Integrate Threat intelligence into endpoint detection and response
Why It's Important:
Attacks can happen within seconds yet many remain undetected for months. Long after the damage has been done.
Endpoints have become the primary vector for these attacks, since the endpoint provides attackers with a place from which to steal credentials, install additional malware, and move laterally within your organization. To make matters worse, endpoints are notoriously difficult to secure and manage, yet they often contain highly sensitive information and provide footholds for further attacks.
Automatic ingestion and application of emerging threat intelligence into an edr or endpoint security solution, for adaptive security and proactive defense.
By delivering the latest IOAs and other artifacts, Falcon Intelligence enhances Falcon Host, CrowdStrike’s next-generation endpoint security solution. You can quickly and seamlessly detect and eliminate threats to your endpoints through instant updates. In addition to this native integration with Falcon Host, Falcon Intelligence offers APIs for use within other endpoint security and system management environments.
Terminating Ransomware Attacks, On the fly
Ransomware is quickly becoming one of the most damaging and disruptive attack types, targeting large and small organizations around the world, all in the interest of making a profit. In targeting the healthcare industry, Locky is a recent example of ransomware that the CrowdStrike Intelligence team was able to reverse engineer and effectively determine how to prevent its execution. Specifically, CrowdStrike Intelligence cracked Locky’s Domain Generation Algorithm in order to determine which C2 server domains Locky would use for encrypting files on a victim’s hard-drive (since these are constantly changing). Through this reverse engineering analysis, the CrowdStrike Intelligence team was able to predict and proactively block these C2 domains. Armed with this level of operational intelligence, CrowdStrike customers, their data and their endpoints, are immediately protected, with no manual effort required.