CrowdStrike is securing data across endpoints, cloud, gen AI and SaaS

CrowdStrike has announced new Falcon Data Protection innovations, enabling security teams to protect sensitive data across endpoints, cloud environments, generative AI (gen AI) and software-as-a-service (SaaS) applications.

According to CrowdStrike, data is now a primary adversary target. Adversaries are shifting from disruption to data theft, targeting misconfigurations and trusted identities to exfiltrate sensitive information and fuel downstream attacks. Groups like SCATTERED SPIDER compromise single sign-on (SSO) accounts to harvest SharePoint and Outlook passwords, virtual private network (VPN) instructions and internal documents to aid lateral movement and extortion. 

Others, like FAMOUS CHOLLIMA, gain insider access to company-issued endpoints and cloud environments, using remote access tools to steal intellectual property and customer data. As gen AI adoption accelerates, misconfigured applications and unsecured usage are creating new vectors for data exposure. CrowdStrike is closing the gaps adversaries exploit to steal data by protecting sensitive information across modern hybrid environments.

“In today's threat landscape, your data isn't just an asset – it's the primary target,” said Elia Zaitsev, CTO, CrowdStrike. “Legacy data protection approaches fail because they're fragmented across environments, blind to encrypted exfiltration and incapable of stopping threats in real time. 

"Today, businesses must also contend with employees inadvertently leaking sensitive data to unapproved or misused gen AI tools, adding new layers of risk. With Falcon Data Protection, we are the next chapter of data protection: unified visibility and control across your entire data ecosystem with the real-time protection needed to stop data theft before it happens.”

Falcon Data Protection eliminates the need for separate, piecemeal endpoint, cloud and SaaS security tools by providing protection through a single platform. Its features include:

Runtime cloud data protection 

Delivers runtime protection for cloud data at rest and in motion, leveraging eBPF to detect and block unauthorised data movements in real time, without slowing systems down. Provides a single view of data flows across on-premises and multi-cloud environments.

Exfiltration prevention 

Inspects sensitive data within encrypted archives like 7zip files as they're created – identifying and automatically blocking data theft attempts before files are locked and exfiltrated.

Generative AI data security 

Uses proprietary similarity detection DNA technology to recognise sensitive content even when modified or repackaged for gen AI tool upload. Enforces policies by content type, source or sensitivity label – preventing inadvertent exposure of sensitive information while blocking data leakage across both managed and unmanaged gen AI applications.

Coverage expansion 

- Extends unified data protection to macOS environments, delivering consistent visibility and enforcement across diverse endpoint fleets. 

- Provides expert-led hunting, assessment and response for SaaS security threats that could compromise sensitive data.

- Dynamically eliminates standing privileges to sensitive data, granting just-in-time elevated access only when needed and under secure conditions.

- Combines Falcon Next-Gen SIEM and Falcon Identity Protection to rapidly detect and neutralise identity-based threats targeting sensitive data. SIEM stands for security information and event management.

- CrowdStrike Pulse Services delivers ongoing, customised security guidance to strengthen data protection across on-premises and cloud environments.

Other capabilities were introduced to secure every area of cloud risk with the CrowdStrike Falcon cybersecurity platform. CrowdStrike said the growth of AI and SaaS makes it harder to protect identities and sensitive data as stopping cloud breaches requires unified visibility and protection across cloud infrastructure, workloads, applications, identity, data, AI models and SaaS.

“Cloud security is about more than visibility – it’s about full protection and control across multi-cloud environments," said Zaitsev.

“The explosion of AI, combined with multicloud complexity, has outpaced patchwork tools that can’t keep up with today’s adversaries, or are limited to single-cloud environments. CrowdStrike is breaking that model. These innovations deliver real-time protection, not just telemetry, across every layer of risk: data, workloads, identities, SaaS and AI. It’s what only a unified, AI-native platform can do, and is the difference between watching attacks happen and actually stopping them.”

New Falcon Cloud Security innovations include:

- Proactively scanning AI models for hidden malware, Trojanised models, backdoors, and adversarial manipulations in containerised environments. Powered by CrowdStrike threat intelligence and ExPRT.AI, security teams can identify and fix the most business-critical risks before deployment, block untrusted models and eliminate blind spots before threats reach production.  

ExPRT.AI or the Expert Prediction Rating AI model capitalises on a wide variety of vulnerability and threat-based telemetry, including CrowdStrike’s own threat intelligence to provide a dynamic, responsive ExPRT Rating within Falcon Spotlight’s console.

- Providing real-time visibility and centralised control over all AI workloads in the cloud. With agentless monitoring, security teams can detect shadow AI, enforce policies and track sensitive training data to reduce exposure and maintain compliant AI adoption.

CrowdStrike further unveiled Charlotte AI Agentic Response and Charlotte AI Agentic Workflows. Combined with the previously announced Charlotte AI Agentic Detection Triage, Charlotte AI transcends “ask-and-respond” copilots, delivering autonomous reasoning and action on first- and third-party data, CrowdStrike said.

Falcon Complete Next-Gen MDR with Charlotte AI utilises the triage decisions of CrowdStrike’s elite analysts to accelerate investigations. CrowdStrike’s Charlotte AI agentic model, Next-Gen MDR and CDR*, as well as the underlying Falcon platform, together deliver what CrowdStrike says is the industry’s most advanced AI-native security operations centre (SOC). Such a SOC allows security teams to combine AI-powered real-time detection, expert-informed investigation and automated response within one native architecture.

