The CrowdStrike Falcon® platform harnesses massive amounts of data, collected from trillions of events that are routinely captured on a daily basis. This data must be organized in a way that facilitates the confluence of disparate representations before the inherent value of that data can be realized.

SIEMs play a crucial role in the modern SOC: They allow you to collect, correlate and analyze log data and alerts for security and compliance. Yet, despite their value, SIEMs have struggled to keep up with today’s logging performance and scalability requirements. Given that adversaries are operating faster than ever, organizations must prioritize the capabilities that help them identify and respond to threats quickly.

Mac computers are becoming increasingly popular in business and enterprise applications. This growing adoption has had one negative side effect: Adversaries are increasingly targeting Macs, hoping that companies buy into the concept of macOS being immune to cyberattack. While macOS does provide advanced security features, these can be defeated by a determined attacker.

On May 24, 2023, industry and government sources detailed China-nexus activity in which the threat actor dubbed Volt Typhoon targeted U.S.-based critical infrastructure entities. CrowdStrike Intelligence tracks this actor as VANGUARD PANDA. Since at least mid-2020, the CrowdStrike Falcon® Complete managed detection and response (MDR) team and the CrowdStrike® Falcon OverWatch™ threat hunting team have observed related historical activity in multiple sectors.

On June 15, 2023, Progress Software announced a critical vulnerability in the MOVEit file transfer software (CVE-2023-35708). This was the third vulnerability impacting the file transfer software (May 2023: CVE-2023-34362; June 9: CVE-2023-35036). The vulnerabilities have been fixed, and all MOVEit Transfer customers are strongly urged to immediately apply all applicable patches.

Classifying new and unknown (zero-day) malware has always been a challenge in the security industry as new variants are discovered in the wild at an overwhelming rate.

In our first-ever Cloud Threat Summit, CrowdStrike’s Senior Vice President of Intelligence and Senior Director of Consulting Services discussed the most common ways adversaries breach the cloud and the steps organizations can take to stay safe.

Despite the race to integrate artificial intelligence (AI) and machine learning (ML) into business systems and processes, the crucial issue of comprehending and articulating the decision-making process of these models is often ignored. Although machine learning is a valuable tool for uncovering pertinent information from vast amounts of data, it is essential to ensure the relevance, accuracy and reliability of this information.

Japan, known for its innovation and efficiency, is a globally recognized industry leader. This puts Japan-based organizations at risk of being recognized as potentially valuable targets by both criminally motivated and targeted cyber adversaries.

The vastness of the deep and dark web can easily turn attempts to monitor for cyber threats into a firehose of useless information. Part of the problem is the nature of the data streams that need to be monitored. Every day, more credentials are stolen and exposed. Illegal criminal forums are full of repeated spamming of illicit advertisements. Thousands of new domain names are registered daily, including many that can be considered typosquatted.

CrowdStrike is defining the future of cloud security by empowering customers to rapidly understand their cloud risk and to detect, prevent and remediate cloud-focused threats. Today we are announcing a series of new cloud security innovations designed to deliver complete visibility into potential attack paths, from endpoint to cloud, and instantly secure vulnerable cloud workloads across build and runtime.

CrowdStrike incident responders have been at the forefront of investigating impacted victims of CVE-2023-34362. Since the release of the vulnerability, there has been great collaboration across the cybersecurity industry, and this blog will cover novel details for teams investigating the potential impact to their organizations.

CrowdStrike Falcon® Discover delivers deep asset visibility with no hardware to deploy or manage, providing valuable context for all of your assets. For IT and security teams alike, Falcon Discover is a powerful tool to stop breaches. The majority of CrowdStrike customers already use Falcon Discover to improve their IT and security posture.

Managing security posture at scale is a significant challenge for global organizations of all sizes. With a rapidly expanding security estate and a global worker gap of 3.4 million, according to (ICS)2, it is imperative that the efficacy of defensive controls is maximized to combat sophisticated adversaries. In order to do so effectively, organizations must test their security controls on a continuous basis to uncover configuration gaps and areas of missing visibility.