• products
  • Falcon Identity Threat Detection

Falcon Identity Threat Detection

by CrowdStrike

Gain visibility to your multi-directory or multi-cloud identity store and detect identity-based attacks

Learn more
  • This product requires a Falcon bundle

  • Falcon bundles require a minimum order of 5 endpoints

See identity attack traffic in realtime

CrowdStrike Falcon® Identity Threat Detection (ITD) offers complete visibility for all credentials on premises or in the cloud and monitors authentication traffic in both directions to identify anomalies and attacks without additional agents on the endpoint or internal assets. See identity-based alerts with event notifications or risk score escalation to inform on domain control attacks or ATP proliferation and lateral movement. Detect forms of ransomware, RDP traffic to domain controllers, NTLM, LDAP, and Kerberos abuse, and other identity-centric malware and events, offering the Who of credential identification to improve incident response.

  • Complete identity store visibility

    See all credentials – including user, privileged, programmatic and service, even emergency recovery accounts – from active directory or in Azure, in one central interface complete with dynamic risk scores.

  • Identity threat mapping

    Live Attack Visibility of recon, infiltration, privilege escalation, lateral movement, and persistence as visible from the perspective of identity authentication and authorization.

  • Threat hunter forensic investigation discovery

    Search activity and examine events via IP, entities, credentials, source, or destination share. Review events by group or timestamp and see all credentials on each endpoint or server.

Related Categories
  • IT and Security Operations
  • Identity Security