Dynamic link library (DLL) hijacking is frequently written about by defenders due to its applications in evading automated detections. This technique is even more frequently used by adversaries in interactive intrusions. Despite the wealth of literature available to increase defenders’ awareness of DLL hijacking, CrowdStrike® Falcon OverWatch™ threat hunters see adversaries gravitate toward this tradecraft time and again to load malicious code.

In Part 1 of this blog series, we highlighted the benefits of CrowdStrike’s investigative approach and the CrowdStrike Falcon® Real Time Response capabilities for avoiding a significant incident in the first place, and minimizing the damage should an attacker gain entry into your environment. We also explored a range of governance and process-oriented steps that are often left out of technology-centric discussions on incident response preparedness.

This guide will introduce you to Falcon LogScale most commonly-used functions through a series of scenarios. At the end of each scenario, you’ll be asked to consider how these functions could apply to your data — and get the chance to write a few queries yourself. Let’s get started!

In any software development cycle, it is best practice to catch issues as early as possible since it both improves security and decreases the workload for both developers and security. In order to do this, CrowdStrike offers solutions for developers at build time that allow them to assess their Docker container images and review summarized report data integrated with their favorite CI/CD tools like Jenkins.

Timing is everything when it comes to responding and recovering from a widespread, destructive attack. As threat actors operate undetected across a victim network and get deeper into the attack lifecycle, it becomes increasingly more challenging to recover and avoid the business disruption that comes from a compromised environment.

A good log management solution powers observability for security, engineering, IT and compliance teams. But with so many options available, how do you choose the right one? When evaluating potential log management solutions, start by asking these 10 questions to find the right balance of security, performance and value based on your requirements — and to reveal any limitations that could potentially hold you back.

CrowdStrike is excited to announce we have been recognized by Frost & Sullivan as a global leader in the Frost Radar™ Global Cyber Threat Intelligence Market, 2022 analysis. Earlier this year, CrowdStrike was named a leader in the 2022 SPARK Matrix for Digital Threat Intelligence Management by Quadrant Knowledge Solutions; last year, we were named a leader in The Forrester Wave™: External Threat Intelligence Services, Q1 2021.

CrowdStrike Services recently investigated several Play ransomware intrusions where the common entry vector was suspected to be the Microsoft Exchange ProxyNotShell vulnerabilities CVE-2022-41040 and CVE-2022-41082. In each case, CrowdStrike reviewed the relevant logs and determined there was no evidence of exploitation of CVE-2022-41040 for initial access.

CrowdStrike analyzes malware to augment the behavior and machine learning-based detection and protection capabilities built into the CrowdStrike Falcon® platform to deliver automated, world-class protection to customers. GuLoader has been known to employ a significant number of anti-analysis techniques, making detection and protection challenging for other security solutions.

Resilient cybersecurity posture can only be achieved with a full understanding of your internal and external attack surface. CrowdStrike Falcon® Surface builds on our award-winning adversary intelligence with cutting-edge external attack surface management (EASM) capabilities for a complete picture of known and unknown externally exposed assets, all delivered via the unified CrowdStrike Falcon® platform.

Cybercriminals continuously adapt to stay a step ahead of the organizations they target. Over more than a decade, CrowdStrike has carefully tracked the evolution of eCrime tactics and capabilities and codified them in more than 4,900 intelligence reports. Today’s threat landscape is dominated by sophisticated ransomware operators and data extortionists that are supported by a robust and increasingly specialized market-based ecosystem of criminal service providers.

At CrowdStrike, we’re always looking for new ways to share the power of CrowdStrike Falcon® LogScale, our log management and observability solution. The latest advancement to Falcon LogScale, previously known as Humio, is adding Corelight demo data to the Falcon LogScale Community Edition.

Eighty percent of modern attacks are identity-driven. Why would an attacker hack into a system when they can simply use stolen credentials to masquerade as an approved user and log in to the target organization? Once inside, attackers increasingly target Microsoft Active Directory because it holds the proverbial keys to the kingdom, providing broad access to the systems, applications, resources and data that adversaries exploit in their attacks.

With the end of the year fast approaching, many of us are looking forward to a well-deserved break. However, security practitioners and security leaders worldwide are bracing themselves for what has become a peak period for novel and disruptive threats. In 2020, the holiday season was marked by the SUNBURST incident, and in 2021 the world grappled with Log4Shell.

Time and again, analyst reports, independent tests and numerous other awards and acknowledgements affirm CrowdStrike is a leader in cybersecurity. Why is this important? Because when CrowdStrike is #1, it’s our customers who win. But to us, the best validation of the power of the CrowdStrike Falcon® platform comes from our customers themselves. We are proud to have earned the trust of so many organizations — over 20,000 customers and counting — around the world.

When the CrowdStrike Services team conducts a proactive security engagement, such as a Cybersecurity Maturity Assessment or Tabletop Exercise, it often uses CrowdStrike Falcon® Spotlight to identify what vulnerabilities exist in the environment. Unfortunately, this can be a disheartening experience, as many organizations we see have millions, even tens of millions, of unpatched vulnerabilities. It’s typical to see at least a quarter of those listed with a CVSS rating of Critical.

If you run CrowdStrike Falcon® LogScale, previously known as Humio, locally or on-premises, one of your first steps is to configure local storage so that LogScale has a persistent data store where it can send logs. If you’re running LogScale as a cluster setup, then you’ll have some data replication as a function of how LogScale manages the data. However, even with that replication, you’ll probably still want something outside of your local infrastructure for resiliency.

Docker is the primary tool used for containerizing workloads. If your company wants to build containers with quality, then you’ll need access to your Docker container logs for debugging, validation and optimization. While engineering teams can view container logs through straightforward CLI tools (think docker logs), these tools don’t provide a mechanism for storing or indexing logs over time. A central, remote location for gathering logs from Docker containers is necessary.

Identity isn’t a security problem — it’s the security problem. This was the takeaway from my recent meeting with a local government CISO in the Washington, D.C. area. Tasked with protecting infrastructure, including the fire and police departments, the CISO turned to CrowdStrike a year ago for endpoint and identity protection.

Following CrowdStrike’s strong performance in the first-ever MITRE ATT&CK® Evaluations for Security Managed Services Providers with 99% detection coverage, we take a deep dive into the testing process and how our elite managed services operate in the real world. We recently announced CrowdStrike achieved 99% detection coverage in the inaugural MITRE ATT&CK Evaluations for Security Managed Services Providers.

CrowdStrike Services reviews a recent, extremely persistent intrusion campaign targeting telecommunications and business process outsourcing (BPO) companies and outlines how organizations can defend and secure their environments.

As organizations increasingly face malware attacks that target macOS, detecting and preventing attacks without disruption caused by false positives and false warning messages is increasingly important. That’s why we’re proud to share that the CrowdStrike Falcon® platform once again achieved 100% detection and prevention of macOS malware with ZERO false positives in the latest AV-TEST macOS evaluation.