CrowdStrike Falcon Traces Attacks Back To Hackers
Startup that encourages playing offense on security launches cloud-based service to help businesses identify adversaries, mitigate attacks, and pursue responses
Who's launching online attacks against your network? How can you better detect those attacks and -- if an attack turns out to be successful -- identify what was stolen?
Enabling businesses to answer those questions is the premise of a cloud-based service announced Tuesday by security startup CrowdStrike. Dubbed Falcon, the big-data "active defense platform" is designed to identify intrusions in real time, attribute attacks – correlate with a known group of attackers – and help businesses block attacks or even engage in counterintelligence or deception by feeding attackers fake information.
"This is the real-time damage assessment that no one is doing today," said Dmitri Alperovitch, the co-founder and CTO of CrowdStrike, speaking by phone. "It shows you who the adversary is, what did they do [on your network], what did they take, which commands did they execute?" The service works in part by running a small (400 KB) "sensor" on Windows 7 and Mac OS X systems, bolstered by DNS, email and API sensors on servers, to track the types of attacks that are being launched. CrowdStrike then correlates attack information with intelligence that the company gathers on attack groups....