CrowdStrike Inc.announced enhancements to the CrowdStrike Falcon platform’s visibility, detection and response capabilities across Windows, macOS and Linux operating systems and new customization capabilities enable customers to tailor information views and create dashboards based on unique business needs.
Today’s threat actors are expanding their reach beyond Windows operating system targets. The 2019 CrowdStrike Services Cyber Front Lines Report observed threat actors increasingly targeting macOS environments and using relatively unsophisticated methods to gain access. The increasing popularity of macOS systems in organizations, combined with insufficient macOS endpoint management and monitoring, has made macOS devices lucrative targets for adversaries. Additionally, hosts with Linux operating systems are also in threat actors’ crosshairs, as the operating system is commonly used to protect high-value assets and servers and is critical to cloud expansion.
“To defend against the expansion of threat activity, businesses need robust threat-centric security capabilities to effectively protect their endpoints.These capabilities are best served within a single platform that provides comprehensive detection, visibility and response capabilities across operating systems,” said Amol Kulkarni, chief product officer at CrowdStrike. “The newly expanded capabilities of the cloud-native Falcon Platform bolster endpoint protection, regardless of the operating system of choice. The Falcon Platform also now enables customers to fine tune their security data and dashboards to create custom workload protection specific to their business needs. ”
The Falcon platform updates provide the following capabilities:
- Detection: CrowdStrike has enhanced its lateral movement detection to encompass cross-operating system attacks, such as when an adversary uses RDP to move from Linux to Windows. CrowdStrike has also expanded detections for Linux based on the MITRE ATT&CK framework. On macOS, Falcon will enhance local protection when these devices are offline with sensor-based machine learning that complements existing cloud-based ML. For Windows, Falcon now detects and prevents attacks that leverage known vulnerable drivers and provides kernel exploit protection.
- Visibility: CrowdStrike is extending Linux visibility by capturing more network events to enhance investigation. CrowdStrike is also extending vulnerability management coverage for Linux with the Spotlight module that offers real-time assessment of vulnerability exposure with zero impact on hosts. Firmware analysis for macOS informs customers if the BIOS is vulnerable or potentially compromised.
- Response: Operating system support for CrowdStrike Real Time Response is expanding to include both macOS and LInux. CrowdStrike Real Time Response gives administrators direct access to investigate and remediate remote hosts, quickly gathering information and returning their environment to a known secure state. Real Time Response gives responders the surgical remediation and investigation capabilities
