- CrowdStrike researchers work tirelessly to stay a step ahead of even the most sophisticated adversaries, with an elevated profile that includes becoming a Research Partner in the MITRE Engenuity Center for Threat-Informed Defense research program
- By making research results publicly available, CrowdStrike assists the cybersecurity industry and helps to drive adoption of better industry testing and evaluation tools
- CrowdStrike continues to prove its industry leadership in stopping breaches, with a series of notable awards from independent cybersecurity testing organizations and recognition as the number one choice in multiple security categories by leading customer review sites
CrowdStrike has repeatedly proven through independent, third-party testing why the CrowdStrike Falcon® platform is the trusted security choice of so many companies and organizations. The Falcon platform provides customers with 360-degree visibility across their entire attack surface, with advanced use of machine learning to automate threat detection and prevention, augment SecOps teams and stop breaches before they occur.
At CrowdStrike, we’re committed to delivering the innovation that drives the industry forward. This is why we continually make our research results publicly available — to assist the cybersecurity industry and drive the adoption of better industry testing and evaluation tools.
CrowdStrike Research Helps to Advance Public Cybersecurity Defense
CrowdStrike researchers work hard to stay ahead of adversaries, publishing many examples of their work. Sharing this information publicly advances research in the public interest when defending against newly discovered cyberattack tactics. CrowdStrike research also helps to ensure third-party testing organizations evaluate the effectiveness of cybersecurity products based on real-world malware and adversary kill chains.
Notable recent CrowdStrike research blog posts include new anti-analysis techniques and the first-ever complete mapping of DJB2 hash values for all APIs used by GuLoader malware, the development of open source MITRE ATT&CK threat-hunting tool Sandbox Scryer, the release of next gen AI-powered indicators of attack for Falcon, discovery of a new macOS browser hijacking campaign, new DriveSlayer wiper malware found to be targeting Ukrainian systems and the report of a re-emergent TellYouThePass ransomware compiled using Golang.
In addition, CrowdStrike has deepened its commitment to advancing the security landscape by becoming a Research Partner in the MITRE Engenuity Center for Threat-Informed Defense research program. By increasing collaboration and funding research with the Center, CrowdStrike’s adversary-focused expertise and understanding of both securing cloud infrastructures and stopping cloud breaches can help organizations advance their defenses against cyberattacks.
Investing in research also ensures that the Falcon platform provides maximum protection for our customers’ networks. This is reflected in the exemplary scores our products consistently earn in third-party tests. Here are four examples of CrowdStrike’s commitment to research and transparency through third-party testing earning industry recognition over the past year.
1. CrowdStrike Falcon Wins AV-TEST 2022 macOS Business Product of the Year
It’s a myth that Mac computers running Apple’s macOS aren’t targeted by cybercriminals. As more organizations adopt Macs, malware has followed, including ransomware. CrowdStrike researchers have been carefully tracking security threats that target macOS, and that attention to the platform’s security challenges has been recognized through impressive third-party testing scores.
In Fall 2022, the Falcon platform earned a perfect score in macOS testing by AV-TEST, the well-known, independent IT security research organization. This evaluation included effectiveness against Mac malware, performance impact on the host system and the avoidance of disruption due to false positives and false warning messages. The Falcon platform once again detected and prevented 100% of macOS malware, with zero false positives.
This marked the third straight AV-TEST event where CrowdStrike Falcon Pro for Mac earned the maximum possible score. CrowdStrike was the only security vendor to achieve this milestone in 2022. The consistently outstanding performance of Falcon Pro for Mac was recognized by AV-TEST when it was recently named winner of the award “Best macOS Security Product for Business for 2022.”
It’s also worth noting that the Falcon platform participated in and achieved certification for all AV-Comparatives enterprise Windows tests in 2022, including “Certified Advanced Threat Protection” and “Approved Business Product.”
2. CrowdStrike Achieves 99% Detection Coverage in First-Ever MITRE ATT&CK Evaluations for Security Service Providers
Last November, MITRE Engenuity held its first ever closed-book MITRE ATT&CK Evaluations for Security Service Providers. CrowdStrike’s Falcon platform and Falcon OverWatch team went head-to-head against 15 other security vendors. The results reflect CrowdStrike’s ability to stop breaches: Falcon achieved 99% detection coverage, detecting 75 of the 76 adversary techniques.
