Modern cyberattacks are multifaceted, leveraging different tools and techniques and targeting multiple entry points. As noted in the CrowdStrike 2022 Global Threat Report, 62% of modern attacks do not use traditional malware and 80% of attacks use identity-based techniques, meaning that attacks target not only endpoints, but also cloud and identity layers with techniques that many legacy solutions have no visibility of or means of stopping. In fact, a recent CISA alert detailed how nation-state threat actors leverage several identity-based attacks to breach their target. Modern attacks like ransomware and supply chain threats are multistage, nonlinear and initiated by attackers at the weakest point in an environment.
Threats such as ransomware often use two common attack components: code execution and identity-based attack techniques. Code execution may be an initial step to compromise an endpoint or device to then further the attack once inside an organization. Identity attack techniques (such as lateral movement and compromising a valid credential) are then typically used by the attacker to move quickly to a more lucrative target in the organization and evade prompt detection.
Can’t Patch Your Way to Success
Many high-profile breaches succeed due to vulnerabilities in a vendor system. This means patching systems is a critical part of all IT infrastructure. However, the patching process is often difficult for organizations that struggle to keep up with new security updates and lack a strategy to handle patching and remediation. As a result, many leave a door open for attackers to enter.
The CrowdStrike Falcon® platform, together with CrowdStrike Falcon Fusion — an integrated cloud-scale framework for IT and security workflow orchestration and automation — creates a powerful set of capabilities that automate workflows to efficiently manage the patching and remediation process. Within the SecOps suite of products, CrowdStrike Falcon Spotlight™ scanless vulnerability management harnesses Falcon Fusion to enable automated remediation workflows with two new, dynamic integrations through ServiceNow and Jira.
While it’s essential to enterprise security strategy, patching alone is not enough to defend against modern cyberattacks. Further, when patching becomes the main response from a vendor to improve security, it leads to a number of security and operational challenges for organizations — as seen with Microsoft’s supply chain and noPac exploits. Customers need a way to protect against threats even while applying patches.
CrowdStrike protects customers as they architect their patch strategy with a layered approach to threat detection and prevention. In addition to indicators of attack, which detect illicit behavior by observing the actions and intent of processes on the endpoints, CrowdStrike Falcon Prevent™ next-generation antivirus uses other techniques for threat detection, such as file-based machine learning (ML). In one example, SUNSPOT malware used in a sophisticated supply chain attack was detected with high confidence through the Falcon on-sensor ML model.
Today’s organizations also must focus on proactive defense. CrowdStrike Falcon Identity Protection enables stronger defense against identity-based attacks with visibility into authentication activity across accounts and endpoints, as well as the ability to reduce the attack surface through real-time identification of anomalous user behavior. Patching can stop an attacker from breaching an environment, but identity protection can stop them from advancing an attack once inside.
One Platform, One (Easier) Fight
Stopping modern attacks may be attempted with a stack of tools, vendors and third-party services. Given the speed of modern attacks, the wide range of attack vectors, and the overall cost and complexity of getting qualified people and integration completed, how fast and efficient can an organization be with a “stack ’em and rack ’em” approach?
This is why CrowdStrike has built the Falcon platform, the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk — endpoints and cloud workloads, identity and data. The platform can easily be extended with APIs, partner pre-integrations via the CrowdStrike Store and customization by the customer/user. Customers can deploy and run their own Falcon platform, supplement with CrowdStrike assessment and onboarding services, or opt for a completely managed service approach from CrowdStrike.
Leave a Reply