All news with #crowdstrike tag

CrowdStrike Named Overall Leader in 2025 ITDR Compass

🔒 CrowdStrike has been named the Overall Leader in the 2025 KuppingerCole Leadership Compass for Identity Threat Detection and Response, achieving top placement across Product, Innovation, Market, and Overall Ranking. The report cites Falcon Next-Gen Identity Security for its cloud-native design, AI/ML-driven detections, behavioral analytics, and automated identity-centric response. KuppingerCole highlights unified visibility across Active Directory, Entra ID, Okta, Ping, AWS IAM and SaaS via Falcon Shield, and notes deep integrations with XDR, SIEM, SOAR, IdP, IGA, PAM, and ITSM to accelerate detection and remediation for human, non-human, and AI agent identities.

Falcon Platform Enables Fast, CISO-Ready Executive Reports

🔒 The Falcon platform automates executive exposure reporting by correlating telemetry from Falcon Exposure Management, Falcon Cloud Security, and Falcon Next-Gen SIEM into decision-ready summaries. Falcon Fusion SOAR schedules or triggers workflows, and Charlotte AI agentic workflows translate correlated data into plain-language, prioritized reports on demand. The result is near real-time, adversary-aware reporting that maps exploitable vulnerabilities to critical assets and suggests prioritized remediation actions, dramatically reducing manual analyst effort.

Falcon for XIoT Enhances OT Visibility and Speed at Scale

🔍 Falcon for XIoT introduces zero-touch asset discovery, native segmentation visibility, and a unified OT/XIoT view to reduce blind spots across industrial networks. The solution leverages DHCP data and the existing Falcon sensor to build continuous, agentless inventories and to monitor inter-device traffic without manual scan configuration. These enhancements aim to accelerate detection, simplify operations, and provide richer context for faster security decisions across IT, OT, and XIoT environments.

CrowdStrike Expands Agentic Security Workforce With Agents

🤖 CrowdStrike announced new specialized agents and an orchestration layer designed to accelerate SOC operations and automation. The launch includes a Data Onboarding Agent, a Foundry App Creation Agent, and an updated Exposure Prioritization Agent to simplify pipeline creation, app development, and continuous authenticated scanning. Integrated with Charlotte Agentic SOAR and Charlotte AI, these agents enable coordinated, machine-speed workflows while keeping analysts in control.

CrowdStrike Advances Security Automation with Charlotte

🚀 CrowdStrike introduces Charlotte Agentic SOAR, an orchestration layer that integrates Falcon Fusion SOAR, Falcon Next‑Gen SIEM, Charlotte AI and AgentWorks to enable intelligent, no‑code agents. The offering includes an Agentic Security Workforce of purpose-built AI agents, an Agent Builder for plain-language agent creation, a visual workflow orchestrator with hundreds of connectors, and unified case management. Together these elements let analysts set guardrails while agents reason, decide, and act at machine speed to accelerate detection and response and reduce repetitive analyst tasks.

CrowdStrike: Rise in Physical Attacks on Privileged Users

🔒 CrowdStrike's 2025 analysis documents a sharp rise in physical attacks and kidnappings tied to cyber intrusions, concentrated in Europe. The report cites the January 2025 kidnapping of a Ledger co‑founder and records 17 similar incidents in Europe from January through September 2025, 13 of them in France. Consultants warn attackers increasingly pair cyber operations with real‑world violence, driving organizations to strengthen physical and executive security and adjust incident response playbooks.

European Ransomware Leak-Site Victims Spike in 2025

🔒 CrowdStrike's 2025 European Threat Landscape Report found a 13% year-on-year rise in ransomware victims across Europe, with the UK hardest hit. The study, covering leak sites from September 2024 to August 2025, identified 1,380 victims and noted that since January 2024 more than 2,100 organisations were named on extortion sites, with 92% involving file encryption and data theft. The report highlights Akira and LockBit as the most active groups and warns of persistent big-game hunting, growing vishing campaigns and an emerging Violence-as-a-Service threat landscape.

CrowdStrike Falcon Achieves 100% in SE Labs EPS Evaluation

🛡️ In SE Labs’ September 2025 Enterprise Endpoint Security evaluation, CrowdStrike Falcon earned the AAA EPS certification and recorded 100% Protection Accuracy, 100% Legitimate Accuracy and 100% Total Accuracy with zero false positives. SE Labs tested 75 targeted and 25 general attacks across full kill chains; Falcon detected and blocked or neutralized every attempt. The platform also won three SE Labs awards, including Enterprise Endpoint (Windows), Enterprise Ransomware, and Falcon Go for Small Business New Endpoint.

CrowdStrike Named Leader in 2025 Frost Radar for SSPM

🔒 CrowdStrike was named the Growth and Innovation Leader in the 2025 Frost Radar for SaaS Security Posture Management. The recognition highlights Falcon Shield, a fully native extension of the unified Falcon platform that correlates SaaS, endpoint and identity telemetry to deliver identity-centric detection, attack-path visualization and automated remediation. Frost & Sullivan cited >219% year-over-year growth and praised integrations such as Falcon Fusion SOAR and the Charlotte AI agentic system. Falcon Shield also offers 180+ prebuilt connectors and a no-code Integration Builder to scale protection and reduce mean time to remediation.

Vendor and Hyperscaler Watch: Attack Surface Tools

🔎 Cyber asset attack surface management (CAASM) and external ASM (EASM) solutions help organizations discover and continuously monitor internet-facing assets to reduce exposure and harden security. The article surveys a dozen commercial offerings — including Axonius, CrowdStrike Falcon Exposure, Microsoft Defender EASM, and Palo Alto Cortex Xpanse — highlighting discovery methods, integrations, AI features, and sample pricing. It stresses continuous monitoring, asset context and prioritization, and recommends vetting vendor automation, remediation workflows, and pricing transparency.

