CrowdStrike has added a firmware attack detection capability to its Falcon endpoint protection platform. Falcon is the first endpoint protection platform to offer this capability, according to CrowdStrike.
Falcon users now can collect details on PC BIOS images and configuration, CrowdStrike said. They also can leverage a Dell SafeBIOS integration to detect BIOS and firmware threats on Dell systems.
BIOS Attacks: What MSSPs Need to Know
BIOS is firmware that runs while a computer boots up. It represents a popular target for cybercriminals for several reasons, including:
- Access to the BIOS provides access to all system resources. Once a cybercriminal penetrates the BIOS, he or she can access all system resources.
- Traditional endpoint security tools cannot detect BIOS attacks. Although endpoint security tools often provide kernel-level insights, they cannot monitor the BIOS and identify BIOS attacks.
- Organizations rarely patch the BIOS. Organizations sometimes ignore security patches, and as a result, may be more susceptible than ever before to BIOS attacks.
Falcon ensures organizations can leverage additional levels of visibility and detection of BIOS threats, CrowdStrike VP of Endpoint Detection and Response (EDR) Strategy Alex Ionescu stated. In doing so, Falcon helps organizations minimize the risk of BIOS attacks and associated data breaches.
A Closer Look at Falcon
Falcon is a cloud-based endpoint protection platform that leverages a lightweight agent to block cyberattacks and record endpoint activity. It also provides antivirus and managed threat hunting capabilities.
MSSPs and other technology resellers can integrate Falcon capabilities into their security offerings via the Elevate Partner Program. Furthermore, CrowdStrike provides Falcon education, training and other tools and resources to support Elevate partners.