product
- What you can do with CrowdStrike
- Each module provided by CrowdStrike
- NGAV(Prevent/USB/FW)
- EDR(Falcon Insight)
- Threat Hunting (OverWatch)
- IT Asset Management (Discover)
- Vulnerability Management (Spotlight)
- Threat Intelligence (Intelligence/Sandbox)
- Identity Protection (ITD/ITP)
- Cloud Security (CNAPP)
- EASM(Surface)
service
Application for evaluation machine
- FAQ
CrowdStrike
CrowdStrike
Identity Protection (ITD/ITP)
Falcon Identity Threat Protection/Detection is a solution that can detect/block attacks on authentication (ID) that are difficult to detect/block with conventional AV/EDR.
By learning the authentication traffic in the installation environment, it is possible to evaluate the abnormality of the authentication action even for the authentication action based on the legitimate credential. The idea is to raise an alert when access occurs from a source IP that should not be used for authentication attempts to AD.
It has three main functions: "assessment", "incident detection", and "conditional access".
*1 Refers to the Falcon Identity Threat Protection function.
*2 Refers to the Falcon Identity Threat Detection function.
The characteristics of conventional and recent cyberattacks that intrude into organizations are summarized below.
- [Conventional]
Credential dumps and malware execution on terminals extract authentication information and spread laterally, but since attacks are carried out on devices, AV/EDR can detect and defend against them. - [Recently]
Horizontal deployment is progressing based on legitimate credentials, but it is difficult to detect on the endpoint because it is an authentication operation, and it is difficult to detect/defend with AV/EDR.
Attack methods by attackers such as targeted attacks are becoming more sophisticated these days, and a mechanism to prevent, detect, and respond to attacks against "authentication" that progresses based on legitimate credentials is required.
By introducing Falcon Identity Threat Protection/Detection, it is possible to prevent/detect/respond to attacks on "authentication".
Appropriate detection/blocking is possible even for legitimate credential-based attacks at each stage from initial intrusion to lateral expansion.
In addition, from the perspective of prevention during normal times, we assess whether the customer's security environment, such as the vulnerable settings of the AD server, is in accordance with best practices, and utilize the "assessment" function to visualize vulnerable risk areas. investigation is possible.
Image of ITDR countermeasures when an attack occurs
Inquiry/Document request
In charge of Macnica CrowdStrike Co., Ltd.
- TEL:045-476-2010
- E-mail:crowdstrike_info@macnica.co.jp
Mon-Fri 8:45-17:30