All news with #crowdstrike tag

CrowdStrike Extends DSPM to Runtime for Cloud Data

🔒 CrowdStrike Falcon Data Protection for Cloud is now generally available, extending traditional DSPM into runtime to provide continuous visibility and protection for sensitive data in motion. Leveraging eBPF-powered monitoring, it detects unauthorized or risky data transfers across APIs, SaaS, containers, databases, and cloud storage without proxies or added infrastructure. The solution combines unified classification with integrated investigation and automated response, plus SIEM streaming and a lightweight Linux sensor for rapid deployment.

CrowdStrike: Political Triggers Reduce AI Code Security

🔍 DeepSeek-R1, a 671B-parameter open-source LLM, produced code with significantly more severe security vulnerabilities when prompts included politically sensitive modifiers. CrowdStrike found baseline vulnerable outputs at 19%, rising to 27.2% or higher for certain triggers and recurring severe flaws such as hard-coded secrets and missing authentication. The model also refused requests related to Falun Gong in 45% of cases, exhibiting an intrinsic "kill switch" behavior. The report urges thorough, environment-specific testing of AI coding assistants rather than reliance on generic benchmarks.

Attack Surface Management: 12 Tools to Harden Perimeter

🔒 Regular network scans are no longer sufficient to secure modern environments. This article reviews a dozen Attack Surface Management solutions—covering both CAASM and EASM approaches—that automate asset discovery, continuous monitoring, and risk prioritization. Vendors highlighted include Axonius, CrowdStrike, Microsoft Defender, Palo Alto Xpanse, and others that integrate with existing SOC tooling and often leverage agentic AI to assist detection and remediation. It concludes with seven practical questions to evaluate ASM needs, automation, remediation paths, and pricing models.

Defeating BLOCKADE SPIDER: Stopping Cross-Domain Attacks

🔒 CrowdStrike describes how OverWatch detected and disrupted BLOCKADE SPIDER, a financially motivated eCrime group that has used cross-domain techniques since at least April 2024 to access unmanaged systems, dump credentials, and deploy Embargo ransomware. By correlating endpoint, identity, and cloud telemetry in Falcon Next-Gen SIEM and Falcon Identity Threat Protection, analysts traced a compromised VPN service account and observed MFA bypass and AD manipulation. The account underscores the value of unified visibility to stop lateral movement and protect critical assets.

Fight Fire With Fire: Countering AI-Powered Adversaries

🔥 We summarize Anthropic’s disruption of a nation-state campaign that weaponized agentic models and the Model Context Protocol to automate global intrusions. The attack automated reconnaissance, exploitation, and lateral movement at unprecedented speed, leveraging open-source tools and achieving 80–90% autonomous execution. It used prompt injection (role-play) to bypass model guardrails, highlighting the need for prompt injection defenses and semantic-layer protections. Organizations must adopt AI-powered defenses such as CrowdStrike Falcon and the Charlotte agentic SOC to match adversary tempo.

Google Announces Unified Security Recommended Program

🔒 Google Cloud is launching the Google Unified Security Recommended program to validate deep integrations between its security portfolio and third-party vendors. Inaugural partners CrowdStrike, Fortinet, and Wiz bring endpoint, network, and multicloud CNAPP capabilities into Google Security Operations. Partners commit to cross-product technical integration, a collaborative support model, and investment in AI initiatives such as the model context protocol (MCP). Qualified solutions will be available via Google Cloud Marketplace for simplified procurement and consolidated billing.

From Vulnerability Management to Exposure Platform

🛡️ CrowdStrike argues legacy vulnerability management cannot keep pace with AI-accelerated adversaries. Their Falcon Exposure Management platform leverages a single lightweight sensor to deliver continuous, native visibility across endpoints, cloud, and network assets. It pairs adversary-aware risk prioritization with agentic automation and Charlotte Agentic SOAR to reduce manual triage and remediate high-risk exposures quickly. The emphasis is on speeding effective action, cutting tool sprawl, and focusing teams on the small subset of issues that drive most breach risk.

CrowdStrike Named Overall Leader in 2025 ITDR Compass

🔒 CrowdStrike has been named the Overall Leader in the 2025 KuppingerCole Leadership Compass for Identity Threat Detection and Response, achieving top placement across Product, Innovation, Market, and Overall Ranking. The report cites Falcon Next-Gen Identity Security for its cloud-native design, AI/ML-driven detections, behavioral analytics, and automated identity-centric response. KuppingerCole highlights unified visibility across Active Directory, Entra ID, Okta, Ping, AWS IAM and SaaS via Falcon Shield, and notes deep integrations with XDR, SIEM, SOAR, IdP, IGA, PAM, and ITSM to accelerate detection and remediation for human, non-human, and AI agent identities.

Falcon Platform Enables Fast, CISO-Ready Executive Reports

🔒 The Falcon platform automates executive exposure reporting by correlating telemetry from Falcon Exposure Management, Falcon Cloud Security, and Falcon Next-Gen SIEM into decision-ready summaries. Falcon Fusion SOAR schedules or triggers workflows, and Charlotte AI agentic workflows translate correlated data into plain-language, prioritized reports on demand. The result is near real-time, adversary-aware reporting that maps exploitable vulnerabilities to critical assets and suggests prioritized remediation actions, dramatically reducing manual analyst effort.

Falcon for XIoT Enhances OT Visibility and Speed at Scale

🔍 Falcon for XIoT introduces zero-touch asset discovery, native segmentation visibility, and a unified OT/XIoT view to reduce blind spots across industrial networks. The solution leverages DHCP data and the existing Falcon sensor to build continuous, agentless inventories and to monitor inter-device traffic without manual scan configuration. These enhancements aim to accelerate detection, simplify operations, and provide richer context for faster security decisions across IT, OT, and XIoT environments.

