Reinventing Managed Detection and Response (MDR) with Identity Threat Protection

The modern threat landscape continues to evolve with an increase in attacks leveraging compromised credentials. An attacker with compromised credentials too frequently has free reign to move about an organization and carefully plan their attack before they strike. 

This week Falcon Complete™, CrowdStrike’s leading managed detection and response (MDR) service, announced a new managed service capability that once again sets the standard for MDR. Falcon Identity Threat Protection Complete is the first and only fully managed identity protection solution, combining frictionless, real-time identity threat prevention and IT policy enforcement with the unparalleled expertise of the Falcon Complete team.

Identity Is the New Perimeter

The scenario is all too common: An employee receives a well-crafted phish and inadvertently divulges their domain credentials to a cybercriminal.

Twenty-four hours later, those credentials are used by the attacker to log in to an unmanaged server via unprotected RDP. Within minutes, the attacker has surveyed the territory, leveraged their access to escalate their privileges on the exposed host, and begun to stealthily work their way laterally across the organization toward their objective. 

The race is on. Can your defenders see and stop the intruder before they encrypt critical resources or collect and exfiltrate valuable customer data?

Situations like this play out in organizations of every size and industry every day, and response time is a key element. One of the main reasons organizations team up with MDR providers is to gain the around-the-clock expertise needed to identify emerging threats and respond decisively before they can become a damaging breach. 

An important element in this everyday story is increasingly common: identity. An attacker with valid credentials can be incredibly difficult for defenders to separate from normal day-to-day authorized activity. This gives attackers valuable time under the radar to lay the groundwork for their ultimate objective. 

In addition, once defenders identify an attack in progress, ejecting the intruder can be surprisingly difficult, especially for attacks that originate from unmanaged hosts. A managed system can often be network-contained in minutes, but stopping the abuse of stolen credentials on a system outside of the security team’s control can take hours, as the request must work its way across different IT silos in most organizations. 

Managed Identity Threat Protection Stops Modern Threats

Identity threat protection technology can segment identities and autonomously enforce risk-based conditional access, reducing risk significantly. It also provides a perfect platform for responders to revoke access quickly when threats are uncovered in the environment. 

Falcon Identity Threat Protection Complete augments the core CrowdStrike Falcon® Complete managed endpoint protection offering, delivering unparalleled security for identities and the identity stores by combining CrowdStrike’s leading Falcon Identity Threat Protection solution with the expertise of the Falcon Complete team, which manages and actively monitors Falcon solutions for customers, investigating and surgically remediating incidents in minutes. Managed identity threat protection helps organizations to run an effective and mature identity security program without the burden, costs and time associated with building one internally.

With managed identity threat protection, Falcon Complete delivers enhanced control, broad visibility and faster response to modern threats. Key use cases include:

  • Shrink the attack surface by implementing tightly tuned policies that prevent use of common identity-based attack techniques. Falcon Complete works with organizations to develop and enforce policies to prevent unauthorized administrative logins to workstations, or to force multifactor authentication (MFA) when an administrator leverages RDP to access a critical resource such as a file server or domain controller.
  • Stop identity-driven attacks in real time through the use of identity-based countermeasures. Leveraging the power of Falcon Identity Threat Protection, Falcon Complete analysts are empowered to protect the identity perimeter via countermeasures such as blocking authentication with stolen credentials or validating suspicious identity activity with an MFA challenge request. With these powerful tools at their disposal, the Falcon Complete team is armed with the countermeasures needed to stop intrusions at the very earliest stages, any time of day or night, regardless of whether the initial point of intrusion is through a managed or unmanaged system.
  • Continuously improve with Falcon Identity Threat Protection’s ability to provide detailed enterprise-wide visibility into authentication patterns and trends. Falcon Complete’s experts mine these data streams to deliver monthly insights that organizations can use to understand and drive continuous improvements in their identity security programs.

Identity threat protection is a crucial control for today’s defenders, but technology alone is not a silver bullet for stopping breaches. Sophisticated attacks require a mix of technology and human expertise to mount an effective defense, ensuring that defenses are optimized and response to threats can come in minutes. Falcon Complete is once again reinventing what it means to be a leading MDR provider by delivering comprehensive, 24/7 protection for identities, endpoints and cloud workloads, continuing to stay one step ahead of today’s modern attackers.

Austin Murphy is VP and GM, Falcon Complete.

Additional Resources

Breaches Stop Here