CrowdStrike Falcon Identity Threat Detection
Insights & Analytics for All Credentials
Falcon Identity Threat Detection lets you see all Service and Privileged accounts on your network and cloud with full credential profiles and weak authentication discovery across every domain. Analyze every domain in your organization for potential vulnerability from stale credentials, weak or stale passwords, see all service connections and weak authentication protocols in use.
Detect lateral movement for authenticated accounts
Falcon Identity Threat Detection monitors the domain controllers on premises or in the cloud (via API) to see all authentication traffic. It creates a baseline for all entities and compares behavior against unusual lateral movement, Golden Ticket attacks, Mimikatz traffic patterns and other related threats. It can help you see Escalation of Privilege and anomalous Service Account activity.
AD Security without using logs
Falcon Identity Threat Detection reduces time to detect by viewing live authentication traffic, which expedites finding and resolving incidents. See real-time events and potential incidents during authentication by rogue users of any type. It offers curated traffic feeds to enrich the "what" of identity protection events with the "who" of credential identification.