CrowdStrike is bringing its identity threat prevention technology to its managed detection and response (MDR) service, giving enterprises a chance to blunt the growing threat of identity-based attacks that has accelerated during the COVID-19 pandemic.
The cloud-based cybersecurity vendor on Wednesday unveiled Falcon Identity Threat Protection Complete, a fully managed service organizations can use to deploy automated protection and real-time detection of threats; obtain expert incident response after detection; and accelerate the time to respond to eliminate any danger. The service also claims to improve visibility throughout an enterprise’s systems through identity monitoring.
Identity threat is CrowdStrike’s term: it’s when, for instance, someone’s identity on a network is used by an unauthorized user to gain access to information they shouldn’t. It’s the abuse of one’s user account in the system, perhaps by using stolen or brute-forced login details or tokens.
The sudden shift to remote work fueled by the pandemic has accelerated the rise in stolen credentials being used in cybercrimes and other identity threats, Thomas Etheridge, senior vice president of services at CrowdStrike, told The Register.
According to CrowdStrike’s 2022 Global Threat Report, released last month, almost 80 per cent of cyberattacks “leverage identity-based attacks to compromise legitimate credentials and to use those credentials to support their living-off-of-the-land type of tactics,” Etheridge said. The proliferation of ransomware – there was an 82 per cent year-on-year jump in ransomware-related data leaks in 2021 – and the expansion of the attack surface through a lot of remote workers, creates an environment that lends itself to stolen credentials, he said.
“Being able to evade security teams, remain persistent in an environment and to be able to remain undetected in an environment, that’s really compelling,” Etheridge said.
“On the incident response side, when we are typically responding to a ransomware outbreak, a large portion of those events typically start with stolen credentials. A threat actor gained access to stolen credentials, was able to leverage those to sneak in through a managed RDP [Remote Desktop Protocol] connection and now they’re in the environment and they’re persistent.”
Pwned hook, line and sinker
The most common way threat actors gain access to identity data is through phishing or similar attacks, when an employee inadvertently clicks on a link or attachment, he said. The attacker will use the credentials, normally within 24 hours, to log into a system, giving them access to a company’s endpoints and the ability to leverage their access to privileged credentials to access systems.
“In today’s threat landscape, it’s a lot more than just stopping malware,” Etheridge said. “It’s really about protecting against adversaries that have the ability to take advantage of credential theft, stealing usernames and passwords to be able to get onto a system with relative ease and then blend in. That’s really difficult to detect.”
CrowdStrike has offered Falcon Identity Threat Protection as a standalone, cloud-based application before. The vendor’s cloud partners include Amazon Web Services (AWS), Google Cloud, and Red Hat, aimed at hybrid workloads running on the OpenShift container platform.
Now enterprises can access it as a managed service, which will open the tool up to a larger number of organizations that rely on managed services to augment their in-house security operations or to serve as their security program.
The growing complexity and number of cybersecurity threats is putting increasing pressure on enterprises, particularly those that don’t have the financial resources or personnel to keep up, which fueling the expansion of the managed security services space. According to Verified Market Research, the global market will is expected to grow from $19.76bn in 2020 to $58.15bn in 2028, an annual average of more than 14 per cent.
Adding to this is an ongoing shortage in skilled cybersecurity talent. A study from Information Systems Security Association last year, 95 per cent of the almost 500 cybersecurity professionals surveyed said the skills shortage hadn’t improved in recent years.
“Managed services providers can provide some of that additional horsepower to help organizations who might be either growing too fast and unable to hire quickly to ramp in the right technical skills and expertise to help them get to stay in front of attacks, but also for smaller organizations where budget and other concerns around having a large security footprint to do things like threat hunting and real-time remediation of endpoints,” Etheridge said.
To protect against identity threats, a key for enterprises is shrinking the attack surface by improving visibility into their identities and accounts, including how the accounts are provisioned and who has access to them. MDR services can help organizations implement and tune policies to prevent such issues as unauthorized administrative logins to workstations and to drive the adoption of technologies like multi-factor authentication, he said.
Such services also can help reduce the time enterprises take to respond to detections of identity-based attacks and to drive countermeasures, which makes it less likely the threat actor will be able to move laterally through the environment. ®