CrowdStrike Unleash New CrowdStrike Counter Adversary Operations

• 09 Aug 2023
• TM Team
• 0 Comments

CrowdStrike , a market leader in threat intelligence and pioneer in managed threat hunting today announced another cybersecurity first, with the launch of CrowdStrike Counter Adversary Operations. The new team and offerings bring together CrowdStrike Falcon^® Intelligence, the CrowdStrike Falcon^® OverWatch managed threat hunting teams and trillions of the latest telemetry events from the AI-powered CrowdStrike Falcon^® platform to detect, disrupt and stop today’s sophisticated adversaries in their tracks and ultimately raise their cost of doing business.

The launch of the new Counter Adversary Operations comes fresh on the heels of CrowdStrike being named a leader in The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023. CrowdStrike received the highest ranking of all vendors in the Current Offering category, with the highest score possible in 16 criteria, surpassing all other vendors evaluated in the report.

“From our inception, CrowdStrike’s guiding philosophy has been, ‘You don’t have a malware problem, you have an adversary problem,’ and that has never been more true than it is today. Today’s threat actors are increasingly fast and elusive, their motives are rapidly shifting from even 12 months ago, and the tradecraft we’re seeing in the wild is far too often bypassing legacy and even modern security measures,” said Adam Meyers, head of Counter Adversary Operations, CrowdStrike. “To beat modern adversaries at their game, threat intelligence needs to go past understanding the threat to rapidly actioning threat hunters to disrupt and stop the threat. The newly formed Counter Adversary Operations represents a new model that not only brings together the very best adversary insight and expertise on the planet – gleaned from deep threat intelligence, hands-on-keyboard activity and trillions of telemetry events – but one that rapidly puts this insight into that hands of teams on the front lines to protect against modern threats while making life increasingly hard on the adversary.”

In the just released CrowdStrike 2023 Threat Hunting Report, CrowdStrike revealed massive year-over-year increases in identity-based attacks, interactive intrusions (i.e. hands-on-keyboard activity) and increased use of legitimate remote monitoring and management (RMM) tools – all while breakout time dropped to a record low. Specifically, the report – the first under the new Counter Adversary Ops team – found a 583% year-over-year increase in Kerberoasting attacks, a technique adversaries can abuse to obtain valid credentials for Microsoft Active Directory service accounts. Overall, 62% of all interactive intrusions involved the abuse of valid accounts, while breakout time – the average time it takes an adversary to move laterally from initial compromise – fell to 79 minutes, and the fastest breakout

In response to the growing popularity of identity-based attacks and the increasing sophistication of adversary tradecraft CrowdStrike is seeing in the wild, CrowdStrike Counter Adversary Operations introduced its first new offering: Identity Threat Hunting. Immediately available as part of CrowdStrike Falcon OverWatch Elite, the offering brings together the latest intelligence on adversary TTPs and motives, combined with CrowdStrike Falcon Identity Threat Protection and CrowdStrike’s elite Falcon OverWatch threat hunters to thwart the latest identity-based threats.

The new offering makes it possible to quickly identify and remediate compromised credentials, track lateral movement, and outpace adversaries with always-on, 24/7 coverage. And, this service is available to new and existing CrowdStrike Falcon OverWatch Elite customers at no additional cost.

The new Identity Threat Hunting offering is the first of many accelerated innovations being introduced by Counter Adversary Operations that will quickly close the loop between what CrowdStrike researchers find in the wild and new customer-focused innovation within the Falcon platform.