See identity attack traffic in realtime

CrowdStrike Falcon® Identity Threat Detection (ITD) offers complete visibility for all credentials on premises or in the cloud and monitors authentication traffic in both directions to identify anomalies and attacks without additional agents on the endpoint or internal assets. See identity-based alerts with event notifications or risk score escalation to inform on domain control attacks or ATP proliferation and lateral movement. Detect forms of ransomware, RDP traffic to domain controllers, NTLM, LDAP, and Kerberos abuse, and other identity-centric malware and events, offering the Who of credential identification to improve incident response.

• Complete identity store visibility

  See all credentials – including user, privileged, programmatic and service, even emergency recovery accounts – from active directory or in Azure, in one central interface complete with dynamic risk scores.

• Identity threat mapping

  Live Attack Visibility of recon, infiltration, privilege escalation, lateral movement, and persistence as visible from the perspective of identity authentication and authorization.

• Threat hunter forensic investigation discovery

  Search activity and examine events via IP, entities, credentials, source, or destination share. Review events by group or timestamp and see all credentials on each endpoint or server.