Offered as a cloud-native SaaS service, Falcon Identity Protection component requires a minimal on-premises footprint, requiring only a lightweight Falcon sensor on the Active Directory (AD) domain controllers. This architecture also enables packet-level inspection and real-time alerting of suspicious events,” states the report.

CrowdStrike Focuses Where Threats Are

In our mission to stop breaches, CrowdStrike focuses where identity threats often originate: in Microsoft identity environments. This is reflected in the report, with KuppingerCole describing Microsoft environments as “the entry point to attack vectors.”

“Falcon Identity Protection excels at its deep coverage of Microsoft environments, including on-premises AD and Azure-based environments. The coverage ranges from aging AD protocols for domain controller replication, to password hash synchronization over AD Connect, to Azure based attacks on Entra ID,” states the report.

CrowdStrike’s protection of Microsoft identity stores extends into specific product features and services that KuppingerCole also highlighted in its report.

“Given CrowdStrike’s long history in InfoSec and SOC practices, Falcon Identity Protection offers unique features to help bridge identity administration performed by IT and identity security. It does this by providing guidance to InfoSec personnel who may not have deep knowledge of AD and Entra ID.”

With these features and our continuing emphasis on stopping identity-based attacks on Microsoft environments, KuppingerCole said CrowdStrike delivers “very strong protection for Microsoft environments” in its report.

Delivered from the Unified Falcon Platform

CrowdStrike firmly believes ITDR is a problem that cannot be addressed in isolation by point products. Of all of the vendors evaluated in the report, CrowdStrike is the only one that delivers identity security as a capability tightly integrated into a unified platform.

Our innovative approach of combining endpoint and identity protection into the AI-native CrowdStrike Falcon® platform with a single agent, powered with threat intel and adversary tradecraft, is key to stopping identity breaches in real time. The unified approach is shown to accelerate response time with projections calculating up to 85% faster detection of identity attacks and lower total cost of ownership, delivering up to $2 million USD in savings over three years.

Another CrowdStrike advantage is our extensive partner network that delivers industry-leading capabilities such as real-time response as part of Falcon Identity Protection.

“The company’s API ecosystem offers REST and GraphQL APIs for most of its functionalities, including real-time response to identity threats. This approach not only offers compliance with current tech standards but also portrays CrowdStrike’s forward-thinking strategy, promising near-term enhancements to further open up their platform.”

The Future of Identity Security

With this report, CrowdStrike is the proven leader in identity threat protection, parallelling our industry leadership in endpoint security, cloud security, managed detection and response, threat intelligence and risk-based vulnerability management.

Thanks to all of the CrowdStrike customers that use our platform every day to stop breaches. We’re committed to delivering the best technology and services on the market for you!

Additional Resources

CrowdStrike Extends Identity Security Capabilities to Stop Attacks in the Cloud

✇CrowdStrike
By: Venu Shastri
10 April 2024 at 17:00

Two recent Microsoft breaches underscore the growing problem of cloud identity attacks and why it’s critical to stop them. 

While Microsoft Active Directory (AD) remains a prime target for attackers, cloud identity stores such as Microsoft Entra ID are also a target of opportunity. The reason is simple: Threat actors increasingly seek to mimic legitimate users in the target system. They can just as easily abuse identities from cloud identity providers as they can in on-premises AD environments.

Identity providers and Zero Trust network access solutions offer some capabilities to prevent cloud identity attacks — however, they often lack visibility across the identity landscape spanning on-premises and cloud identity providers, creating gaps that adversaries can exploit.

This blog shares how the failure to secure cloud identities can result in a breach and how recently released innovations in CrowdStrike Falcon® Identity Protection can stop identity attacks in the cloud.

Get a free CrowdStrike Identity Security Risk Review to get instant visibility into your current Microsoft Entra ID, Active Directory and Okta environments.

CSRB Report Shows the Importance of Identity Security

The Summer 2023 Microsoft breach deconstructed by the U.S. Cyber Safety Review Board (CSRB) in a recent landmark report of the incident shows why identity threat detection and response is critical. 

