CrowdStrike Identity Protection:
CrowdStrike Identity Protection is designed to protect against breaches that use compromised identities, leveraging advanced AI in a threat centric data fabric. The solution includes real-time detection and prevention, with high ROI as security products and processes are eliminated, taking pressure off client’s security teams.
Identity Protection offers unified control of all identities, to accelerate key identity projects such as Adaptive Authentication and Conditional Access which creates improved Multifactor Authentication (MFA) coverage and user experience for all systems, including legacy systems, remote users and single sign-on (SSO). Clients also benefit from visibility into the secure Active Directory (AD) both on-premises and in the cloud. AD attack paths such as shadow administrators, shared credentials and stale accounts are identified and blocked as security is hardened. AD security hygiene is improved with continuous monitoring of authentication traffic and user behavior to catch access deviations, password compromises and credential weaknesses - offering dynamic risk scores for all users and device accounts.
All authentication activity can be monitored easily with increased visibility in all accounts and endpoints - managed and unmanaged. This can include login type (human or service accounts), location information and source and destination (including SSL-VPN and RDP) across on-premises and cloud deployments. Identity Protection can reduce the attack surface by identifying misused service accounts, stealthy admins and anomalous user behavior in the Virtual Desktop Infrastructure (VDI). This offers protection against privileged user threats, insider threats and credential compromise from lateral movement attacks.
The solution can integrate into existing security architectures, IT tools, IAM solutions, SOAR infrastructure and SOC run books with pre-integrations with Splunk Phantom and Palo Alto Network’s Cortex XSOAR. For compliance requirements, the solution can output logs into SIEM without the need for log ingestion - however taking in of logs from SIEM, VPN and other sources can provide additional context. Leverages pre-integrations with Okta and Ping to ensure the use of SSO infrastructure to stop indentity-based threats faster and an existing MFA solution such as Duo to challenge users only when required to avoid MFA fatigue. Integrations are also possible for critical IT security tools such as Axonius and CyberArk, offering high performance APIs.
CrowdStrike Identity Protection comes in two offerings:
- Falcon Identity Threat Protection: Offers accurate threat detection and real-time prevention of identity-based attacks. Leverages advanced AI, a flexible policy engine and behavioral analytics to enforce risk-based conditional access.
- Falcon Identity Threat Detection: Deep visibility for identity-based attacks and anomalies in real-time without the need for log files. Suitable for organizations requiring identity-based threat incident alerts and threat hunting with no need for analytics and automated threat-prevention.