CrowdStrike Releases Counter Adversary Operations Service, Threat Hunting Report

Hacker man working on computers alone in dark room, rear view.

CrowdStrike has debuted its newly formed Counter Adversary Operations service that combines its threat intelligence, managed threat hunting and its cache of telemetry data to “detect, disrupt and stop” sophisticated cyber adversaries, the company said.

The cybersecurity protector has also released its CrowdStrike 2023 Threat Hunting Report that revealed massive year-over-year increases in identity-based attacks, among other data.

CrowdStrike Counter Adversary Operations uses data and services from CrowdStrike Falcon Intelligence, the CrowdStrike Falcon OverWatch managed threat hunting teams and “trillions” of the latest telemetry events from the CrowdStrike Falcon platform to combat identity-based attacks.

Foiling Identity-Based Attacks

The service’s initial offering is Identity Threat Hunting, which is available as part of CrowdStrike Falcon OverWatch Elite. It is based on the volume of “adversary tradecraft” CrowdStrike is seeing in the wild amid the growing popularity of identity-based attacks.

Identity Threat Hunting combines intelligence on adversary tactics, techniques and procedures (TTPs) and motives. It combines with CrowdStrike Falcon Identity Threat Protection and CrowdStrike’s Falcon OverWatch threat hunters to foil identity-based threats.

CrowdStrike said the new offering makes it possible to “quickly identify and remediate compromised credentials, track lateral movement, and outpace adversaries with always-on, 24/7 coverage.” The service is available to new and existing CrowdStrike Falcon OverWatch Elite customers at no additional cost.

More Innovations to Come

The new Identity Threat Hunting offering is the first of what CrowdStrike said will be many accelerated innovations being introduced by Counter Adversary Operations.

Adam Meyers, CrowdStrike head of Counter Adversary Operations, explained the company’s perspective on modern adversaries:

“From our inception, CrowdStrike’s guiding philosophy has been, ‘You don’t have a malware problem, you have an adversary problem,’ and that has never been more true than it is today. Today’s threat actors are increasingly fast and elusive, their motives are rapidly shifting from even 12 months ago, and the tradecraft we’re seeing in the wild is far too often bypassing legacy and even modern security measures.

“The newly formed Counter Adversary Operations represents a new model that not only brings together the very best adversary insight and expertise on the planet – gleaned from deep threat intelligence, hands-on-keyboard activity and trillions of telemetry events – but one that rapidly puts this insight into that hands of teams on the front lines to protect against modern threats while making life increasingly hard on the adversary.”

Threat Hunting Report Key Findings

As for the newly-released Threat Hunting Report, here are some key findings:

  • 583% year-over-year increase in Kerberoasting attacks, a technique adversaries can abuse to obtain valid credentials for Microsoft Active Directory service accounts
  • 62% of all interactive intrusions involved the abuse of valid accounts
  • Breakout time, which is the average time it takes an adversary to move laterally from initial compromise, falling to 79 minutes, and the fastest breakout observed was seven minutes
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.