The goal of the team conducting the exercise was to gain access to a national organization, starting with a spear-phishing attack using malware associated with HELIX KITTEN (an Iran-based adversary), progressing to lateral movement to identify and collect critical information, ending with a final goal of data exfiltration. Emulating the attack behavior of a sophisticated nation-state adversary, the MITRE ATT&CK Evaluations represented the most realistic possible simulation of a real-world scenario.
The evaluation of security vendors reflected how their solutions would perform in a customer environment during a real-life attack.
Taking place over the course of five days, the exercise involved 76 adversary events. Participants were given no knowledge of the adversary’s identity prior to or during the 10 attack steps and they were not informed which tactics and techniques were used by the attacker until after the exercise had been completed.
3. CrowdStrike Falcon Wins SE Labs’ AAA Enterprise Advanced Security Award, with 100% Ransomware Detection and Zero False Positives
CrowdStrike participated in SE Labs’ first-ever EDR ransomware evaluation, an extremely challenging and realistic multi-day event that measured the ability of security vendors to stop sophisticated real-world ransomware attacks. Overall, the Falcon platform scored a 100% ransomware and detection rating with zero false positives, earning the AAA Enterprise Advanced Security (Ransomware) Award.
Testing involved facing a barrage of direct attacks with 270 different ransomware variants. This evaluated performance against both known and previously unknown ransomware. In addition, two SE Labs teams employed deep attack tactics, using 10 sophisticated attacks designed to mimic the tactics observed in use by cybercriminals. Testers were equipped with the same tools used by adversaries in the wild, while the networks being attacked were configured in a manner consistent with real-world examples employed by companies, financial institutions, government agencies and infrastructure services.
The Falcon platform performed impressively. Falcon scored a perfect 100% protection accuracy rating by detecting and blocking every ransomware attack, including the previously unknown versions. Falcon detected all 10 deep attack attempts. It earned a 100% accuracy rating in the identification of legitimate websites and applications — an important metric that shows Falcon delivers the ransomware protection organizations need, without disrupting their business through false positives.
4. Leading Customer Review Sites Named CrowdStrike as #1 in Multiple Cybersecurity Categories
Independent reviews through third-party testing organizations are valuable, but recognition from customers may be even more important.
CrowdStrike recently received a series of awards for the Falcon Platform from three leading customer review sites. G2, PeerSpot and TrustRadius recognized CrowdStrike as having the top offering in multiple cybersecurity market categories. This included being named the number one endpoint protection platform (EPP), endpoint detection and response (EDR) and extended detection and response (XDR) solution.
For the full story — including details on how ratings were determined, how competitors fared and customer testimonials — be sure to read this blog post.
CrowdStrike Proves that Even the Most Sophisticated Adversaries Are No Match for Falcon
As the CrowdStrike 2023 Global Threat Report documents, adversaries have become more sophisticated, relentless and destructive in their attacks. At CrowdStrike, our mission is to stop breaches so that our customers and their organizations can thrive and move forward. Our focus is on delivering the advanced protection needed to keep you ahead of the adversary. We’ll continue to push forward on critical research initiatives that benefit the cybersecurity industry as a whole. And we’re steadfast in our commitment to demonstrating the power of the Falcon platform in stopping breaches by engaging in third-party testing.
The Falcon platform repeatedly wins accolades for its use of advanced AI and ML, proven effectiveness in protection from cyberattacks, industry-leading ability to stop breaches and slashing the time Sec Ops teams need to respond to an alert. Keep reading this blog for all of the latest developments, including new malware threat discoveries, artificial intelligence and machine learning advances for Falcon, plus third-party evaluation results.
Additional Resources
- When CrowdStrike is #1, our customers win. Find out why.
- Learn more about CrowdStrike’s recognition as a security leader by industry analysts, independent testing organizations, security professionals and customers by visiting our Industry Recognition and Technology Validation webpage.
- Learn more about how CrowdStrike solutions protect your business from crippling data leaks and ransoms and proactively defend against ransomware threats.
- Learn more about the CrowdStrike Falcon platform by visiting the product webpage.
- The industry-leading CrowdStrike Falcon platform sets the new standard in cybersecurity. Watch this demo to see the Falcon platform in action.
- See for yourself how the industry-leading CrowdStrike Falcon platform protects against modern threats like ransomware. Start a 15-day free trial today.