NTLM/LDAP Authentication Bypass (CVE-2025-54918) Analysis

🔍 This analysis examines CVE-2025-54918, a critical NTLM/LDAP authentication bypass that enables privilege escalation from a standard domain user to SYSTEM on Domain Controllers. The vulnerability chains coercion (PrinterBug-style) with NTLM relay and packet manipulation to evade channel binding and LDAP signing. The post outlines the attack flow, detection indicators such as empty usernames and LOCAL_CALL flags, and mitigations using CrowdStrike Falcon capabilities.

AI-Enabled Ransomware: CISOs’ Top Security Concern

🛡️ CrowdStrike’s 2025 ransomware survey finds that AI is compressing attacker timelines and enhancing phishing, malware creation, and social engineering, forcing defenders to react in minutes rather than hours. 78% of respondents reported a ransomware incident in the past year, yet fewer than 25% recovered within 24 hours and paying victims often faced repeat compromise and data theft. CISOs rank AI-enabled ransomware as their top AI-related security concern, and many organizations are accelerating adoption of AI detection, automated response, and improved training.

CrowdStrike Launches AI-Driven Falcon UX in Preview

🔍 At Fal.Con 2025, CrowdStrike introduced a dynamic, persona-aware user experience for Falcon Cloud Security and Falcon Exposure Management, now available in public preview. Built on CrowdStrike Enterprise Graph and Charlotte AI, the console unifies hybrid and multi-cloud asset and risk visibility into customizable workspaces. It offers AI-assisted dashboard creation and executive-ready reporting to accelerate investigations and remediation without switching tools.

Ransomware Reality: High Confidence, Low Preparedness

⚠️ The CrowdStrike State of Ransomware Survey reveals a sizable gap between organizational confidence and actual ransomware readiness. Half of 1,100 security leaders say they are "very well prepared," yet 78% were attacked in the past year and fewer than 25% recovered within 24 hours. The report warns that AI-accelerated attacks deepen this gap and recommends AI-native detection and response such as Falcon to regain the advantage.

ExPRT.AI: Predicting Which Vulnerabilities Will Be Exploited

🔍 ExPRT.AI, embedded in Falcon Exposure Management, leverages CrowdStrike threat intelligence and real-time telemetry to predict which vulnerabilities attackers are most likely to exploit. Instead of relying solely on static CVSS ratings, it evaluates adversary tradecraft, observed exploit activity, software prevalence, patch adoption, and attack complexity to produce a daily exploitability score. These explainable scores feed directly into Falcon workflows to accelerate triage, prioritize fixes by real-world risk, and reduce manual noise in vulnerability management.

CrowdStrike Falcon Blocks Git Vulnerability CVE-2025-48384

🔒 CrowdStrike has identified active exploitation of Git vulnerability CVE-2025-48384 and confirms that Falcon detections can block the observed attack chain. The vulnerability, which affects macOS and Linux, arises from inconsistent handling of carriage return characters in configuration and submodule path parsing and can enable arbitrary file writes during a recursive clone. Observed attacks combined social engineering with malicious repositories that place crafted .gitmodules entries and submodule hooks to execute post-checkout scripts. CrowdStrike urges organizations to patch Git, enable layered protections, deploy provided detection rules and hunting queries, and use Falcon Insight XDR prevention settings to reduce exposure.

CrowdStrike Adds Automated ChromeOS Response, GovCloud

🔒 CrowdStrike has enhanced Falcon Insight for ChromeOS with automated device response actions and GovCloud availability. The update enables instant device disabling and placement into restricted organizational units to block further activity and reduce lateral movement. Response actions can be executed manually from the Falcon console via a prebuilt Falcon Foundry app or automated through Falcon Fusion SOAR workflows. These capabilities ingest native ChromeOS telemetry without extra agents to simplify detection and containment.

Windows 10 End of Support: Guidance for Enterprises

🛡️ As of October 14, 2025, Microsoft has ended support for non‑LTSC releases of Windows 10, leaving installations without default security patches unless organizations purchase Extended Security Updates (ESUs). CrowdStrike advises inventorying assets, evaluating ESU costs, and prioritizing migration while ensuring continuous endpoint protection. The Falcon platform delivers cloud‑native detection, behavioral AI, and visibility across mixed Windows environments to help reduce risk during transition. Note that EDR complements but does not replace operating system updates.

Stopping Living-off-the-Land Abuse of Trusted Tools

🔒 CrowdStrike highlights how attackers increasingly weaponize trusted software—RMM tools, built-in Windows utilities, and admin binaries—to evade detection and operate within networks. The Falcon platform layers behavioral IOAs, custom controls, and Exposure Management and now adds APEX, a machine-learning model that analyzes command-line syntax, parameters, process lineage, timing, and context to detect LOLbin abuse. APEX is generally available for Windows and aims to raise detection while reducing false positives.

CrowdStrike Named Visionary in 2025 Gartner SIEM Placement

🔍 CrowdStrike Falcon Next‑Gen SIEM has been named a Visionary in the 2025 Gartner Magic Quadrant for Security Information and Event Management. The product is presented as an agentic SOC engine that combines AI-driven detections, real-time telemetry and a unified data foundation to accelerate detection and response. CrowdStrike cites metrics including 150x faster search, over 1PB/day ingestion and up to 80% cost savings, and highlights the acquisition of Onum to improve real-time pipelines and scale. New AI agents for workflow, data transformation, search analysis and correlation rule generation aim to simplify playbook creation, data prep and detection tuning.