All news with #crowdstrike tag

🤖 Tines published a prebuilt workflow that automates security alert triage by using AI agents to identify alert types, find relevant SOPs in Confluence, and execute remediation steps across integrated tools. The two-agent design creates structured case records, documents every action, and notifies on-call staff via Slack. The workflow supports integrations such as CrowdStrike, Okta, VirusTotal and others, and is available in Tines' Community Edition for testing.

🔐 CrowdStrike announced three enhancements to Falcon Next‑Gen Identity Security: FalconID, expanded privileged access controls, and identity‑driven case management. FalconID delivers FIDO2-based, phishing-resistant passwordless MFA via the Falcon for Mobile app, combining Bluetooth proximity checks with contextual telemetry to block credential phishing, MFA fatigue, and session hijacking. Privileged access updates add just-in-time workflows, Microsoft Teams request/revoke, Fusion SOAR automation, and hybrid coverage including local systems (early access). Identity-driven case management integrates identity detections into Falcon Next‑Gen SIEM and automates analyst response (generally available).

🔒 CrowdStrike announces four new innovations in Falcon Data Protection to help organizations prevent GenAI-driven data leaks across endpoints, cloud, SaaS and AI tools. The updates include real-time GenAI protections that span browsers, local apps and shadow AI services, unified out-of-the-box detections, AI-powered classifications, and a consolidated Insider Risk dashboard. Beta and general availability windows span late 2025 through mid-2026, with cloud features prioritized earlier.

🔒 CrowdStrike describes how the Falcon platform delivers unified visibility and lifecycle defense across the full AI stack, from GPUs and training data to inference pipelines and SaaS agents. The post highlights integrations with NVIDIA, AWS, Intel, Dell, Meta, and Salesforce to extend protection into infrastructure, data, models, and applications. It also introduces agentic defense via Charlotte AI for autonomous triage and rapid response, and emphasizes governance controls to prevent data leaks and adversarial manipulation.

🔍 CrowdStrike unveiled Threat AI, described as the industry’s first agentic threat intelligence system, built on the Falcon platform to reason, hunt, and act across adversary activity. The initial agents — a Malware Analysis Agent and a Hunt Agent — automate complex workflows like reversing, classification, retrohunting, and continuous threat hunting to surface actionable recommendations. CrowdStrike also released a Threat Intelligence Browser Extension for Chrome to provide intelligence in analysts’ workflows, aiming to accelerate investigations and help SOCs respond at machine speed.

🤖 CrowdStrike is expanding its agentic AI strategy following its $290 million acquisition of Onum, introducing two initiatives designed to accelerate real-time telemetry and automate SOC workflows. The Agentic Security Platform builds an "enterprise graph" with a semantic data model that acts as a Rosetta Stone to normalize diverse telemetry and enable a global query and command engine. Agent Works provides a no-code environment to create, test, and deploy agentic systems, while the Agentic Security Workforce delivers mission-ready agents in Falcon sensors to automate repetitive analyst tasks and enforce data-protection controls across endpoints.

🐛 Security researchers report at least 187 npm packages compromised in an active supply-chain campaign dubbed Shai‑Hulud. The malware, first observed in the widely used @ctrl/tinycolor package, includes a self‑propagating payload that injects a bundle.js, abuses TruffleHog to harvest tokens and cloud credentials, and creates unauthorized GitHub Actions workflows to exfiltrate secrets. Affected vendors including CrowdStrike say they removed malicious packages and rotated keys; developers are urged to audit environments, rotate secrets, and pin dependencies.

🚀 The CrowdStrike Falcon fall release reframes the platform as an Agentic Security Platform, introducing four core innovations: Enterprise Graph, Charlotte AI AgentWorks, the Agent Collaboration framework (powered by MCP), and an AI-native console. Enterprise Graph unifies telemetry into a real-time, AI-ready data layer to give humans and agents shared context. Charlotte AI AgentWorks delivers a no-code environment to design, test, deploy, and govern mission-specific security agents at scale, while MCP enables secure, orchestrated multi-agent collaboration.

🔒 CrowdStrike announced its intent to acquire Pangea to deliver the industry’s first AI detection and response (AIDR) capability, securing enterprise AI use and development across data, models, agents, identities, infrastructure, and interactions. Unveiled at Fal.Con 2025 by Michael Sentonas, the deal will integrate Pangea’s prompt‑layer and interaction security with the Falcon platform to provide unified visibility, governance, and enforcement across the AI lifecycle. The combined solution targets prompt injection, model manipulation, shadow AI and sensitive data exfiltration while enabling developers and security teams to innovate faster with built‑in safeguards.

🔗 Cloudflare announced an integration between the Cloudflare One SASE platform and CrowdStrike Falcon Fusion SOAR, delivering two out‑of‑the‑box connectors for Zero Trust and Email Security. The prebuilt actions exposed in the CrowdStrike Content Library automate common tasks—searching messages, updating allow/block lists, adjusting access policies, and revoking tokens—to reduce manual investigation and accelerate remediation. Customers can chain Cloudflare actions with Falcon Fusion playbooks via a drag‑and‑drop editor to enable bidirectional containment across network, email, and endpoints. The integration supports Logpush to CrowdStrike HTTP ingest and can be enabled from both vendor consoles, with APIs and custom playbooks available for tailoring workflows.

