Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CrowdStrike is now a Research Partner with the MITRE Engenuity Center for Threat-Informed Defense, joining a select list of cybersecurity companies and research foundations to take a hands-on approach to transforming state-of-the-art, threat-informed defense against sophisticated adversaries into a state of practice for organizations. Building on its previous role as Research Sponsor, CrowdStrike is reaffirming its commitment to fostering an open and collaborative security ecosystem.

Organizations today face an onslaught of attacks across devices, identity and cloud workloads. The more security telemetry an organization has to work with, the better threat hunters can contextualize events to find and remediate potential threats. Google recently announced Chrome Enterprise Connectors Framework, a collection of plug-and-play integrations with industry-leading security solution providers.

As organizations continue to shift to multi-cloud environments and increasingly use cloud services for application development, new challenges emerge that require dramatic changes in the delivery and practice of cybersecurity.

In Part 3, CrowdStrike’s Endpoint Protection Content Research Team covered the finer points of Input/Output Control (IOCTL) usage by various wipers. The fourth and final part of the wiper series covers some of the rarely used “helper” techniques implemented by wipers, which achieve secondary goals or facilitate a smaller portion of the wiping process.

At CrowdStrike, our mission is to stop breaches. To achieve this, we’re always on the lookout to defend customers against active attacks and preemptively protect them against emerging threats. In July 2021, researchers from Royal Holloway, University of London, published a white paper, “RansomClave: Ransomware Key Management using SGX,” that presents a novel ransomware based on an Intel feature called Software Guard Extension (SGX).

In support of the Executive Order on Improving the Nation’s Cybersecurity, the Cybersecurity and Infrastructure Security Agency (CISA) recently published a Binding Operational Directive (BOD) 23-01, designed to improve cybersecurity for the Federal Civilian Executive Branch (FCEB) enterprise and their respective unclassified assets.

As organizations expand their cloud-native initiatives and increase their use of containers and Kubernetes in production, they face challenges regarding container security, monitoring, data management and networking. To meet this growing need, we’re pleased to announce our certification of Red Hat OpenShift through the CrowdStrike Falcon® platform — giving joint customers comprehensive breach protection for OpenShift nodes, workloads and containers.

DirtyCred is a new Linux kernel exploitation technique that allows kernel Use After Free (UAF) or Double free vulnerabilities to swap a credential or file structure on the kernel heap memory to escalate privileges to root. The replaced credential or file structure provides root access on a Linux host and breaks out of the container at the same time. Ph.D.

What if you could easily extend the retention of your CrowdStrike Falcon® detection data for a year or longer? Would that help with compliance? Investigations? Threat hunts? In Part 1 of this series, we covered the basics of Falcon Long Term Repository (Falcon LTR). To recap, Falcon LTR is an option available to Falcon customers. It offers a simple and cost-effective way to retain your Falcon detection data long term, which has historically been a costly and complex endeavor for security teams.

Threat hunters and security teams need more data about the IT environment to add context to their investigations. To add that additional information to your Falcon environment, Falcon Data Replicator (FDR) gives you a way to pull raw event data from the CrowdStrike Falcon® platform. Now, customers can ingest, transform and analyze the data as part of their standard process.