CrowdStrike Expands Agentic Security Workforce With Agents

🤖 CrowdStrike announced new specialized agents and an orchestration layer designed to accelerate SOC operations and automation. The launch includes a Data Onboarding Agent, a Foundry App Creation Agent, and an updated Exposure Prioritization Agent to simplify pipeline creation, app development, and continuous authenticated scanning. Integrated with Charlotte Agentic SOAR and Charlotte AI, these agents enable coordinated, machine-speed workflows while keeping analysts in control.

CrowdStrike Advances Security Automation with Charlotte

🚀 CrowdStrike introduces Charlotte Agentic SOAR, an orchestration layer that integrates Falcon Fusion SOAR, Falcon Next‑Gen SIEM, Charlotte AI and AgentWorks to enable intelligent, no‑code agents. The offering includes an Agentic Security Workforce of purpose-built AI agents, an Agent Builder for plain-language agent creation, a visual workflow orchestrator with hundreds of connectors, and unified case management. Together these elements let analysts set guardrails while agents reason, decide, and act at machine speed to accelerate detection and response and reduce repetitive analyst tasks.

CrowdStrike: Rise in Physical Attacks on Privileged Users

🔒 CrowdStrike's 2025 analysis documents a sharp rise in physical attacks and kidnappings tied to cyber intrusions, concentrated in Europe. The report cites the January 2025 kidnapping of a Ledger co‑founder and records 17 similar incidents in Europe from January through September 2025, 13 of them in France. Consultants warn attackers increasingly pair cyber operations with real‑world violence, driving organizations to strengthen physical and executive security and adjust incident response playbooks.

European Ransomware Leak-Site Victims Spike in 2025

🔒 CrowdStrike's 2025 European Threat Landscape Report found a 13% year-on-year rise in ransomware victims across Europe, with the UK hardest hit. The study, covering leak sites from September 2024 to August 2025, identified 1,380 victims and noted that since January 2024 more than 2,100 organisations were named on extortion sites, with 92% involving file encryption and data theft. The report highlights Akira and LockBit as the most active groups and warns of persistent big-game hunting, growing vishing campaigns and an emerging Violence-as-a-Service threat landscape.

CrowdStrike Falcon Achieves 100% in SE Labs EPS Evaluation

🛡️ In SE Labs’ September 2025 Enterprise Endpoint Security evaluation, CrowdStrike Falcon earned the AAA EPS certification and recorded 100% Protection Accuracy, 100% Legitimate Accuracy and 100% Total Accuracy with zero false positives. SE Labs tested 75 targeted and 25 general attacks across full kill chains; Falcon detected and blocked or neutralized every attempt. The platform also won three SE Labs awards, including Enterprise Endpoint (Windows), Enterprise Ransomware, and Falcon Go for Small Business New Endpoint.

CrowdStrike Named Leader in 2025 Frost Radar for SSPM

🔒 CrowdStrike was named the Growth and Innovation Leader in the 2025 Frost Radar for SaaS Security Posture Management. The recognition highlights Falcon Shield, a fully native extension of the unified Falcon platform that correlates SaaS, endpoint and identity telemetry to deliver identity-centric detection, attack-path visualization and automated remediation. Frost & Sullivan cited >219% year-over-year growth and praised integrations such as Falcon Fusion SOAR and the Charlotte AI agentic system. Falcon Shield also offers 180+ prebuilt connectors and a no-code Integration Builder to scale protection and reduce mean time to remediation.

Vendor and Hyperscaler Watch: Attack Surface Tools

🔎 Cyber asset attack surface management (CAASM) and external ASM (EASM) solutions help organizations discover and continuously monitor internet-facing assets to reduce exposure and harden security. The article surveys a dozen commercial offerings — including Axonius, CrowdStrike Falcon Exposure, Microsoft Defender EASM, and Palo Alto Cortex Xpanse — highlighting discovery methods, integrations, AI features, and sample pricing. It stresses continuous monitoring, asset context and prioritization, and recommends vetting vendor automation, remediation workflows, and pricing transparency.

NTLM/LDAP Authentication Bypass (CVE-2025-54918) Analysis

🔍 This analysis examines CVE-2025-54918, a critical NTLM/LDAP authentication bypass that enables privilege escalation from a standard domain user to SYSTEM on Domain Controllers. The vulnerability chains coercion (PrinterBug-style) with NTLM relay and packet manipulation to evade channel binding and LDAP signing. The post outlines the attack flow, detection indicators such as empty usernames and LOCAL_CALL flags, and mitigations using CrowdStrike Falcon capabilities.

AI-Enabled Ransomware: CISOs’ Top Security Concern

🛡️ CrowdStrike’s 2025 ransomware survey finds that AI is compressing attacker timelines and enhancing phishing, malware creation, and social engineering, forcing defenders to react in minutes rather than hours. 78% of respondents reported a ransomware incident in the past year, yet fewer than 25% recovered within 24 hours and paying victims often faced repeat compromise and data theft. CISOs rank AI-enabled ransomware as their top AI-related security concern, and many organizations are accelerating adoption of AI detection, automated response, and improved training.

CrowdStrike Launches AI-Driven Falcon UX in Preview

🔍 At Fal.Con 2025, CrowdStrike introduced a dynamic, persona-aware user experience for Falcon Cloud Security and Falcon Exposure Management, now available in public preview. Built on CrowdStrike Enterprise Graph and Charlotte AI, the console unifies hybrid and multi-cloud asset and risk visibility into customizable workspaces. It offers AI-assisted dashboard creation and executive-ready reporting to accelerate investigations and remediation without switching tools.