For nearly a year, startup security firm CrowdStrike has talked up the concept of active defences: technologies and tactics that identify the attackers and their targets so companies can use the information to protect their data systems.
The company announced a managed service designed to allow companies to track attackers not by their malware or the vulnerabilities that they exploit, but by other components of their tradecraft.
Dubbed Falcon, the platform uses a threat model derived from defence circles to assign attacks to a specific group, a process the focuses on the adversary’s actions within the network.
“You don’t want to look for specific indicators, such as code or exploits,” Dmitri Alperovitch, chief technology officer for CrowdStrike, told eWEEK. “You want to focus on the objectives and the tradecraft – what they are doing.”
The company aims to give its customers the ability to know what kinds of attackers are targeting their systems and employees.
The concept of active defence – not to be confused with the legally questionable strategy of launching cyber-counterstrikes against attackers – aims to make the attacker’s job more difficult and more expensive.
In the past few years, nation-state-sponsored attacks targeting intellectual property have become a concern for major companies. CrowdStrike has focused on identifying the groups behind attacks by their tactics, techniques and procedures, or TTPs, rather than focusing on stopping the malware portion of the attack.
In addition, the company has gathered intelligence on the groups behind the attacks and links what its customers systems are encountering with additional intelligence. CrowdStrike observes in real-time what is happening and uploads details to the cloud, so that it can warn companies, not only of an attack in progress, but where a known group may attack next, based on its profile.
The company is aiming to count, not just large enterprises among its client base, but smaller ones as well, George Kurtz, president and chief executive of CrowdStrike, told eWEEK.
“The model that we have scales, not only because it is cloud-based, but we have augmented that with a high-end group of analysts that [small and midsize businesses] would never be able to hire,” he said. “Using that knowledge across the customer base is very valuable. At the end of the day, it is a very elastic model.”
Targeted attacks driven by foreign adversaries – whether companies engaged in industrial espionage or nation-state-funded attackers looking for intelligence – have become widespread in recent years. In February, incident response firm Mandiant released many of the details of a major campaign linked to China.
But other attackers – from Iran, North Korea and India – are also targeting US systems, Kurtz said.
Are you a security pro? Try our quiz!
Originally published on eWeek.
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
