This report offers insight into threat hunting. It specifically focusses on the “Human Detection Engine.”

This paper presents the results of a survey that sought to understand how IT decision makers are thinking about the term “software supply chain attacks.”

This paper discuses a particular Business Email Compromise that has appeared out of Nigeria.

In 2018, our global Services team focused resources, intelligence and technology to detect and disrupt future attacks. We’ve analyzed the massive amounts of security data collected from every engagement this year and we’ve gained new insights into what challenges organizations face and how they can better prepare for the next wave of threats. This casebook presents some of the findings and recommendations we’ve made in key engagements across a representative sample of the work we performed last year. We dig into: Emerging and notable trends Examples of ill-prepared organizations and the devastating effects of the breaches they suffered Essential recommendations to prevent companies from becoming another statistic of poor security planning and execution This casebook also underscores the expertise of our team and the important work we’re doing at CrowdStrike® Services. As you read the case studies, you will see that CrowdStrike stands shoulder-to-shoulder with our clients as we work together to stop adversaries and repair damage. But this casebook is not just for CrowdStrike clients — we want everyone to become better prepared to overcome their adversaries in 2019.

This report provides a summary of OverWatch’s findings from intrusion hunting during the first half (January through June) of 2018. It reviews intrusion trends during that time frame, provides insights into the current landscape of adversary tactics and delivers highlights of notable intrusions OverWatch identified. OverWatch specifically hunts for targeted adversaries. Therefore, this report’s findings cover state-sponsored and targeted eCrime intrusion activity, not all forms of attacks.

This report seeks to provide answers to many questions related to the failures of endpoint security that are occuring even though there has been a shift in technology and strategy.

This report provides key takeaways that can inform both executive stakeholders and security professionals how to respond to intrusions more effectively. Most importantly, it offers recommendations that organizations can implement proactively — right now — to improve their ability to prevent, detect and respond to attacks.

The issues presented in this 2018 report are Targeted Intrusions, Criminal and Hacktivist Activity, and 2018 Predictions

This year’s CrowdStrike Intelligence Global Threat Report contains a wealth of intelligence regarding adversary behavior, capabilities, and intentions. More importantly, it ties it back to the events that influenced those activities. By understanding the events that shape the beliefs and motivations of threat actors—regardless if they are criminal, nation-state, or hacktivist—it is possible to comprehend what drove the adversaries to behave as they did, and perhaps to understand what this will mean for the future.

As security measures get better at detecting and blocking both malware and cyberattacks, adversaries and cybercriminals are forced to constantly develop new techniques to evade detection. One of these advanced techniques involves “fileless" exploits, where no executable file is written to disk. These attacks are particularly effective at evading traditional antivirus (AV) solutions, which look for files saved to disk so they can scan them and determine if they are malicious. This report discusses these issues.

This whitepaper tries to outline a new standard of response to endpoint security.