Last May, a nation-state adversary compromised the Microsoft Exchange Online mailboxes of 22 organizations and over 500 individuals around the world. The threat actor accessed the accounts using authentication tokens signed by a key that Microsoft had created in 2016. “A single key’s reach can be enormous, and in this case the stolen key had extraordinary power,” said the CSRB. When combined with another flaw in Microsoft’s authentication system, the key allowed the adversary to gain full access to essentially any Exchange Online account anywhere in the world.

The CSRB found “this intrusion was preventable and should never have occurred” and offered several recommendations to ensure an intrusion of this magnitude doesn’t happen again. Two stood out:

  1. Cloud service providers should implement modern control mechanisms and baseline practices, informed by a rigorous threat model, across their digital identity and credential systems to substantially reduce the risk of system-level compromise.
  2. Cloud service providers should implement emerging digital identity standards to secure cloud services against prevailing threat vectors. Relevant standards bodies should refine, update, and incorporate these standards to address digital identity risks commonly exploited in the modern threat landscape.

While these CSRB recommendations are targeted toward cloud service providers (CSPs), given the Cloud Shared Responsibility Model, customers can’t rely solely on CSPs to stop breaches. Organizations need to lock down identities by layering in proactive identity protections across their hybrid identity environments. 

More recently, COZY BEAR, a Russia state-nexus adversary, conducted high-profile attacks on Microsoft’s corporate systems. This Microsoft breach involved common identity techniques like password spraying and credential scanning, and compromised corporate email accounts, including those of Microsoft’s senior leadership team.

What these two Microsoft identity breaches show is that adversaries are weaponizing identities. If you don’t have modern identity security, your organization may be at risk of a breach. 

New Identity Protections to Stop Breaches in the Cloud

CrowdStrike offers the industry’s only unified platform for identity threat protection and endpoint security, powered by rich threat intelligence and adversary tradecraft. Recent enhancements to CrowdStrike Falcon® Identity Protection help customers better protect against modern identity attacks in the cloud.

While individual IAM and identity-as-a-service (IDaaS) systems provide user authentication, they lack the visibility into hybrid lateral movement and intelligence about adversary tradecraft to detect identity attacks across cloud and on-premises environments. Falcon Identity Protection not only has direct visibility into AD through the lightweight Falcon sensor, it also has pre-configured IDaaS connectors that give customers direct visibility into identity activity across cloud identity providers such as Entra ID and Okta. 

By correlating context from the authentication event, Falcon Identity Protection can detect if a user’s web-authenticated session is maliciously hijacked or other malicious web-based activity has occurred. The solution also provides workflows to take direct action, such as disabling an account, revoking a session and refreshing tokens, and updating the access policy in Entra ID to stop the attack. 

IAM and IDaaS systems are not only blind to cloud identity attacks, but due to their siloed nature they also lack the ability to deliver response actions to stop the adversary in a different cloud identity provider. As an IAM vendor-agnostic solution, Falcon Identity Protection spans multiple cloud identity providers to comprehensively stop adversaries.  

Customers can now defend against sophisticated identity-based threats with CrowdStrike Falcon® Adversary OverWatch’s new identity threat hunting capability. This 24/7 managed service, powered by AI and human expertise, utilizes telemetry from Falcon Identity Protection to disrupt adversaries across endpoint, identity and cloud. 

Take a Free Identity Security Risk Review 

Curious about your identity security posture? CrowdStrike’s complimentary Identity Security Risk Review provides a 1:1 session with a CrowdStrike identity threat expert to help you evaluate your hybrid identity security posture and uncover any potential risks. 

The risk review can be completed quickly and gives you:

  • Instant visibility into the identity security posture across your hybrid identity environment
  • Deep insights into possible attack paths that adversaries can exploit, and expert advice on how to address them
  • An understanding of how to protect your organization from modern identity-based attacks like ransomware, account takeover, hybrid lateral movement and Pass-the-Hash. 

Additional Resources

❌
❌