CrowdStrike to extend threat intelligence offerings with Situational Awareness
CrowdStrike has announced the new CrowdStrike Falcon X Recon module that will provide customers an increased level of situational awareness through the deep, broad collection of data from digital sources. Falcon X Recon will help uncover potential malicious activity so security teams can better protect their brand, employees and sensitive data.
CrowdStrike Falcon X Recon is designed to go beyond the dark web to include forums with restricted access on the deep web, breach data, source code repositories, paste sites, mobile greyware stores, unsecured cloud storage, public social media posts and messaging apps. In today’s evolving threat landscape, malicious actors may use one or more of these resources to more effectively target their victims and monetize their efforts. These sites are virtual watering holes, where adversaries congregate and underground digital economies thrive.
Falcon X Recon is being introduced to proactively collect and inform CrowdStrike customers about fraudulent activity, stolen data, threats to enterprises, and identified exploits and tools in the adversaries’ arsenals. Falcon X Recon will automate the collection of data from thousands of forums, marketplaces, messaging platforms and more, bringing scalability to network defenders so they can stay ahead of threats. By delivering situational awareness with relevant, real-time warnings, organizations can instantly identify data exposure and threats to the enterprise.
Adam Meyers, senior vice president of Intelligence, CrowdStrike, says, "Falcon X Recon is an important addition to our CrowdStrike Intelligence product suite. It will advance organizations along the threat intelligence maturity curve to go beyond threat feeds generated from past attacks. With the addition of Falcon X Recon, CrowdStrike will broaden its delivery of automated industry-leading threat intelligence, allowing companies to more easily find that needle in the haystack.”
Falcon X Recon provides the following features:
● Data Collection: At the heart of Falcon X Recon is a deep and broad collection of data from the cyber underground. Users will be able to quickly search and automatically monitor in real-time thousands of clandestine forums, markets, paste sites, messaging and chat rooms.
● Situational Awareness (SA) Dashboards: This unified control center is designed to provide visibility into alerts that are the most relevant to the organization. The dashboards contain high-priority alerts and trends, and enable users to drill down into additional details. Custom dashboards can also be created by users to track and monitor the threats that are the most relevant to their remediation and response activities.
● Universal Search: This feature will enable users to perform on-demand searches across all licensed modules of the Falcon platform, returning results in easy-to-read cards where users can view the original threat actor posts with additional context about the actor and the site. In addition, results will be automatically translated from many other languages using augmented translation with hacker slang dictionaries.
● Selectors: These define important information about an organization, including its executives and assets. Users will be immediately alerted when a selector matches with information found in the hidden web.
● Notifications: Users will be able to customize how team members are notified and how often they receive alerts.
Falcon X Recon will join CrowdStrike’s award-winning family of threat intelligence solutions. Built on the CrowdStrike Falcon platform, CrowdStrike Falcon X brings endpoint protection to the next level by combining malware sandboxing, malware search and threat intelligence into an integrated solution. Falcon X Premium adds threat intelligence reporting and research from CrowdStrike experts - enabling organizations to get ahead of nation-state, eCrime and hacktivist attacks.
Falcon X Recon is expected to be available in early 2021.