Threat Intelligence the CrowdStrike Way
Introduction
This document and video will provide an overview of CrowdStrike’s Intelligence services and the importance of consumable intelligence.
Video
Intelligence Services Overview
Threat Intelligence is a key component of CrowdStrike’s effective approach. It is critical that organizations have consumable Intelligence so that they can understand the adversary, learn from attacks and take action on indicators to improve their overall defenses.
That approach goes beyond being just another threat feed. Starting with a customer onboarding process, CrowdStrike works to understand your business, third party tools and existing processes so that the Intelligence information provided is both relevant and useful. Below are a few examples of how CrowdStrike’s Intelligence Services are different than the competition.
Ease of Use
The Intelligence Dashboard provides an overview of the latest information and reports. You can drill down into this report to view specific items or use the map to perform your own searches starting with country.
After clicking on a given country, you see additional filter options so that you can research the latest alerts based on the target countries, target industries, actors or motivations.
From the Intelligence menu, you can also elect to have a subscription to receive these alerts directly via email.
That menu gives you the option to set the frequency of email updates along with your areas of interest as shown below.
Customized Intelligence
CrowdStrike provides customized content including business sector briefs and tailored intelligence. During the onboarding process, CrowdStrike will collect information on key phrases, product names, critical infrastructure, terms or people.
Below, you see the option for “Tailored Intelligence” in the Intelligence application on the left menu.
That option takes you to a list of all the monitored key works for your organization. With the information gathered during onboarding, CrowdStrike will monitor the Internet and report on any mentions that could indicate a targeted attack on your organization.
You can drill down on the “Keyword Names” to see the full list of hits. You can view the details of each hit including date, time and complete text.
Access to Experts
CrowdStrike’s Intelligence experts track the activity of over one hundred threat actors around the world. That information can help you understand the adversary and their motivations while also empowering you to take action to improve you organizations defenses. You will see an option to do research by “Actors” in the Intelligence menu.
Like before, the Actor search includes a filter option so that you can hone in on your specific areas of concern.
For each actor, you will also find a detailed profile that summarizes the findings of CrowdStrike’s Intelligence experts including the commonly targeted industries and countries for each actor. Also included are any known Command & Control addresses and frequency leverages vulnerabilities. That kind of information can help you bolster your existing defenses against a specific adversary.
From the actor profile, you will also find links to related alerts and Tipper reports. Tipper reports are very detailed including additional Indicators of Compromise as well as hunting tools like yara rules.
In the event that you need to do research on a specific sample, Intelligence customers also have the option to submit malware files for CrowdStrike analysis.
The “Submit Malware” page allows you to upload a file along with a description to CrowdStrike’s Intelligence team for complete analysis. This is more than the “request for detection” that other vendors offer. The result of this request is a complete report detailing the behavior of the file. It could even result in a Tipper report or Intelligence alert.
Conclusion
As you have seen, CrowdStrike’s Intelligence offerings give you customized intelligence that is accessible and easy to use. It is much more than just another threat feed. CrowdStrike provides a solution tailored for your organization to maximize the usefulness of the data, improve your response capabilities and reduce the risk of breach.
