All news with #crowdstrike tag

Cloudflare integrates CrowdStrike Falcon Fusion SOAR

🔗 Cloudflare announced an integration between the Cloudflare One SASE platform and CrowdStrike Falcon Fusion SOAR, delivering two out‑of‑the‑box connectors for Zero Trust and Email Security. The prebuilt actions exposed in the CrowdStrike Content Library automate common tasks—searching messages, updating allow/block lists, adjusting access policies, and revoking tokens—to reduce manual investigation and accelerate remediation. Customers can chain Cloudflare actions with Falcon Fusion playbooks via a drag‑and‑drop editor to enable bidirectional containment across network, email, and endpoints. The integration supports Logpush to CrowdStrike HTTP ingest and can be enabled from both vendor consoles, with APIs and custom playbooks available for tailoring workflows.

Wesco Reimagines Risk Management with Data Consolidation

🔍 Wesco consolidated thousands of security alerts into a unified risk framework to separate urgent threats from noise. By integrating more than a dozen platforms — including GitHub, Azure DevOps, Veracode, JFrog, Kubernetes, Microsoft Defender, and CrowdStrike — the company applied ASPM, threat modeling, a security champions program, and AI-driven automation to prioritize remediation. The initiative reduced duplication, saved developer time, and improved risk visibility across the organization.

Falcon Complete Hub Unifies MDR Visibility and Action

🛡️ Falcon Complete Hub delivers a unified interface inside the Falcon platform that consolidates Falcon Complete Next‑Gen MDR activities, escalations and expert guidance into a single operational view. It prioritizes critical actions, provides step‑by‑step remediation links and centralizes subscription status, announcements and knowledge resources to reduce decision latency. Backed by a 37‑minute mean time to respond and a four‑minute mean time to detect, the Hub converts MDR visibility into clear operational tasks and faster response.

Partner-built AI Security Innovations on Google Cloud

🔒 Google Cloud and its partners announced a range of partner-built AI security solutions now available in the Google Cloud Marketplace. These integrations embed Gemini and Vertex AI into partner products — including CrowdStrike, Palo Alto Networks, Fortinet, and others — to protect models, data, applications, and agents. The collaborations emphasize automated detection, incident response, DLP, identity protection, and agent monitoring to reduce mean time to detect and respond, helping customers adopt AI securely.

CrowdStrike Named Leader in Forrester Wave MDR Europe

🔒 CrowdStrike has been named a Leader in The Forrester Wave™: Managed Detection and Response (MDR) Services in Europe, Q3 2025, receiving the highest possible scores in 16 evaluation criteria spanning detection surfaces, managed response, threat hunting and analyst experience. Falcon Complete Next-Gen MDR combines AI-accelerated detection and investigation with expert-led response across endpoint, cloud, identity and third-party telemetry. The service uses CrowdStrike Charlotte AI to triage alerts and accelerate analysis, and emphasizes end-to-end remediation actions that remove persistence and contain intrusions without costly reimaging. CrowdStrike positions this recognition as validation of its platform-led, AI-plus-human approach to stopping breaches.

EMBER2024: Advancing ML Benchmarks for Evasive Malware

🛡️ The EMBER2024 release modernizes the popular EMBER malware benchmark by providing metadata, labels, and computed features for over 3.2 million files spanning six file formats. It supplies a 6,315-sample challenge set of initially evasive malware, updated feature extraction code using pefile, and supplemental raw bytes and disassembly for 16.3 million functions. The package also includes source code to reproduce feature calculation, labeling, and dataset construction so researchers can replicate and extend benchmarks.

Secure AI at Machine Speed: Full-Stack Enterprise Defense

🔒 CrowdStrike explains how widespread AI adoption expands the enterprise attack surface, exposing models, data pipelines, APIs, and autonomous agents to new adversary techniques. The post argues that legacy controls and fragmented tooling are insufficient and advocates for real-time, full‑stack protections. The Falcon platform is presented as a unified solution offering telemetry, lifecycle protection, GenAI-aware data loss prevention, and agent governance to detect, prevent, and remediate AI-related threats.

CrowdStrike Acquires Onum to Boost Agentic SOC Data

🔒 CrowdStrike has acquired Spanish telemetry specialist Onum for $290 million, aiming to integrate its real-time pipeline and filtering technology into the Falcon Next‑Gen SIEM. The company says Onum’s pipeline will enable higher event throughput, reduce storage costs by about 50%, and cut ingest overhead while accelerating incident response. CrowdStrike frames the buy as a move toward an AI-native, agentic SOC.

CrowdStrike Named Leader in IDC MarketScape 2025 IR Services

🔹 CrowdStrike was named a Leader in the IDC MarketScape: Worldwide Incident Response Services 2025 assessment, recognized for its AI-native Falcon platform and a global 24/7 incident response model. The company combines over 100,000 hours of annual IR casework with frontline breach expertise to speed detection, investigation and containment. Its follow-the-sun delivery and AI-augmented tooling reduce time-to-recovery, while proactive offerings like CrowdStrike Pulse Services help customers build long-term resilience.

