Falcon Identity Threat Detection

By CrowdStrike

Gain visibility to your multi-directory or multi-cloud identity store and detect identity-based attacks.

See Live Identity Attack Traffic

Falcon Identity Threat Detection (ITD) offers complete visibility for all credentials on premises or in the cloud and monitors authentication traffic in both directions to identify anomalies and attacks without additional agents on the endpoint or internal assets. See identity-based alerts with event notifications or risk score escalation to inform on domain control attacks or ATP proliferation and lateral movement. Detect forms of ransomware, RDP traffic to domain controllers, NTLM, LDAP, and Kerberos abuse, and other identity-centric malware and events, offering the Who of credential identification to improve incident response.
    Complete Identity Store Visibility
    See all credentials; user, privileged, programmatic and service, even emergency recovery accounts; from active directory or in Azure, in one central interface complete with dynamic risk scores.
    Identity Threat Mapping
    Live Attack Visibility of recon, infiltration, privilege escalation, lateral movement, and persistence as visible from the perspective of identity authentication and authorization.
    Threat Hunter Forensic Investigation Discovery
    Search activity and examine events via IP, entities, credentials, source, destination share. Review events by group or timestamp and see all credentials on each endpoint or server.