CrowdStrike Holdings Inc. today introduced artificial intelligence-powered “Indicators of Attack,” a new innovation for fileless attack prevention at large scale that delivers enhanced visibility of stealthy cloud intrusions.
The new service is available on the CrowdStrike Falcon platform and powered by the its Security Cloud. The new detection and response capabilities are said to stop emerging attack techniques and enable organizations to optimize the threat detection and response lifecycle with speed, scale and accuracy.
IoAs, invented by CrowdStrike over a decade ago, bring a new approach to stopping breaches based on adversary behavior irrespective of the malware or exploit used in an attack. The enhancement of the service with AI now delivers new IoAs “at machine speed and scale.”
The Falcon platform’s new capabilities with AI IoAs include detecting new classes of attacks faster than ever. By using continuous learning AI models trained on real-world adversary behavior, Falcon can detect and find emerging attack techniques.
Automated prevention with high-fidelity detection shutdowns attacks based on a chain of behaviors, regardless of the specific malware or tools used, with cloud-native AI models constantly delivered to the Falcon agent with newly found IoAs. Users can activate IoAs at cloud scale, trained on human-led expertise, with insights combined with CrowdStrike’s threat hunting team to minimize false positives, maximize analyst productivity and deploy threat hunting at scale.
In testing, AI-powered IoAs have already identified over 20 never-before-seen adversary patterns, which experts have validated and enforced on the Falcon platform for automated detection and prevention.
“CrowdStrike leads the way in stopping the most sophisticated attacks with our industry-leading Indicators of Attack capability, which revolutionized how security teams prevent threats based on adversary behavior, not easily changed indicators,” Amol Kulkarni, chief product and engineering officer at CrowdStrike, said in a statement. “Now, we are changing the game again with the addition of AI-powered Indicators of Attack, which enable organizations to harness the power of the CrowdStrike Security Cloud to examine adversary behavior at machine speed and scale to stop breaches in the most effective way possible.”
The AI IoAs are generally available for Falcon Prevent and Falcon Insight customers.
The announcement comes after CrowdStrike launched a new cloud threat-hunting product in July. Falcon OverWatch Cloud Threat Hunting offers a standalone service for finding hidden and advanced threats originating, operating or persisting in cloud environments.
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.