Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

11/5/2019
09:30 AM
Dark Reading Staff
Dark Reading Staff
Products and Releases
50%
50%

CounterFlow AI and CrowdStrike Partner to Help Companies Accelerate Threat Detection and Response

CHARLOTTESVILLE, VA- November 4, 2019 – CounterFlow AI, the first security provider to deliver AIOps for network forensics, today announced a new partnership with CrowdStrike®, a leader in cloud-delivered endpoint protection, to accelerate threat detection and response  for enterprise security teams. Through this partnership, CounterFlow AI is enhancing its purpose-built machine learning engine (MLE) with CrowdStrike’s Falcon X, enabling security teams to better prevent future attacks.

Organizations want greater data fidelity from threat insights gained from their networks’ endpoints without creating an unwieldy security stack or larger data storage footprint. CounterFlow AI’s integration with CrowdStrike gives security teams an automated way to assess streaming network data with real-time contextualized threat intelligence and the assurance they record only the data with high investigative value. It alerts customers with detailed Indicators of Compromise (IoCs), such as domain and IP information, to help security teams more quickly detect existing threats and perform incident investigations more effectively.

CounterFlow AI’s ThreatEye® AIOps platform for network forensics enables intelligent packet capture and network intelligence. Designed for hybrid cloud deployments, ThreatEye brings together full packet capture, machine learning, and visualization to provide timely and actionable insights. Unlike many network traffic analysis (NTA) solutions built on proprietary, black-box architecture, ThreatEye is an open, scalable, platform designed for SOC analysts who want the flexibility to create a customized packet capture and more intelligent foundation for incident response and threat hunting, easy integration with existing workflows and the explainability to keep the “human-in-the-loop”. CounterFlow AI’s open platform integrates seamlessly with the cloud-native intelligent, single-agent platform that is CrowdStrike Falcon®. CrowdStrike’s unique approach enables frictionless deployment at scale to stream high-fidelity data to the cloud, equipping customers with prioritized threat analysis and response.

 “We are ushering in the next era of network forensics that helps organizations increase the signal-to-noise ratio of their network data. That requires best-in-class threat intelligence, and there is no better firm who possesses the quality and scale of capabilities than CrowdStrike,” said Randy Caldejon, co-founder and chief executive officer, CounterFlow AI. “Together, we’re helping security teams start investigations sooner and from a more confident jumping off point.”

CrowdStrike is a leading endpoint security company that helps organizations around the world stop major breaches. The CrowdStrike Falcon platform integrates 10 cloud modules that span multiple capabilities, including next-generation endpoint protection, security operations, IT hygiene, and threat intelligence to deliver comprehensive breach protection against today’s sophisticated attacks. CrowdStrike’s Threat Graph® technology processes, correlates, and analyzes over two trillion endpoint-related events per week and continuously looks for malicious activity with graph analytics powered by cloud-scale AI. This creates a powerful network of crowdsourced intelligence that provides actionable insights to customers. The platform enables intelligent, dynamic automation at scale to detect threats and stop breaches.  

Recently, CrowdStrike was positioned by Gartner, Inc. in the Leaders Quadrant of the Magic Quadrant for Endpoint Protection Platforms. The report, which evaluates vendors based on completeness of vision and ability to execute, positioned CrowdStrike furthest for completeness of vision in the entire Magic Quadrant.[i]

“We’re thrilled to partner with a firm like CounterFlow AI, who is introducing a more intuitive way to approach packet capture and eliminate the time-consuming activities that have historically been associated with it,” said Amol Kulkarni, chief product officer, CrowdStrike. “By integrating the benefits of CrowdStrike Falcon with CounterFlow AI ThreatEye, we are offering customers contextualized threat intelligence to help enable security teams to move from a reactive state to a proactive one. This powerful combination delivers a more efficient way to help organizations conduct investigations, including the critical intelligence necessary to get ahead of known and unknown threats.”

For more information, visit https://counterflow.ai/.

Additional resources:

Follow CounterFlow AI on Twitter

Follow CounterFlow AI on LinkedIn

 

[i] Gartner Magic Quadrant for Endpoint Protection Platforms by Peter Firstbrook, Dionisio Zumerle, Prateek Bhajanka, Lawrence Pingree, Paul Webber, 20 August 2019.

Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About CounterFlow AI

CounterFlow AI is a cybersecurity software company offering an AIOps platform for network forensics. The flagship product, ThreatEye®, integrates advanced security technologies into a streaming machine learning pipeline to identify network faults, anomalies and threats at wire speed. ThreatEye® is built for hybrid cloud deployments to easily extend customer network and security operations.

For more information, visit www.counterflow.ai

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Cybersecurity Team Holiday Guide: 2019 Gag Gift Edition
Ericka Chickowski, Contributing Writer,  12/2/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19647
PUBLISHED: 2019-12-09
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.
CVE-2019-19648
PUBLISHED: 2019-12-09
In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.
CVE-2019-19642
PUBLISHED: 2019-12-08
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareNa...
CVE-2019-19637
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19638
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.