For years, Cushman & Wakefield’s security team knew that remote desktop protocol (RDP) access was a potential weak point, but enforcing multifactor authentication (MFA) for RDP was out of reach. The company’s legacy cybersecurity tools simply didn’t support it, leaving critical systems vulnerable to credential-based attacks.
“We knew attackers target RDP as an easy entry point, but had no way to enforce MFA at scale,” said Erik Hart, CISO at Cushman & Wakefield, a global commercial real estate leader with nearly 400 offices and 52,000 employees.
Learn more: Read the Cushman & Wakefield customer story
This changed when the company added CrowdStrike Falcon® Identity Protection to its CrowdStrike endpoint security deployment. This solution allowed it to both enforce MFA for RDP across 100% of its environment and gain real-time identity security across its on-premises Active Directory (AD), cloud-based Microsoft Entra ID, and SaaS applications.
This blog explores how Cushman & Wakefield secures identities with Falcon Identity Protection.
Table of Contents
Identity Is the New Attack Surface
The identity attack surface continues to expand, making it a top priority for security teams worldwide. The CrowdStrike 2025 Global Threat Report revealed that 79% of cyberattacks observed in 2024 were malware-free, as threat actors often rely instead on stolen credentials and identity-based techniques to bypass traditional defenses.
Cushman & Wakefield’s security team noticed a rise in identity-based attacks targeting its hybrid workforce. Its traditional security approaches, which relied on malware detection, were insufficient against adversaries using stolen credentials to gain access to systems.
More specifically, these legacy tools offered limited visibility into privileged account activity and anomalous identity behaviors, making it difficult to detect and respond to identity-based threats before they escalated. Identity-related security gaps had to be tracked manually, slowing down the company’s ability to remediate potential risks.
Ultimately, Cushman & Wakefield lacked the control, insights, and customization needed to effectively secure identities at scale.
“With so many employees working outside our offices, relying on a traditional security stack was never going to be sustainable,” said Hart. “We needed real-time identity protection that could seamlessly integrate into our broader security strategy.”
Strengthening Security and Simplifying Operations
To improve identity security, Cushman & Wakefield deployed Falcon Identity Protection, leveraging the same lightweight Falcon agent already in place for endpoint protection. Deploying this protection from the AI-native CrowdStrike Falcon® cybersecurity platform allowed the company to extend identity security without adding complexity.
Falcon Identity Protection enabled continuous monitoring of on-premises AD, Entra ID, and SaaS applications, eliminating the need for manual tracking and significantly accelerating response times. The solution’s domain security overview provided deep insights into vulnerable configurations, allowing the team to more efficiently identify and remediate security gaps.
Additionally, the company was able to implement custom security policies for privileged accounts, including rules to block high-risk accounts and restrict access to specific devices, ensuring tighter control over sensitive credentials.
“Identity is the new firewall,” Hart explained. “With 80% of our operations powered by SaaS, protecting our workforce’s identities is critical. Falcon Identity Protection has been a game changer — both for visibility and ease of use.”
Deploying Identity Protection from the Unified Falcon Platform
One of the primary advantages of Falcon Identity Protection is that it’s built into the Falcon platform. Unlike fragmented identity security solutions, which can create security gaps, CrowdStrike delivers a unified approach, combining identity security with endpoint, cloud, threat intelligence, and other protections from a single cloud-native platform.
By consolidating identity security on the Falcon platform, Cushman & Wakefield can detect and block unauthorized access attempts in real time. Falcon Identity Protection leverages the power of the Falcon platform, including CrowdStrike’s renowned threat intelligence and endpoint telemetry, to improve response speed and accuracy.
Further reinforcing the value of the Falcon platform, Cushman & Wakefield’s use of CrowdStrike Falcon LogScale™ reduced security investigation times by two-thirds by correlating identity and endpoint data, allowing the team to respond to threats more efficiently.
“Falcon Identity Protection has given us a faster, easier way to detect and stop identity-related security threats,” said Hart. “We no longer rely on manual processes … our team can track and identify new security gaps in real time and respond instantly.”
Proven Results: Faster Response, Lower Costs, Better Security
Since implementing Falcon Identity Protection, Cushman & Wakefield has strengthened its identity security while reducing operational complexity. Automated detection and response capabilities have streamlined identity investigations and policy enforcement, while the integration with Falcon endpoint security and threat hunting solutions has removed security silos and improved visibility across the organization.
By consolidating cybersecurity on the Falcon platform, Cushman & Wakefield has both improved efficiency and significantly reduced the risk of identity-based breaches. Its approach demonstrates how organizations can enhance identity security by leveraging Falcon Identity Protection as part of a unified cybersecurity platform.
Additional Resources
Leave a Reply