🔍 Wesco consolidated thousands of security alerts into a unified risk framework to separate urgent threats from noise. By integrating more than a dozen platforms — including GitHub, Azure DevOps, Veracode, JFrog, Kubernetes, Microsoft Defender, and CrowdStrike — the company applied ASPM, threat modeling, a security champions program, and AI-driven automation to prioritize remediation. The initiative reduced duplication, saved developer time, and improved risk visibility across the organization.

🛡️ Falcon Complete Hub delivers a unified interface inside the Falcon platform that consolidates Falcon Complete Next‑Gen MDR activities, escalations and expert guidance into a single operational view. It prioritizes critical actions, provides step‑by‑step remediation links and centralizes subscription status, announcements and knowledge resources to reduce decision latency. Backed by a 37‑minute mean time to respond and a four‑minute mean time to detect, the Hub converts MDR visibility into clear operational tasks and faster response.

🔒 Google Cloud and its partners announced a range of partner-built AI security solutions now available in the Google Cloud Marketplace. These integrations embed Gemini and Vertex AI into partner products — including CrowdStrike, Palo Alto Networks, Fortinet, and others — to protect models, data, applications, and agents. The collaborations emphasize automated detection, incident response, DLP, identity protection, and agent monitoring to reduce mean time to detect and respond, helping customers adopt AI securely.

🔒 CrowdStrike has been named a Leader in The Forrester Wave™: Managed Detection and Response (MDR) Services in Europe, Q3 2025, receiving the highest possible scores in 16 evaluation criteria spanning detection surfaces, managed response, threat hunting and analyst experience. Falcon Complete Next-Gen MDR combines AI-accelerated detection and investigation with expert-led response across endpoint, cloud, identity and third-party telemetry. The service uses CrowdStrike Charlotte AI to triage alerts and accelerate analysis, and emphasizes end-to-end remediation actions that remove persistence and contain intrusions without costly reimaging. CrowdStrike positions this recognition as validation of its platform-led, AI-plus-human approach to stopping breaches.

🔒 CrowdStrike explains how widespread AI adoption expands the enterprise attack surface, exposing models, data pipelines, APIs, and autonomous agents to new adversary techniques. The post argues that legacy controls and fragmented tooling are insufficient and advocates for real-time, full‑stack protections. The Falcon platform is presented as a unified solution offering telemetry, lifecycle protection, GenAI-aware data loss prevention, and agent governance to detect, prevent, and remediate AI-related threats.

🔒 CrowdStrike has acquired Spanish telemetry specialist Onum for $290 million, aiming to integrate its real-time pipeline and filtering technology into the Falcon Next‑Gen SIEM. The company says Onum’s pipeline will enable higher event throughput, reduce storage costs by about 50%, and cut ingest overhead while accelerating incident response. CrowdStrike frames the buy as a move toward an AI-native, agentic SOC.

🔹 CrowdStrike was named a Leader in the IDC MarketScape: Worldwide Incident Response Services 2025 assessment, recognized for its AI-native Falcon platform and a global 24/7 incident response model. The company combines over 100,000 hours of annual IR casework with frontline breach expertise to speed detection, investigation and containment. Its follow-the-sun delivery and AI-augmented tooling reduce time-to-recovery, while proactive offerings like CrowdStrike Pulse Services help customers build long-term resilience.

📡 CrowdStrike announced an agreement to acquire Onum, a leader in real-time telemetry pipeline management that will extend the CrowdStrike Falcon platform's data advantage. Onum transforms telemetry in motion by filtering, enriching and optimizing events as they stream, delivering high-fidelity intelligence to Falcon Next-Gen SIEM, customer AI agents and data lakes. CrowdStrike highlights gains in speed and cost efficiency, saying the integration will reduce storage overhead, accelerate incident response and enable an agentic SOC powered by real-time, AI-driven detection.

🔒 CrowdStrike disrupted a malvertising campaign that redirected users to counterfeit macOS help pages and urged them to run a malicious one-line installation command. Observed between June and August 2025, the operation sought to deliver the SHAMOS variant of the Atomic macOS Stealer (AMOS), a Mach-O binary distributed by MaaS operator Cookie Spider. The installer decoded a Base64 string, executed a Bash script that captured credentials and fetched the payload from icloudservers[.]com.

🔒 CrowdStrike has been named a Leader in the 2025 IDC MarketScape for Exposure Management. Falcon Exposure Management delivers AI-native, real-time visibility and prioritization of exposures and attack paths across endpoint, cloud, identity and OT/IoT, helping teams focus on what adversaries can feasibly exploit. It unifies VM, ASM and CAASM capabilities and introduces Network Vulnerability Assessment for continuous discovery of unmanaged network devices without additional agents or hardware. Integrated exposure data is correlated across CrowdStrike Threat Graph, Intel Graph and Asset Graph to support faster, automated remediation.