Reducing the Attack Surface with Custom Indicators of Attack
Introduction
The evolving nature of malicious activity is keeping security teams on their toes. Adversaries may start with commodity malware but quickly shift tactics as they encounter resistance or zero-in on their specific target. As tactics get more targeted and tailored, detection and protection can get more complicated. Can security teams easily customize protection rules against targeted or localized attacks?
Video
Customizable Protection Rules
For many organizations, the shift to a larger remote workforce has expanded and complicated the attack surface. A remote host can offer a malicious actor the access and data needed for planning and executing an attack. With access and knowledge, specific – often hard-to-detect – tactics are launched.
Rather than simply relying on static signatures and heuristics, security solutions need to do more to detect and protect against today’s targeted attacks. They need to identify behaviors that indicate malicious activity. By identifying malicious or suspicious behaviors, security solutions can protect against attacks that have never been seen, including sophisticated fileless attacks.
And because each organization has unique circumstances and environments to monitor and protect, tailored security can be needed for specific or very localized risks such as limiting use of infrequently used applications or detecting suspicious activity that isn’t fundamentally malicious.
Solution
CrowdStrike uses the detailed event data collected by the Falcon agent to develop baseline rules or indicators that identify and prevent attacks that would otherwise leverage bad behaviors. CrowdStrike tunes and expands those built in indicators to offer immediate protection against the latest attacks.
In addition to the included global indicators of attack (IOAs), customers can create custom IOA rules in the Falcon Platform. Because advanced tactics can be narrowly directed, tailored rules give customers the ability to create specific behavioral detections based on what they know about their environment, applications, specific tools and expected behaviors.
Closing
Get immediate time to value, extend your visibility and protect your organization regardless of physical location. Try CrowdStrike’s Falcon platform for free: https://go.crowdstrike.com/try-falcon-prevent.html
Content Provided by Maggie Cecillio
More resources
