Cyberattacks
an adversary encrypts a victim’s data and offers to provide a decryption key in exchange for a payment.
ransomware
Alongside with George Kurtz, who co-founded CrowdStrike?
Dmitri Alperovitch
claims that many of the solutions are "free" are belied by the reality that customers frequently need to purchase additional licenses for P2 capabilities, additional solutions for Identity protection, cloud protection, etc... and cover additional staffing requirements for the increased workload their solutions generate.
Microsoft Defender
I am scuba certified.
Cassie
I have 70 first cousins.
Kevin
attack that targets specific individuals or organizations typically through malicious emails. The goal of the attack is to steal sensitive information such as login credentials or infect the targets’ device with malware.
spear phishing
Industry average is 120 hours to detect a threat, 11 hours to investigate, 31 hours to remediate - what is the CrowdStrike standard?
1 min to detect, 10 mins to investigate, 60
mins to remediate
struggles to detect modern actors that are using identity-based attacks or credential abuse due to their lack of behavioral baselining of identity data. instead of detecting the initial intrusion, this platform takes a reactive approach that focuses on malware, files and processes to detect threats.
SentinelOne
I have an unnatural fear of animal mascots especially if they can talk/sing.
Nicholl
when I was a kid I collected snow globes and had 50 of them at one point
Savannah
a technique through which a cybercriminal disguises themselves as a known or trusted source. In so doing, the adversary is able to engage with the target and access their systems or devices with the ultimate goal of stealing information, extorting money or installing malware or other harmful software on the device.
spoofing
This CrowdStrike solution primarily focus on collecting and indexing log outputs from various applications and systems within an organization’s network. They enable security analysts to search and retrieve specific log details, facilitating tasks such as auditing compliance event reporting or conducting forensic deep dives.
Next - Gen SIEM
patchwork of acquired, non-integrated solutions results in a clunky "bolt-on" architecture, cluttering systems with multiple memory and CPU-intensive services and processes.
Sophos
I used to eat cat food.
Jack
I dressed up as a Jawa for Halloween when I was a kid.
Chelsea
malware that appears to be legitimate software disguised as native operating system programs or harmless files like free downloads. they are installed through social engineering techniques such as phishing or bait websites.
trojan
this product streamlines security data ingestion, analysis and workflows across an organization’s entire security stack, enhancing visibility around hidden and advanced security threats and unifying the response.
Extended Detection and Response (XDR)
relies on an assortment of third-party security tools to deliver their MDR service. This results in a “jack of all trades, master of none” situation where they must invest significant time and resources to integrations and ongoing analyst training to simply run and keep up with all these disparate systems for their customers.
Arctic Wolf
My parents got in a car crash on the way to the hospital when I was being born.
Joe
I used to work part time as a painter when I was younger.
Jack Culhane
attacks target individuals looking for love or friendship on dating apps/websites. attackers create fake profiles and leverage the relationship built overtime to trick the victim into giving them money, information, or access to their network to install malware.
honeypotting
This term is often described in the forensics world as evidence on a computer that indicates that the security of the network has been breached. Investigators usually gather this data after being informed of a suspicious incident, on a scheduled basis, or after the discovery of unusual call-outs from the network. Ideally, this information is gathered to create “smarter” tools that can detect and quarantine suspicious files in the future.
Indicators of Compromise (IOCs)
disjointed product portfolio is expensive and hard to use, with Gartner cautioning them for “below average ease of use” in the latest endpoint Magic Quadrant. They have 5 separate consoles across with limited data sharing between them. Each console has its own distinct workflows, leading to decreased productivity as SOC analysts juggle multiple UIs.
Palo Alto
My birthday is 2/29.
I rode a horse up an active volcano and made s'mores on the lava.
Don