Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

11/5/2019
09:30 AM
Dark Reading Staff
Dark Reading Staff
Products and Releases
50%
50%

CounterFlow AI and CrowdStrike Partner to Help Companies Accelerate Threat Detection and Response

CHARLOTTESVILLE, VA- November 4, 2019 – CounterFlow AI, the first security provider to deliver AIOps for network forensics, today announced a new partnership with CrowdStrike®, a leader in cloud-delivered endpoint protection, to accelerate threat detection and response  for enterprise security teams. Through this partnership, CounterFlow AI is enhancing its purpose-built machine learning engine (MLE) with CrowdStrike’s Falcon X, enabling security teams to better prevent future attacks.

Organizations want greater data fidelity from threat insights gained from their networks’ endpoints without creating an unwieldy security stack or larger data storage footprint. CounterFlow AI’s integration with CrowdStrike gives security teams an automated way to assess streaming network data with real-time contextualized threat intelligence and the assurance they record only the data with high investigative value. It alerts customers with detailed Indicators of Compromise (IoCs), such as domain and IP information, to help security teams more quickly detect existing threats and perform incident investigations more effectively.

CounterFlow AI’s ThreatEye® AIOps platform for network forensics enables intelligent packet capture and network intelligence. Designed for hybrid cloud deployments, ThreatEye brings together full packet capture, machine learning, and visualization to provide timely and actionable insights. Unlike many network traffic analysis (NTA) solutions built on proprietary, black-box architecture, ThreatEye is an open, scalable, platform designed for SOC analysts who want the flexibility to create a customized packet capture and more intelligent foundation for incident response and threat hunting, easy integration with existing workflows and the explainability to keep the “human-in-the-loop”. CounterFlow AI’s open platform integrates seamlessly with the cloud-native intelligent, single-agent platform that is CrowdStrike Falcon®. CrowdStrike’s unique approach enables frictionless deployment at scale to stream high-fidelity data to the cloud, equipping customers with prioritized threat analysis and response.

 “We are ushering in the next era of network forensics that helps organizations increase the signal-to-noise ratio of their network data. That requires best-in-class threat intelligence, and there is no better firm who possesses the quality and scale of capabilities than CrowdStrike,” said Randy Caldejon, co-founder and chief executive officer, CounterFlow AI. “Together, we’re helping security teams start investigations sooner and from a more confident jumping off point.”

CrowdStrike is a leading endpoint security company that helps organizations around the world stop major breaches. The CrowdStrike Falcon platform integrates 10 cloud modules that span multiple capabilities, including next-generation endpoint protection, security operations, IT hygiene, and threat intelligence to deliver comprehensive breach protection against today’s sophisticated attacks. CrowdStrike’s Threat Graph® technology processes, correlates, and analyzes over two trillion endpoint-related events per week and continuously looks for malicious activity with graph analytics powered by cloud-scale AI. This creates a powerful network of crowdsourced intelligence that provides actionable insights to customers. The platform enables intelligent, dynamic automation at scale to detect threats and stop breaches.  

Recently, CrowdStrike was positioned by Gartner, Inc. in the Leaders Quadrant of the Magic Quadrant for Endpoint Protection Platforms. The report, which evaluates vendors based on completeness of vision and ability to execute, positioned CrowdStrike furthest for completeness of vision in the entire Magic Quadrant.[i]

“We’re thrilled to partner with a firm like CounterFlow AI, who is introducing a more intuitive way to approach packet capture and eliminate the time-consuming activities that have historically been associated with it,” said Amol Kulkarni, chief product officer, CrowdStrike. “By integrating the benefits of CrowdStrike Falcon with CounterFlow AI ThreatEye, we are offering customers contextualized threat intelligence to help enable security teams to move from a reactive state to a proactive one. This powerful combination delivers a more efficient way to help organizations conduct investigations, including the critical intelligence necessary to get ahead of known and unknown threats.”

For more information, visit https://counterflow.ai/.

Additional resources:

Follow CounterFlow AI on Twitter

Follow CounterFlow AI on LinkedIn

 

[i] Gartner Magic Quadrant for Endpoint Protection Platforms by Peter Firstbrook, Dionisio Zumerle, Prateek Bhajanka, Lawrence Pingree, Paul Webber, 20 August 2019.

Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About CounterFlow AI

CounterFlow AI is a cybersecurity software company offering an AIOps platform for network forensics. The flagship product, ThreatEye®, integrates advanced security technologies into a streaming machine learning pipeline to identify network faults, anomalies and threats at wire speed. ThreatEye® is built for hybrid cloud deployments to easily extend customer network and security operations.

For more information, visit www.counterflow.ai

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: -when I told you that our cyber-defense was from another age
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10766
PUBLISHED: 2019-11-19
Pixie versions 1.0.x before 1.0.3, and 2.0.x before 2.0.2 allow SQL Injection in the limit() function due to improper sanitization.
CVE-2019-11289
PUBLISHED: 2019-11-19
Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthorized malicious user could forge a route service request using an invalid nonce that will cause the Gorouter to crash.
CVE-2011-2922
PUBLISHED: 2019-11-19
ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the "GTK_MODULES" environment variable to possibly execute arbitrary code.
CVE-2019-18934
PUBLISHED: 2019-11-19
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.
CVE-2012-6070
PUBLISHED: 2019-11-19
Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may allow remote attackers to interfere with security checks.