Following the Dec. 9, 2021, announcement of the Log4j vulnerability, CVE 2021-44228, CrowdStrike Falcon OverWatch™ has provided customers with unrivaled protection and 24/7/365 vigilance in the face of heightened uncertainty. To OverWatch, Log4Shell is simply the latest vulnerability to exploit — a new access vector among a sea of many others.
CrowdStrike’s goal is to stop breaches — and we do that better than any cybersecurity company in the world. As attackers advance their tactics and techniques, we continually refine our tools and capabilities to stay ahead of them. We recently added a new feature to the CrowdStrike Falcon® sensor: Hardware Enhanced Exploit Detection, which uses hardware capabilities to detect complex attack techniques that are notoriously hard for software alone to detect and prevent.
Note: This post first appeared in r/CrowdStrike. First and foremost: if you’re reading this post, I hope you’re doing well and have been able to achieve some semblance of balance between life and work. It has been, I think we can all agree, a wild December in cybersecurity (again). At this time, it’s very likely that you and your team are in the throes of hunting, assessing and patching implementations of Log4j2 in your environment.
The recently discovered Log4j vulnerability has serious potential to expose organizations across the globe to a new wave of cybersecurity risks as threat actors look to exploit this latest vulnerability to execute their malicious payloads using remote code execution (RCE). An immediate challenge that every organization faces is simply trying to understand exactly where you have applications that are using this very popular Java library — but you are not facing this challenge alone.
Threat hunters and incident responders are under tremendous time pressure to investigate breaches and incidents. While they are collecting and sorting massive quantities of forensic data, fast response is critical to help limit any damage inflected by the adversary. This article and video will provide an overview of Falcon Forensics, and how it streamlines the collection and analysis of point-in-time and historic forensic data.
Humio is a CrowdStrike Company. Data logging is the process of capturing, storing and displaying one or more datasets to analyze activity, identify trends and help predict future events. Data logging can be completed manually, though most processes are automated through intelligent applications like artificial intelligence (AI), machine learning (ML) or robotic process automation (RPA).
The Log4j vulnerability burst onto the scene just a few weeks ago, but to many defenders it already feels like a lifetime. It has rapidly become one of the top concerns for security teams in 2021, and seems set to remain so for the foreseeable future. The critical details of this threat evolve almost daily, making it a formidable challenge for defenders to keep tabs on the threat and their organizations’ exposure.
CrowdStrike is proud to announce that Armis, Cloudflare and ThreatWarrior have joined the open CrowdXDR Alliance. The addition of these industry leaders enhances XDR with telemetry from cloud, network and Internet of Things (IoT) solutions.This best-of-platform approach to XDR will help solve real-world productivity challenges that security teams face by empowering them to identify and hunt threats at accelerated speed and scale.
It’s the last Patch Tuesday update of 2021, and as with many other updates this year, this month’s list includes important ones — among them a zero-day (CVE-2021-43890 in AppX installer), multiple critical vulnerabilities and a variety of attack types utilized in several Microsoft product families — highlighting once again that patching and prioritization are prominent programs SecOps staff must regularly implement to keep adversaries from infiltrating their organizations’
A new API integration for Humio and Fylamynt helps joint customers improve the efficiency of their cloud operations teams by automating repetitive and manual operations tasks. Fylamynt, a low-code platform that delivers a developer’s approach to ITOps with site reliability engineering (SRE), works with Humio to empower faster response times to critical operational issues, reduce human error and increase productivity so DevOps teams can focus on adding value through innovation.
CrowdStrike Falcon Pro™ has won another Approved Business Security Product award from AV-Comparatives, the second in 2021, scoring the highest 99.9% protection rate in the AV-Comparatives Real-World Protection Test. AV-Comparatives is a leading independent third-party testing organization that tests the efficacy of endpoint security solutions to offer insight into how endpoint security solutions detect and protect against real-world threats.
Extended detection and response (XDR) is all the rage these days. It seems like almost every security vendor now claims to offer XDR functionality. But are those claims based in reality?
Recent CrowdStrike Intelligence team findings regarding the Log4Shell (CVE-2021-44228, CVE-2021-45046) vulnerabilities indicate wide-ranging impact. CrowdStrike helps protect customers from threats delivered via this vulnerability using both machine learning and indicators of attack (IOAs).
CrowdStrike Falcon received a new AAA award from independent testing organization SE Labs, achieving a 100% Attacks Detected rating in the latest SE Labs Advanced Security Test, part of the endpoint detection and response (EDR) testing category. These test results speak to CrowdStrike’s commitment to transparency and Falcon’s comprehensive insight into detecting relevant elements of attack throughout sophisticated adversary attack chains.
Whether you’re diagnosing a system outage, mitigating a malicious attack or trying to get to the bottom of an application-response-time issue, speed is critical. Pinpointing and resolving issues quickly and easily can mean the difference between success and crisis for any business, regardless of size or industry. Network and system administrators, security professionals and developers all depend on detailed log data to investigate issues, troubleshoot problems and optimize performance.
Apache has released version 2.16.0, which completely removes support for Message Lookups and disables JNDI by default. CrowdStrike has identified a malicious Java class file hosted on infrastructure associated with a nation-state adversary. The Java code is used to download known instances of adversary-specific tooling and is likely to be used in conjunction with the recently disclosed Log4Shell exploit (CVE-2021-44228).
In two recent blog posts from the CrowdStrike Software Development Engineers in Test (SDET) team, we explored how end-to-end validation testing and modular testing design could increase the speed and accuracy of the testing lifecycle. In this latest post, we conclude our SDET series with a deep dive on how our generalized validation testing component improves efficiency, enhances product functionality and streamlines troubleshooting.
