Cyberattacks
CrowdStrike
Competitors
Team Lore
More Team Lore
100

an adversary encrypts a victim’s data and offers to provide a decryption key in exchange for a payment. 

ransomware

100

Alongside with George Kurtz, who co-founded CrowdStrike?

Dmitri Alperovitch

100

claims that many of the solutions are "free" are belied by the reality that customers frequently need to purchase additional licenses for P2 capabilities, additional solutions for Identity protection, cloud protection, etc... and cover additional staffing requirements for the increased workload their solutions generate.

Microsoft Defender

100

I am scuba certified. 

Cassie

100

I have 70 first cousins.

Kevin

200

attack that targets specific individuals or organizations typically through malicious emails. The goal of the attack is to steal sensitive information such as login credentials or infect the targets’ device with malware.

spear phishing

200

Industry average is 120 hours to detect a threat, 11 hours to investigate, 31 hours to remediate - what is the CrowdStrike standard?

1 min to detect, 10 mins to investigate, 60
mins to remediate

200

struggles to detect modern actors that are using identity-based attacks or credential abuse due to their lack of behavioral baselining of identity data. instead of detecting the initial intrusion, this platform takes a reactive approach that focuses on malware, files and processes to detect threats.

SentinelOne

200

I have an unnatural fear of animal mascots especially if they can talk/sing.

Nicholl

200

when I was a kid I collected snow globes and had 50 of them at one point

Savannah

300

a technique through which a cybercriminal disguises themselves as a known or trusted source. In so doing, the adversary is able to engage with the target and access their systems or devices with the ultimate goal of stealing information, extorting money or installing malware or other harmful software on the device.

spoofing

300

This CrowdStrike solution primarily focus on collecting and indexing log outputs from various applications and systems within an organization’s network. They enable security analysts to search and retrieve specific log details, facilitating tasks such as auditing compliance event reporting or conducting forensic deep dives.

Next - Gen SIEM

300

patchwork of acquired, non-integrated solutions results in a clunky "bolt-on" architecture, cluttering systems with multiple memory and CPU-intensive services and processes. 

Sophos

300

I used to eat cat food.

Jack

300

I dressed up as a Jawa for Halloween when I was a kid.

Chelsea 

400

malware that appears to be legitimate software disguised as native operating system programs or harmless files like free downloads. they are installed through social engineering techniques such as phishing or bait websites.

trojan

400

this product streamlines security data ingestion, analysis and workflows across an organization’s entire security stack, enhancing visibility around hidden and advanced security threats and unifying the response.

Extended Detection and Response (XDR)

400

relies on an assortment of third-party security tools to deliver their MDR service. This results in a “jack of all trades, master of none” situation where they must invest significant time and resources to integrations and ongoing analyst training to simply run and keep up with all these disparate systems for their customers.

Arctic Wolf

400

My parents got in a car crash on the way to the hospital when I was being born.

Joe

400

I used to work part time as a painter when I was younger.

Jack Culhane

500

attacks target individuals looking for love or friendship on dating apps/websites. attackers create fake profiles and leverage the relationship built overtime to trick the victim into giving them money, information, or access to their network to install malware.

honeypotting

500

This term is often described in the forensics world as evidence on a computer that indicates that the security of the network has been breached. Investigators usually gather this data after being informed of a suspicious incident, on a scheduled basis, or after the discovery of unusual call-outs from the network. Ideally, this information is gathered to create “smarter” tools that can detect and quarantine suspicious files in the future.

Indicators of Compromise (IOCs)

500

disjointed product portfolio is expensive and hard to use, with Gartner cautioning them for “below average ease of use” in the latest endpoint Magic Quadrant. They have 5 separate consoles across with limited data sharing between them. Each console has its own distinct workflows, leading to decreased productivity as SOC analysts juggle multiple UIs.

Palo Alto

500

My birthday is 2/29.

Rene
500

I rode a horse up an active volcano and made s'mores on the lava.

Don