Identity Protection

The industry’s first identity detection and response (ITDR) analyst report names CrowdStrike an Overall Leader and a “cyber industry force.” In KuppingerCole Leadership Compass, Identity Threat Detect[…]

Two recent Microsoft breaches underscore the growing problem of cloud identity attacks and why it's critical to stop them. While Microsoft Active Directory (AD) remains a prime target for attackers, c[…]

The rise of distributed cloud services and the omnipresence of APIs has caused cloud-native application architecture to become highly fragmented. Enforcing secure access is a critical step in strength[…]

It's 10:30 p.m. and you're heading to bed. Unfortunately, a threat actor has your organization in their crosshairs. While you’re brushing your teeth, they’re crafting a social engineering email to pil[…]

Today’s adversaries increasingly use compromised credentials to breach target environments, move laterally and cause damage. When attackers are logging in — not breaking in — legacy endpoint security […]

On June 20, 2023, Descope published research detailing how a combination of a flaw in Azure Active Directory and poorly integrated third-party applications — dubbed “nOAuth” — could lead to full accou[…]

One set of valid employee credentials can provide an adversary with all they need to log into a business, move laterally, escalate privileges and achieve their goals — whether that’s removing access t[…]

From the CISO perspective, identity security is one of the top security challenges, driven by the adversary’s increased use of stolen credentials to target and infiltrate organizations. The data bears[…]

Eighty percent of modern attacks are identity-driven. Why would an attacker hack into a system when they can simply use stolen credentials to masquerade as an approved user and log in to the target or[…]

Identity isn’t a security problem — it’s the security problem. This was the takeaway from my recent meeting with a local government CISO in the Washington, D.C. area. Tasked with protecting infrastruc[…]

We’re proud to announce that CrowdStrike was awarded Okta's Workforce Identity Cloud Technology Partner of the Year Award today at the start of Oktane22. The award is a testament to the durability of […]

As cyberattacks continue to grow relentlessly, enterprises have to continue improving their cyber defenses to stay one step ahead of the adversaries. One area that CISOs have recently started paying m[…]

Adversaries often exploit legacy protocols like Windows NTLM that unfortunately remain widely deployed despite known vulnerabilities. Previous CrowdStrike blog posts have covered critical vulnerabilit[…]

“We were asked to disable identity protection capabilities to let the testing proceed — and still achieved 100% prevention.” The weeks following the release of the MITRE Engenuity ATT&CK Evaluation ca[…]

With the growing risk of identity-driven breaches, as seen in recent ransomware and supply chain attacks, businesses are starting to appreciate the need for identity security. As they assess how best […]

Modern cyberattacks are multifaceted, leveraging different tools and techniques and targeting multiple entry points. As noted in the CrowdStrike 2022 Global Threat Report, 62% of modern attacks do not[…]

The growth in frequency and severity of cyberattacks has caused organizations to rethink their security strategies. Major recent security threats, such as high-profile ransomware attacks and the Log4S[…]

The modern threat landscape continues to evolve with an increase in attacks leveraging compromised credentials. An attacker with compromised credentials too frequently has free reign to move about an […]

What Happened? Microsoft recently published two critical CVEs related to Active Directory (CVE-2021-42278 and CVE-2021-42287), which when combined by a malicious actor could lead to privilege escalati[…]

Microsoft is having a bad month year. The industry has faced a crisis of trust with numerous challenges over the past year in securing Active Directory (AD), the IT foundation of most organizations. T[…]

On Patch Tuesday, January 12, 2021, Microsoft released a patch for CVE-2021-1678, an important vulnerability discovered by CrowdStrike® researchers. This vulnerability allows an attacker to relay NTLM[…]

This blog was originally published on March 2, 2018. Protecting privileged accounts and actively responding to any potential compromises has become a critical initiative for many CISOs. Stolen credent[…]

This blog was originally published on June 11, 2019. As announced in our recent security advisory, Preempt (now CrowdStrike) researchers discovered a critical vulnerability that allows attackers to re[…]

This blog was originally published on June 11, 2019. Researchers from Preempt (now CrowdStrike), have discovered how to bypass the Enhanced Protection for Authentication (EPA) mechanism to successfull[…]

This blog was originally published on June 11, 2019. On June 2019 Patch Tuesday, Microsoft released patches for CVE-2019-1040 and CVE-2019-1019, two vulnerabilities discovered by Preempt (now CrowdStr[…]

This blog was originally published on March 13, 2018. On March Patch Tuesday, Microsoft released a patch for CVE-2018-0886, a vulnerability discovered by Preempt (now CrowdStrike) researchers. The vul[…]

This blog was originally published on September 18, 2020. On August 11, 2020 Microsoft released a security update including a patch for a critical vulnerability in the NETLOGON protocol (CVE-2020-1472[…]

This blog was originally published on August 29, 2019. In the world of identity and access security, experts focus on end-user accounts as the weak vector most vulnerable to attackers. On the contrary[…]

This blog was originally published on October 8, 2019. On October 8, 2019, aka Patch Tuesday, Microsoft released patches for CVE 2019-1166 and CVE-2019-1338 — two important vulnerabilities discovered […]

This blog was originally published on July 14, 2020. On July 14, 2020 Patch Tuesday, Microsoft released a patch for CVE-2020-1267, an important vulnerability in the Active Directory (AD) identity stor[…]

This blog was originally published on May 15, 2020. Maze ransomware is a malware targeting organizations worldwide across many industries. It is believed that Maze operates via an affiliated network w[…]

This blog was originally published on June 11, 2019. As announced in our recent security advisory on CVE-2019-1040, Preempt (now CrowdStrike) researchers discovered how to bypass the MIC (Message Inte[…]

This blog was originally published on August 6, 2020. BloodHound is a public and freely available attack path discovery tool which uses graph theory to map the relationships in an Active Directory (AD[…]