"There’s a profound difference between adding AI features and fundamentally transforming how cybersecurity works. Charlotte AI goes beyond augmenting humans with suggestions – it actively investigates, reasons and responds autonomously within expert-defined guardrails,” said George Kurtz, founder and CEO of CrowdStrike.

“Our agentic AI innovation represents a fundamental shift from reactive to proactive security – furthering CrowdStrike’s mission of stopping breaches.”

Charlotte AI Agentic Response increases analyst productivity by automatically asking and answering the investigative questions a seasoned security analyst would pose, accelerating root cause analysis, mapping lateral movement and guiding next steps. This translates to hours of time saved weekly across repetitive alert investigations.

Charlotte AI Agentic Workflows, delivered through Falcon Fusion SOAR, are drag-and-drop, LLM*-powered workflows that enable analysts to insert and activate AI reasoning directly within automated playbooks. For example, a workflow can automatically determine whether a device should be contained based on company policies, then generate appropriate communications for different audiences – executive summaries, technical updates or customer advisories – with automatic translation for global teams.

Falcon Complete Next-Gen MDR analysts can now leverage Charlotte AI to triage alerts and accelerate analysis.

Charlotte AI Agentic Detection Triage for Identity is now extended to Falcon Identity Protection, allowing analysts to prioritise and act on high-risk identity threats alongside endpoint and cloud alerts.

Also new is Falcon Adversary OverWatch Next-Gen SIEM, which brings managed threat hunting to third-party data, extending the visibility of CrowdStrike’s elite threat hunters into unmanaged attack surfaces that adversaries have long exploited. By leveraging third-party data ingested by Falcon Next-Gen SIEM, CrowdStrike delivers 24x7 expert detection beyond endpoints, identity and cloud environments to stop breaches across every attack surface.

“Today’s adversaries move incredibly fast and thrive on the complexity of modern environments. They exploit the sprawl of IT and security tools to give them an edge, while defenders are left to stitch together disjointed data to try and find signals in the noise,” said Adam Meyers, Head of counter adversary operations at CrowdStrike.

“With OverWatch now hunting across third-party data, we’re eliminating the blind spots that adversaries rely on, delivering unified visibility, expert-led detection and the early insight needed to stop breaches.”

New features include:

Expert-led threat hunting across all attack surfaces: Integrates real-time, 24x7 threat hunting from Falcon Adversary OverWatch with first-party endpoint, identity, cloud and third-party data from Falcon Next-Gen SIEM. 

User and entity behaviour analytics (UEBA) and case management for Falcon Next-Gen SIEM: Analyses user behaviour with advanced machine learning to uncover insider threats and stealthy adversaries once they're on the network. With AI-driven risk scoring, entity resolution and automated workflows, security teams can reduce false positives, connect related activities across data sources and investigate in a centralised platform to respond faster.

Hashtag: #RSA2025

*CDR stands for cloud detection and response, and MDR for managed detection and response. LLM refers to large language model, and SOAR refers to security orchestration, automation and response.

Comments

Post a Comment

Popular posts from this blog

Fortinet enhances FortiRecon to align with CTEM framework

Fortinet, the global cybersecurity provider driving the convergence of networking and security, has turned the FortiRecon platform into a comprehensive solution aligned with the continuous threat exposure management (CTEM) framework. The latest release introduces expanded internal attack surface monitoring, adversary-centric dark web intelligence, and security orchestration, all in a unified platform. These enhancements help organisations proactively identify and prioritise real-world exposures, validate risks like an attacker would, and accelerate response. “CISOs and security teams are overwhelmed by growing attack surfaces and an endless stream of unprioritised alerts,” said Nirav Shah, Senior VP of Products and Solutions at Fortinet. “With the latest enhancements to FortiRecon , we’re giving organisations an attacker’s eye view of their internal and external exposures, backed by AI-powered threat intelligence from FortiGuard Labs, real-world validation, and automated response...
Read more

SentinelOne recognised as a 2025 Gartner Peer Insights Customers’ Choice for XDR

SentinelOne, a global provider of AI-powered security, has been named a Customers’ Choice in the 2025 Gartner Peer Insights ‘Voice of the Customer’ for Extended Detection and Response (XDR) report* – one of only two companies with this distinction. A hundred and forty-four users reviewed SentinelOne's Singularity Platform, and 97% said they would recommend the solution to respond to threats across endpoints with AI-powered security, while 97% rated the solution four stars or better.** “With the growing complexity of cyberthreats, organisations need more than siloed security—they need AI-powered, autonomous protection that delivers real-time detection and response across their entire attack surface. Customers have made it clear that SentinelOne’s XDR provides the intelligence, automation, and efficiency they need to stay ahead of threats and secure their environments with confidence,” said Ely Kahn, VP, Product Management, SentinelOne. Gartner defines extended detection and ...
Read more

AWS: AI adoption grows 20% in Singapore

Image
Amazon Web Services (AWS), an Amazon.com company, has found* that AI adoption continues to accelerate in Singapore. In the past year alone, 27,000 1 Singapore businesses adopted AI for the first time—equivalent to over three new adopters every hour. In sum, nearly 170,000 (48%) of businesses in Singapore have adopted AI 2 , up from approximately 143,000 (40%) a year ago. This represents a 20% year-over-year growth rate, AWS said. AI adoption is the strongest in the financial services industry (71%), followed by the technology sector ( software developers, data analytics firms, cloud service providers, and digital startups) at 70%, and healthcare at 63%. Among Singapore’s businesses that have adopted AI, 82% reported an increase in revenue, at an average increase of 19%, while 90% report significant productivity improvements. A large majority (85%) of those who have adopted AI say the technology is likely to increase their growth in the next year, and 89% expect an average of 17%...
Read more