All news with #next-gen siem & log management tag

Defeating BLOCKADE SPIDER: Stopping Cross-Domain Attacks

🔒 CrowdStrike describes how OverWatch detected and disrupted BLOCKADE SPIDER, a financially motivated eCrime group that has used cross-domain techniques since at least April 2024 to access unmanaged systems, dump credentials, and deploy Embargo ransomware. By correlating endpoint, identity, and cloud telemetry in Falcon Next-Gen SIEM and Falcon Identity Threat Protection, analysts traced a compromised VPN service account and observed MFA bypass and AD manipulation. The account underscores the value of unified visibility to stop lateral movement and protect critical assets.

Falcon Platform Enables Fast, CISO-Ready Executive Reports

🔒 The Falcon platform automates executive exposure reporting by correlating telemetry from Falcon Exposure Management, Falcon Cloud Security, and Falcon Next-Gen SIEM into decision-ready summaries. Falcon Fusion SOAR schedules or triggers workflows, and Charlotte AI agentic workflows translate correlated data into plain-language, prioritized reports on demand. The result is near real-time, adversary-aware reporting that maps exploitable vulnerabilities to critical assets and suggests prioritized remediation actions, dramatically reducing manual analyst effort.

CrowdStrike Named Visionary in 2025 Gartner SIEM Placement

🔍 CrowdStrike Falcon Next‑Gen SIEM has been named a Visionary in the 2025 Gartner Magic Quadrant for Security Information and Event Management. The product is presented as an agentic SOC engine that combines AI-driven detections, real-time telemetry and a unified data foundation to accelerate detection and response. CrowdStrike cites metrics including 150x faster search, over 1PB/day ingestion and up to 80% cost savings, and highlights the acquisition of Onum to improve real-time pipelines and scale. New AI agents for workflow, data transformation, search analysis and correlation rule generation aim to simplify playbook creation, data prep and detection tuning.

CrowdStrike Fall 2025 Release: Agentic SOC & AI Security

🔒 CrowdStrike’s Fall 2025 release introduces the Falcon agentic security platform, redefining SOC operations by pairing analysts with AI agents that reason, act, and continuously learn. The release centers on the Enterprise Graph data layer and Charlotte AI AgentWorks for no-code agent creation, plus seven mission-ready agents and Threat AI for autonomous hunting and response. It also expands identity, data protection, patching, and MDR capabilities, integrates Pangea and Onum, and launches AI Detection and Response (AIDR) to secure AI workflows.

CrowdStrike Adds Correlation Rule Template Discovery

🔍 CrowdStrike has launched the Correlation Rule Template Discovery dashboard in Falcon Next-Gen SIEM to help SOC teams discover and operationalize high-value detection content more quickly. The centralized dashboard maps templates to onboarded telemetry, offers precision search and filtering by data source and MITRE ATT&CK tactics, and exposes quick actions to test and deploy templates as active correlation rules. It highlights new and updated templates, provides compatibility analysis, and surfaces curated research and enablement guidance to accelerate detection and reduce noise.