Enable Security Services with Real Time Response

Introduction

CrowdStrike goes beyond traditional endpoint protection by providing extensive visibility and remediation capabilities across multiple platforms, such as Windows, MacOS, and Linux. CrowdStrike Real Time Response provides a robust remote access tool that can remediate almost all types of malicious activity performed by an adversary.

Many attacks disable system protection services, such as the built in firewall, to further their capabilities to propagate across the network. This allows for lateral movement and increases the blast radius of the damage.

With CrowdStrike, we can use real time response to easily identify disabled security services and restore them to a functioning state. This could prevent the further spread of a breach.

Video

Identify the status of a build in security service

Real time response provides a list of commands that we can execute as well as the ability to run customized scripts. We can execute a script to determine the status of a security service. This provides the flexibility to control a system with almost any command.

Security Service Status

Crowdstrike can also save this script so that it can be easily used in the future with just a few clicks.

Saving Scripts

This powerful tool can also be used to run customized script that re-enable security services. This can help dramatically reduce the time a system is unprotected and allows for easy remediation of remote systems.

Enable Security Remotely

Conclusion

Here we took a look at just a sliver of what Real Time Response is capable of, but even so, we can see that it’s extremely powerful, flexible, and easy to use. It allows responders to rapidly investigate incidents and remediate any issues identified and is available for Windows, MacOS, and Linux.

More resources

 

CrowdStrike Falcon Free Trial
 

Try CrowdStrike Free for 15 Days Get Started with A Free Trial