CrowdStrike to Acquire Onum for Real-Time Telemetry

📡 CrowdStrike announced an agreement to acquire Onum, a leader in real-time telemetry pipeline management that will extend the CrowdStrike Falcon platform's data advantage. Onum transforms telemetry in motion by filtering, enriching and optimizing events as they stream, delivering high-fidelity intelligence to Falcon Next-Gen SIEM, customer AI agents and data lakes. CrowdStrike highlights gains in speed and cost efficiency, saying the integration will reduce storage overhead, accelerate incident response and enable an agentic SOC powered by real-time, AI-driven detection.

Fake macOS Help Sites Spread SHAMOS Infostealer via Ads

🔒 CrowdStrike disrupted a malvertising campaign that redirected users to counterfeit macOS help pages and urged them to run a malicious one-line installation command. Observed between June and August 2025, the operation sought to deliver the SHAMOS variant of the Atomic macOS Stealer (AMOS), a Mach-O binary distributed by MaaS operator Cookie Spider. The installer decoded a Base64 string, executed a Bash script that captured credentials and fetched the payload from icloudservers[.]com.

CrowdStrike Named Leader in 2025 Exposure Management

🔒 CrowdStrike has been named a Leader in the 2025 IDC MarketScape for Exposure Management. Falcon Exposure Management delivers AI-native, real-time visibility and prioritization of exposures and attack paths across endpoint, cloud, identity and OT/IoT, helping teams focus on what adversaries can feasibly exploit. It unifies VM, ASM and CAASM capabilities and introduces Network Vulnerability Assessment for continuous discovery of unmanaged network devices without additional agents or hardware. Integrated exposure data is correlated across CrowdStrike Threat Graph, Intel Graph and Asset Graph to support faster, automated remediation.

MURKY PANDA: Trusted-Relationship Cloud Threats and TTPs

🔒 Since late 2024 CrowdStrike's Counter Adversary Operations has tracked MURKY PANDA, a China‑nexus actor targeting government, technology, academic, legal and professional services in North America. The group exploits internet‑facing appliances, rapidly weaponizes n‑day and zero‑day flaws, and deploys web shells (including Neo‑reGeorg) and the Golang RAT CloudedHope. CrowdStrike recommends auditing Entra ID service principals and activity, enabling Microsoft Graph logging, hunting for anomalous service principal sign‑ins, prioritizing patching of cloud and edge devices, and leveraging Falcon detection and SIEM capabilities.

Falcon Stops COOKIE SPIDER's SHAMOS macOS Delivery

🔒 Between June and August 2025, the CrowdStrike Falcon platform blocked a widespread malware campaign that attempted to compromise more than 300 customer environments. The campaign, operated by COOKIE SPIDER and renting the SHAMOS stealer (an AMOS variant), used malvertising and malicious one-line install commands to bypass Gatekeeper and drop a Mach-O executable. Falcon detections—machine learning, IOA behavior rules and threat prevention—prevented SHAMOS at download, execution and exfiltration stages. CrowdStrike published hunting queries, mitigation guidance and IOCs including domains, a spoofed GitHub repo and multiple script and Mach-O hashes.

Defending Against SCATTERED SPIDER with Falcon SIEM

🔒 Falcon Next-Gen SIEM provides real-time, cross-domain detection to help organizations detect and respond to the identity-centric eCrime group SCATTERED SPIDER. The platform correlates identity, cloud, SaaS, network and email telemetry, offering out-of-the-box rule templates for phishing, MFA fatigue, suspicious SSO events and exfiltration. CrowdStrike recommends comprehensive log ingestion and tuning of these templates to improve detection and response across the full attack lifecycle.

Falcon Next-Gen Identity Security Unifies Protection

🔒 CrowdStrike announced Falcon Next-Gen Identity Security, a unified solution to protect human, non-human, and AI agent identities across on-premises, cloud, and SaaS environments. It consolidates initial access prevention, modern secure privileged access, identity threat detection and response (ITDR), SaaS identity security, and agentic identity protection into a single sensor and management console. Delivered via the AI-native Falcon platform, the offering provides real-time visibility, dynamic access enforcement, and autonomous response to reduce identity-driven breaches and simplify hybrid identity security.

CrowdStrike Named Leader in GigaOm SSPM Radar 2025

🔒 CrowdStrike has been named the only Leader and Outperformer in the 2025 GigaOm Radar for SaaS Security Posture Management (SSPM). The recognition highlights the CrowdStrike Falcon platform's unified, AI-native approach—combining Falcon Shield, identity protection and cloud security—to detect and remediate misconfigurations, identity threats, and unauthorized SaaS access. Falcon Shield's extensive integrations, automated policy responses via Falcon Fusion SOAR, and GenAI-focused controls underpin its market-leading posture and support continuous visibility across human and non-human identities.