Field notes – CrowdStrike email detection – BestITDocuments

business , compliances , email , o-s , security

Field notes – CrowdStrike email detection

August 24, 2023

At a high level

If a threat is detected in email does Crowdstrike respond first?
1. Crowdstrike does not provide email filtering or email scanning capabilities, if a user opens a file locally that spawns a malicious process we will detect it.

If a threat is detected with network traffic does Crowdstrike respond first?
- The Falcon sensor detects and defends against attacks occurring on disk and in memory.
- The platform continuously watches for suspicious processes, events, and activities, wherever they reside.
- Falcon also provides advanced prevention capabilities like custom allowing and blocking, malware blocking, exploit blocking, and IOA-based prevention (Indicators of Attack).
- Data gathered by the sensor is then transmitted continuously from the sensor to CrowdStrike’s Advanced Threat Intelligence Cloud, where CrowdStrike analyzes and draws links between events across the entire Falcon sensor community.
- These behavioral patterns are detected in real time using CrowdStrike’s Threat Graph data model, allowing analysts to detect new attacks, whether the attacks use malware or not.