All news with #crowdstrike tag

🔐 CrowdStrike introduces Charlotte AI AgentWorks and Charlotte Agentic SOAR to enable agentic security operations that orchestrate context-aware agent fleets and automate responses at machine speed. The platform integrates frontier models from Anthropic, NVIDIA and OpenAI and leverages Falcon telemetry, threat intelligence, and industry partners to keep agents context-aware and secure. Built-in guardrails preserve human oversight and governed autonomy while mission-ready agents handle tasks from triage to malware analysis. Customers report sharply reduced manual workloads, restored analyst capacity, and improved decision accuracy.

🔒 CrowdStrike introduces Falcon Data Security, a unified solution that discovers, classifies, and defends sensitive information across endpoints, browsers, SaaS, cloud services, and GenAI workflows. The offering uses a shared classification engine for consistent identification of PCI, PII, PHI, and other sensitive types, and applies AI to reduce manual tagging. Real-time visibility into data in motion — including egress context and runtime cloud flows via eBPF telemetry — lets teams stop risky transfers at the moment they occur. Natively integrated with the Falcon platform, it correlates data events with device, user, and adversary telemetry to prioritize and automate response.

⚡CrowdStrike introduces agentic MDR through Falcon Complete, combining deterministic automation, adaptive AI agents, and human analyst oversight to accelerate detection and response at machine speed. The service leverages Falcon Fusion SOAR and proprietary tooling to execute expert-engineered playbooks, delivering faster median time to contain and consistent, repeatable remediations. Complementary SOC Transformation Services modernize SIEM, data pipelines, workflows, and governance so organizations can adopt agentic operations safely and deliberately.

⚡ CrowdStrike is extending the Falcon Flex consumption model to its expert-led services, allowing customers to draw down a standalone services entitlement across incident response, proactive security, advisory, platform services, and training. The approach reduces procurement friction and supports pre-arranged incident response readiness independent of Falcon subscriptions or standard retainers. For qualifying new customers, the Zero Dollar Flex Fund provides 200 hours (160 incident response, 40 proactive) over 12 months to simplify first-time engagement.

🔒 CrowdStrike introduces three CNAPP innovations in Falcon Cloud Security to improve cloud risk prioritization and remediation. Application Explorer unites runtime application mapping with infrastructure context to show which apps access sensitive data and external AI models. Adversary intelligence aligns findings to over 280 tracked threat groups and Timeline Explorer reconstructs change histories to show root cause and validate fixes.

🔁 Tycoon2FA, a phishing-as-a-service platform disrupted by Europol and Microsoft on March 4, has returned to pre-takedown activity levels within days. CrowdStrike observed a brief decline to about 25% of normal volumes on March 4–5, 2026, before activity rebounded and cloud compromise remediations returned to early-2026 levels. The service continues to use similar TTPs targeting Microsoft 365 and Gmail, exploiting redirection, URL shorteners, and compromised domains. CrowdStrike warns that without arrests or physical seizures, operators can quickly recover and replace impacted infrastructure.

🛡️ Tycoon2FA, a subscription-based phishing-as-a-service platform, has resumed operations following a coordinated takedown that seized 330 domains. The service uses adversary-in-the-middle techniques to intercept live authentication sessions and bypass multifactor authentication, and it continues to deploy AI-generated decoy pages and malicious URLs. CrowdStrike reported multiple suspected Tycoon2FA-enabled incidents in early March. Organisations are urged to prioritise continuous detection, real-time signal correlation, and layered defences to counter this adaptive threat.

🛡️ CrowdStrike is extending Falcon Next‑Gen SIEM to ingest and operationalize telemetry from third‑party EDRs, beginning with Microsoft Defender, without requiring a Falcon sensor. The release embeds real‑time data pipelines via Falcon Onum to filter, enrich, and route telemetry, and expands federated search to include Falcon LogScale, ExtraHop, and cloud archives. It also introduces Third‑Party Indicator Management to operationalize external threat intelligence and a Query Translation Agent to convert legacy searches into CQL. Together these capabilities aim to reduce ingestion costs, accelerate investigations, simplify SIEM migrations, and let teams modernize SOC operations without replacing endpoint agents.

🔒 CrowdStrike announced a suite of innovations that expand AI detection and response across endpoints, SaaS, and cloud environments. New capabilities include runtime monitoring for desktop AI applications and Copilot Studio agents, unified discovery and classification of AI agents across SaaS, and data-flow visibility for cloud-hosted AI workloads. Several features are in pre-beta or early beta with staged GA rollouts planned over upcoming quarters.

