The new feature leverages millions of examples of malicious activity to more accurately identify signs of an attack. Credit: Matejmo / Getty Images Cybersecurity vendor CrowdStrike has added new AI-powered indicators of attack (IoA) functionality to its Falcon platform. Announced at the Black Hat USA 2022 Conference, the enhancement leverages AI techniques to create new IoAs at machine speed and scale to help organizations stop emerging attack techniques and enable them to optimize detection and response, the firm said.AI IoAs trained on real-world adversary behavior, rich threat intelligenceIn a press release, CrowdStrike stated that Falcon now allows organizations to find emerging attack techniques with IoAs created by AI models trained on real-world adversary behavior and rich threat intelligence. Brian Trombley vice president product management, endpoint security at CrowdStrike, tells CSO that the AI-powered IoAs leverage intelligence from the CrowdStrike Security Cloud, where the firm collects over one trillion security events per day from its customer base.“We correlate this telemetry using machine learning to create new IoAs,” Trombley adds. “Human threat experts then create a corpus of behaviors ranging from hundreds of thousands to millions of examples of clean and malicious activity, before data scientists begin the process of turning telemetry into an AI or ML model that powers the creation of new IoAs. All IoAs, including AI-powered IoAs, are delivered to the Falcon agent in the same fashion working alongside our sensor ML models. The AI-powered IoA technology is highly flexible and can be used to model on any event data captured by the CrowdStrike Falcon platform.” AI-powered IoAs tested against rich field telemetry, crafted kill chainsCrowdStrike’s models are calibrated against an ever-expanding body of expert-generated ground truth that is aggregated across the Falcon platform – spanning intelligence from CrowdStrike’s Managed Threat Hunting (Falcon OverWatch), Malware Research Center (MRC), and Managed Detection and Response (Falcon Complete), Trombley tells CSO. “To test the accuracy of the AI-powered IoAs, CrowdStrike’s threat hunters and researchers evaluate the models against this rich field telemetry and specifically crafted kill chains.” This ensures that the models are resistant to adversarial ML attacks, can detect malicious tactics, techniques and procedures (TTPs), and generate low false positive detections against real world customer data, Trombley says. “Additionally, prior to enabling live detections, in order to minimize customer exposure to false positives, the models are run silently to allow subject matter experts to meticulously evaluate detections and tune for best performance in-field.”CrowdStrike strives to minimize false positives and false negatives as they leave security teams struggling to sift through yet more noise instead of stopping breaches, Trombley says. “We used this same testing capability to test and tune our AI-powered IoAs as well. During our testing, we identified over 20 new adversary patterns, which were confirmed by Falcon OverWatch’s elite threat hunters. Over the same period, our new models collectively identified less than ten false positives and have continued to perform at this level of fidelity since moving into general availability.” Related content news CISA inks 68 tech vendors to secure-by-design pledge — but will it matter? CISA’s pledge drew some big names, but the impact on software security could be limited. Meanwhile the org has extended its comment period on the CIRCIA cyberattack reporting law. By Jon Gold May 10, 2024 4 mins Regulation Technology Industry Security Practices news Google Chrome gets a patch for actively exploited zero-day vulnerability Details of the use-after-free memory vulnerability were not publicly released, but Google says it’s aware an exploit for the bug exists. By Lucian Constantin May 10, 2024 3 mins Threat and Vulnerability Management Zero-day vulnerability Vulnerabilities news Dell data breach exposes data of 49 million customers The company says the breach compromised non-critical customer data and involved no sensitive personal or financial information. By Shweta Sharma May 10, 2024 3 mins Data Breach Hacking feature Social engineering: Definition, examples, and techniques Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems, or data. Train yourself to spot the signs. By Josh Fruhlinger May 10, 2024 15 mins Phishing Social Engineering PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe