CrowdStrike Launches Security Service That Tracks Cyber-Attacker Tactics
The high-profile start up now offers a managed service that allows companies to gather intelligence on the groups attacking them.For nearly a year, startup security firm CrowdStrike has talked up the concept of active defenses: technologies and tactics that identify the attackers and their targets so companies can use the information to protect their data systems. The company announced a managed service designed to allow companies to track attackers not by their malware or the vulnerabilities that they exploit, but by other components of their tradecraft. Dubbed Falcon, the platform uses a threat model derived from defense circles to assign attacks to a specific group, a process the focuses on the adversary's actions within the network. "You don't want to look for specific indicators, such as code or exploits," Dmitri Alperovitch, chief technology officer for CrowdStrike, told eWEEK. "You want to focus on the objectives and the tradecraft—what they are doing." The Falcon platform monitors email, domain-name servers and each laptop and desktop for signs of attack. CrowdStrike analyzes the attack information in its own security operations center to gather intelligence on the various groups that are targeting its customers, said Alperovitch. The company aims to give its customers the ability to know what kinds of attackers are targeting their systems and employees.
In addition, the company has gathered intelligence on the groups behind the attacks and links what its customers systems are encountering with additional intelligence. CrowdStrike observes in real-time what is happening and uploads details to the cloud, so that it can warn companies, not only of an attack in progress, but where a known group may attack next, based on its profile.