CrowdStrike Enhances Falcon Platform With New Identity Protection Capabilities

CrowdStrike recently announced the latest enhancements to its CrowdStrike Falcon platform with new identity protection solutions. The new capabilities introduced by CrowdStrike aim to help organizations secure their digital identities and defend against cyber threats that target identities, such as phishing attacks and credential stuffing.

Identity security is a significant and growing concern. I spoke with Kapil Raina, VP Zero Trust Marketing for CrowdStrike, about the new capabilities. He pointed out that research in the recent Global Threat Report from CrowdStrike indicates that more than 80% of data breaches rely on identity-based techniques or compromised identities.

Raina walked me through the new features and capabilities rolled out by CrowdStrike and shared, “Adversaries are finding that identities are a great way to get into an organization.”

“Many attacks have moved to target the cloud as business data has moved to the cloud. Identity serves as a unifier between some cloud services and the endpoints that connect to them—which means it is a surface that can be leveraged by attackers and also by defenders to understand what behavior is happening in the enterprise,” said Allie Mellen, Senior Analyst with Forrester.

Falcon Identity Protection

The three key features that have been added to the solution are honeytokens, duplicate password detection, and extended protocol coverage with detections over SMB.

Honeytokens

Honeytokens enable organizations to identify suspicious behavior and fortify their Active Directory (AD) protection. They work by creating a fake account that looks and feels like a real one, but is actually a trap for cyber adversaries. The honeytoken account is designed to attract the attention of attackers who are searching for weak points in the AD, allowing security teams to monitor and track their movements.

The beauty of honeytokens is that they require no additional configuration or resource requirements. Security teams can flag legitimate accounts as honeytokens and deploy tighter security controls to block lateral movements by the adversary. This creates a safer and more effective approach to lure adversaries from critical resources, enabling organizations to identify and stop attacks before they cause damage.

Duplicate Passwords

Another new feature that has been added to the Falcon Identity Protection solution is the ability to identify and flag the use of duplicate passwords. It simplifies the detection of password reuse across an organization’s Active Directory. This is an essential capability, as password reuse is a significant security risk that can expose an organization to identity-based threats, such as credential-stuffing attacks.

With duplicate password detection, administrators can instantly identify accounts that are using the same password as other accounts. This eliminates the need for manual AD audits and makes it easier to enforce the use of unique passwords. By doing so, organizations can defend against identity-based threats and protect their sensitive data and resources.

Extended Protocol Coverage

Finally, the extended protocol coverage with detections over SMB is a significant enhancement to Falcon’s existing protocol coverage for Kerberos, NTLM, and LDAP/S. The new feature enables detection of authentications over SMB, providing additional baselines to identify suspicious behavior and fortify AD protection.

SMB is a critical protocol that is used to share files and printers across a network. However, it is also a common target for cyber attackers who want to gain unauthorized access to a network. With extended protocol coverage, security teams can now monitor and detect suspicious behavior over SMB, enabling them to stop attacks before they cause damage.

The new capabilities introduced by CrowdStrike are part of its ongoing commitment to help organizations protect their digital identities and defend against cyber threats. With Falcon Identity Protection, organizations can monitor and secure their Active Directory, identify and respond to identity-based threats, and ensure that their sensitive data and resources are protected.

Evolving Threat Landscape

These new capabilities are especially important in the current evolving threat landscape, where cyber attackers are becoming increasingly sophisticated in their tactics and techniques. Identity-based attacks, such as phishing and credential stuffing, are on the rise, and organizations need to be prepared to defend against them.

CrowdStrike’s Falcon is a comprehensive solution that provides organizations with the tools they need to protect their endpoints, their identities, and their data. By integrating Falcon Identity Protection with the broader platform, CrowdStrike is able to provide a unified approach to cybersecurity that enables organizations to detect and respond to threats in real time.

Richard Stiennon, author of Security Yearbook 2023 and Chief Research Analyst for IT-Harvest, noted, “Identity is at the crux of all security. It is also one of the hottest investment areas right now. 53 vendors took in new funding last year. And Thoma Bravo has been busy taking Sailpoint, Ping, and ForgeRock private.”

Stiennon added, “This move makes sense for Crowdstrike.”

Mellen explained, “These updates signal a continued strong focus on the protection and prevention features in identity security offerings, plus added contextualization from the correlation available between EDR and Identity security through XDR.”

Overall, CrowdStrike’s latest enhancements to Falcon Identity Protection are a welcome addition to its comprehensive suite of cybersecurity solutions. By helping organizations defend against identity-based threats and protect their digital identities, CrowdStrike is playing a critical role in securing the digital economy. As cyber attackers continue to evolve their tactics and techniques, it is essential that organizations have the tools they need to stay one step ahead, and CrowdStrike is providing those tools.