🛡️ On March 4, 2026, Europol coordinated a technical disruption that seized 330 domains tied to Tycoon2FA, a subscription-based phishing-as-a-service platform that enabled adversary-in-the-middle (AITM) attacks to bypass multifactor authentication. CrowdStrike observed an immediate drop in activity followed by a return to pre-disruption campaign volumes as operators reconstituted infrastructure and continued using established TTPs. Defenders should maintain layered controls across phishing, DNS resolution, cloud authentication, and Exchange inbox protections while leveraging Falcon and Falcon Complete for detection and response support.

🔍 CrowdStrike linked a spike in script-execution detections to a compromised GitHub Action, aquasecurity/trivy-action, used widely in CI/CD pipelines. An attacker force‑repointed 76 of 77 release tags to commits that prepended a ~105‑line credential stealer to the legitimate entrypoint, enabling secret harvesting on both GitHub-hosted and self‑hosted runners. Harvested data was encrypted with AES-256-CBC and a hardcoded 4096‑bit RSA key, then exfiltrated via a typosquatted domain and, as a fallback, by creating public GitHub releases under victim accounts; the malicious code then invoked the original scanner to hide its activity.

🔒 Falcon AIDR now integrates with NVIDIA NeMo Guardrails to provide programmable runtime protections for homegrown AI agents moving into production. The combined solution blocks prompt injection, redacts PII, defangs malicious domains, and moderates unwanted topics while preserving responsive, sub-100ms agent workflows. Teams can leverage 75+ built-in detectors or create custom policies to monitor in report-only mode and then progressively enforce blocks, redactions, encryptions, or transformations.

🔒 CrowdStrike Falcon Platform for Government now includes Falcon for XIoT, delivering FedRAMP High–authorized visibility and protection for connected and operational technology assets. The solution provides native, zero‑touch XIoT asset discovery with deep protocol support and ICS vendor validation to preserve operational continuity across critical infrastructure. It also leverages AI-powered risk prioritization to surface and rank high‑risk conditions across converged IT/OT environments.

🔒 CrowdStrike is introducing new GovCloud capabilities designed to help federal, state, and local agencies modernize cyber defenses while maintaining FedRAMP compliance. Falcon Flex offers a commitment-based purchasing model to simplify procurement and consolidate tooling. New Charlotte AI features bring natural-language interactions and an automated Response Agent to speed investigations. GovCloud additions include Falcon for XIoT, External Attack Surface Management, and behavioral malware analysis to improve IT/OT visibility, detection, and response.

🛡️Charlotte AI is an agentic security analyst embedded in CrowdStrike Falcon, built to triage alerts, investigate threats and drive automated, inspectable response actions. It reasons over existing detections — including machine learning, IOAs and the CrowdStrike Threat Graph — and enforces analyst-defined guardrails so humans remain in control. Customers report faster MTTR and large reductions in initial investigation time.

🔒 Falcon for XIoT now extends asset protection to medical devices and clinical systems, adding native visibility for protocols such as DICOM and HL7. The cloud-native Falcon sensor, available in beta, monitors device behavior and protocol communications to detect anomalies and block malicious actions before they affect patient care. It integrates device telemetry, AI-driven analytics, and CrowdStrike Exposure Management so security teams can discover legacy or unsupported assets, prioritize high-risk devices, and respond within existing SOC workflows. Integration with Falcon Next‑Gen SIEM and Falcon Fusion SOAR streamlines investigation and triage across IT and XIoT assets.

🔒 CrowdStrike announces sensor-based log collector deployment in Falcon Next-Gen SIEM, leveraging the existing Falcon sensor footprint to automate collector installation and management. The policy-driven model enables host-group scoping, incremental rollouts, and real-time installation telemetry without separate distribution tooling or packaging workflows. Organizations can onboard external log sources faster while retaining centralized governance and RBAC.

🔒 Cloudflare One now integrates continuous User Risk Scores into its ZTNA policies, letting admins factor recent user behaviors into access decisions. The SASE risk engine ingests internal telemetry from Cloudflare Access and Gateway, plus third-party signals via integrations (e.g., CrowdStrike, SentinelOne), and deterministically maps configured behaviors to low/medium/high risk levels. Administrators can apply risk-based selectors in Access policies to restrict, require stronger MFA, or revoke access dynamically, with manual reset and signal-sharing back to IdPs.

🛡️CrowdStrike has been independently assessed and assured against the UK National Cyber Security Centre’s CIR Standard. The CrowdStrike certification confirms independent evaluation of provider capability, technical competence, and service delivery for incident handling across the UK and Europe. It reinforces the company's incident response services—breach response, retainers, and resilience work—powered by the Falcon platform.

🔒 Security experts warn that defenders must embrace greater automation to keep pace with AI-powered attacks that operate at machine speed. Recent research, including CrowdStrike findings showing average breakout times falling to 29 minutes (and as fast as 27 seconds), highlights the urgency. Industry leaders recommend automating routine SOC work and responses to known threats while reserving humans for novel, high-risk incidents. Cultural shifts and revised risk appetites will be required to enable faster, autonomous mitigations.