CrowdStrike introduces industry’s first AI-powered indicators of attack

CrowdStrike introduces industry’s first AI-powered indicators of attack

CrowdStrike, a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, has introduced the industry’s first AI-powered Indicators of Attack (IoAs).

This new innovation for fileless attack prevention at scale offers enhanced visibility for stealthy cloud intrusions. Delivered on the CrowdStrike Falcon platform and powered by the CrowdStrike Security Cloud, these new detection and response capabilities also stop emerging attack techniques and enable organisations to optimise the threat detection and response lifecycle with speed, scale and accuracy.

More than a decade ago, CrowdStrike invented IoAs, which brought a fundamental new approach to stopping breaches based on real adversary behaviour, irrespective of the malware or exploit used in an attack. CrowdStrike has also pushed the boundaries of applying AI in cybersecurity to identify and stop the most advanced, emerging attacks. Now, CrowdStrike is leveraging powerful AI techniques to create new IoAs at machine speed and scale.

Amol Kulkarni, chief product and engineering officer at CrowdStrike, said: “CrowdStrike leads the way in stopping the most sophisticated attacks with our industry-leading Indicators of Attack capability, which revolutionised how security teams prevent threats based on adversary behaviour, not easily changed indicators.

“Now, we are changing the game again with the addition of AI-powered Indicators of Attack, which enable organisations to harness the power of the CrowdStrike Security Cloud to examine adversary behaviour at machine speed and scale to stop breaches in the most effective way possible.”

Organisations today are under pressure to defend expanding attack surfaces against emerging threats and adversary tradecraft. With the Falcon platform, organisations can:

  • Detect new classes of attacks, faster than ever: Find emerging attack techniques with new IoAs created by continuously learning AI models trained on real-world adversary behaviour and the world’s richest threat intelligence.
  • Drive automated prevention with high-fidelity detections: Shutdown attacks based on a chain of behavious, irrespective of the specific malware or tools used, with cloud-native AI models constantly delivered to the Falcon agent with newly-found IoAs.
  • Activate IoAs at cloud scale, trained on human-led expertise: Synthesise insights with AI-powered IoAs from CrowdStrike’s world-renowned threat hunting team to minimise false positives, maximise analyst productivity and deploy threat hunting at scale.

To date, AI-powered IoAs have identified over 20 never-before-seen adversary patterns, which have been validated by experts and enforced on the Falcon platform for automated detection and prevention.

According to the 2022 CrowdStrike Global Threat Report, 62% of all attacks are malware-free. These fileless attacks can be carried out entirely in memory, creating a blindspot for threat actors to exploit. With the Falcon platform, organisations can:

  • Prevent the most advanced fileless attacks: Stop advanced persistent threats (APT) and prevalent tools, like Cobalt Strike, with advanced memory scanning techniques that augment best-of-breed AI/ML and IoA detections with lightning fast scanning of all memory at unprecedented scale.
  • Leave bloated memory scanning behind: Shed the heavy resource constraints of legacy approaches that made memory scanning a non-starter with high-performance memory scanning techniques, optimised for Intel CPU/GPUs.
  • Initiate memory scans on behaviour, not a fixed schedule: Automate scans with behaviour-based triggers to find and stop fileless attack patterns in real time, not after a potential breach.

Lou Lwin, CIO at Cundall, said: “Using CrowdStrike sets Cundall apart as one of the more advanced organisations in an industry that typically lags behind other sectors in IT and cybersecurity adoption.

“Today, attacks are becoming more sophisticated and if they are machine-based attacks, there is no way an operator can keep up. The threat landscape is ever-changing. So, you need machine-based defences and a partner that understands security is not ‘one and done.’ It is evolving all the time.”



Webinar: Upgrade your VMS with facial recognition, 29th Sept – sign up here!