CrowdStrike Falcon® Intelligence Recon
February 17, 2021Ted Pan Tech Center
Criminal underground digital economies are hidden throughout the recesses of the internet. To find the activity of these malicious actors, not only do you need to search the open web, but the deep web and dark web as well.
CrowdStrike Falcon® Intelligence Recon enables organizations to better protect their brand, employees, and sensitive data by allowing security teams to easily conduct investigations of underground activity.
By empowering security teams to conduct investigations in real time, they can proactively uncover fraud, data breaches, phishing campaigns and protect their brand from other online threats that target their organization.
CrowdStrike Falcon® Intelligence Recon Intelligence
We can do a search with CrowdStrike Falcon® Intelligence Recon by using the centralized search in the Falcon Console at the top or via an integration with the API. This search can also search across the entire Falcon Platform.
After the search is complete, it pulled up two results where it found posts containing electric power companies. This post describes the organization, type of credentials, and cost of the data. We can also go to the details page which can provide more information.
Armed with this discovery, we can decide if it is relevant to us and determine the best course of action.
It is also possible to pull up additional details on individual actors and sites by clicking on the name. The dashboard will show information such as other posts, activity over time, and interactions with other users.
Oftentimes posts will be in a foreign language. Let’s see what the other side of the world is saying about this threat.
Many organizations don’t have an in-house foreign language translator for security, but we can use the translate toggle to automatically translate the contents into English.
The translator is augmented with hacker slang to enable a more accurate translation, This provides the security teams the capability to analyze the message even if it was originally written in a foreign language.
In addition to real time searches, we can also create monitoring rules that will automatically send notifications when certain criteria are detected. This allows security teams to streamline their security processes with customized notifications and increase the speed of their responses.
The monitoring rules provide templates for 10 categories of detections. This will allow you to focus your findings and triage the relevant data to the appropriate teams, even if they are outside of the security team.
Taking a look at the Executive category, we can provide a name of an executive that we would like to monitor.
We can also add additional conditions to ensure that the search terms aren’t too broad causing us to receive too many irrelevant notifications.
Wildcard operators are also available to provide flexibility in the search criteria.
When creating monitoring rules, templates are also available to easily build out a comprehensive monitoring program. Templates provide pre-defined customizable monitoring rules that were created by intelligence specialists in the field.
CrowdStrike Falcon® Intelligence Recon is the premier tool for digital risk reconnaissance. With continuous monitoring that goes beyond just the open web, security teams can easily search restricted underground activity and identify threats to the organization.
With CrowdStrike Falcon® Intelligence Recon in their arsenal, it allows them to protect their brand, discover data leaks, monitor supply chains, and protect executives.