All news with #endpoint security & xdr tag

Defeating BLOCKADE SPIDER: Stopping Cross-Domain Attacks

🔒 CrowdStrike describes how OverWatch detected and disrupted BLOCKADE SPIDER, a financially motivated eCrime group that has used cross-domain techniques since at least April 2024 to access unmanaged systems, dump credentials, and deploy Embargo ransomware. By correlating endpoint, identity, and cloud telemetry in Falcon Next-Gen SIEM and Falcon Identity Threat Protection, analysts traced a compromised VPN service account and observed MFA bypass and AD manipulation. The account underscores the value of unified visibility to stop lateral movement and protect critical assets.

CrowdStrike Adds Automated ChromeOS Response, GovCloud

🔒 CrowdStrike has enhanced Falcon Insight for ChromeOS with automated device response actions and GovCloud availability. The update enables instant device disabling and placement into restricted organizational units to block further activity and reduce lateral movement. Response actions can be executed manually from the Falcon console via a prebuilt Falcon Foundry app or automated through Falcon Fusion SOAR workflows. These capabilities ingest native ChromeOS telemetry without extra agents to simplify detection and containment.

Windows 10 End of Support: Guidance for Enterprises

🛡️ As of October 14, 2025, Microsoft has ended support for non‑LTSC releases of Windows 10, leaving installations without default security patches unless organizations purchase Extended Security Updates (ESUs). CrowdStrike advises inventorying assets, evaluating ESU costs, and prioritizing migration while ensuring continuous endpoint protection. The Falcon platform delivers cloud‑native detection, behavioral AI, and visibility across mixed Windows environments to help reduce risk during transition. Note that EDR complements but does not replace operating system updates.

Stopping Living-off-the-Land Abuse of Trusted Tools

🔒 CrowdStrike highlights how attackers increasingly weaponize trusted software—RMM tools, built-in Windows utilities, and admin binaries—to evade detection and operate within networks. The Falcon platform layers behavioral IOAs, custom controls, and Exposure Management and now adds APEX, a machine-learning model that analyzes command-line syntax, parameters, process lineage, timing, and context to detect LOLbin abuse. APEX is generally available for Windows and aims to raise detection while reducing false positives.

Falcon for IT Brings Risk-Based Patching to Falcon

🔒 Falcon for IT introduces Risk-based Patching to unite security and IT teams within the CrowdStrike Falcon platform. By combining Falcon Exposure Management telemetry, AI-powered patch scheduling, Patch Safety Scores, and sensor intelligence, the feature prioritizes vulnerabilities by real-world exploitability and reduces time to remediation. Ring-based deployments, smart rollout coordination, and pre-deployment safety checks help avoid system-breaking updates while accelerating fixes. Delivered through the existing lightweight Falcon agent, it replaces manual handoffs with a single, unified workflow.

Falcon Complete Hub Unifies MDR Visibility and Action

🛡️ Falcon Complete Hub delivers a unified interface inside the Falcon platform that consolidates Falcon Complete Next‑Gen MDR activities, escalations and expert guidance into a single operational view. It prioritizes critical actions, provides step‑by‑step remediation links and centralizes subscription status, announcements and knowledge resources to reduce decision latency. Backed by a 37‑minute mean time to respond and a four‑minute mean time to detect, the Hub converts MDR visibility into clear operational tasks and faster response.