With the growing threat of cyber attacks, DHS’s Cybersecurity and Infrastructure Agency (CISA) and the White House have recently released guidelines for agencies to adopt a Zero Trust approach to cybersecurity. Isolation is paramount to Zero Trust Architecture. Isolation creates a virtual "air gap" between the network end user and the online world. Instead of opening a website directly, the end user sees a sanitized version of it with al...

Organizations face a myriad of risks brought about by the digital transformation of their business. These risks include digital fraud, data theft exposure, social media impersonations and phishing attempts within social media and the hidden areas of the open, deep and dark web.Join CrowdStrike's upcoming Tech Talk as they go over CrowdStrike Falcon X Recon™, created to expose the criminal underground and enable organizations to better pr...

Today’s most advanced nation-state adversaries, to include groups originating from within Russia, China, Iran, and North Korea, are engaged in cyber operations that blur the lines between nation-state objectives and organized crime. Whereas many nations have difficulty controlling cyber-crime originating from within their borders, the above-aforementioned nations are complicit with several major organized crime groups. Accordingly, the p...

Join CrowdStrike for a deep dive into the nation-state threat landscape of Iran. Jason Rivera, Global Director - Strategic Threat Advisory Group at CrowdStrike, will give a brief on the broader geopolitical context for the latest Iranian cyber activities, an overview of the primary threat actors responsible for Iranian offensive cyber operations, and these actors’ TTPs (tactics, techniques, and procedures). He will also share mitigation...

Join CrowdStrike for a Join CrowdStrike for a deep dive into the nation-state threat landscape of China. Joshua Shapiro, CrowdStrike’s public sector threat intel SME, will give a brief on the broader geopolitical context for the latest Chinese cyber activities, an overview of the primary threat actors responsible for Chinese offensive cyber operations, and these actors’ TTPs (tactics, techniques, and procedures). He will also share...

Financially motivated transnational criminal groups, primarily operating out of eastern Europe, Russia, and Iran have found ransomware to be a powerful tool for profit generation. The targeting of U.S. state and municipal governments, healthcare institutions, critical infrastructure providers, and our nation’s universities coupled with the rise of big game hunting, ransomware as a service, and increased collaboration between adversarial...

Across the globe, elections are under threat of manipulation and interference. Adversaries increasingly attempt to use offensive cyber operations to directly affect political outcomes. From intelligence collection and “hack and leak” campaigns to election infrastructure targeting, nation-state adversaries around the globe see election interference as a means to advance their national security and political interests. Although diffe...

This brief will provide broader geopolitical context for the latest DPRK cyber activities, an overview of the primary threat actors responsible for DPRK offensive cyber operations, and these actors’ TTPs (tactics, techniques, and procedures). We will also share mitigation strategies that can be leveraged for cybersecurity and defensive operations.

Today, agencies are striving to improve their application security programs, while at the same time, not slowing down the development, delivery, and deployment of their software applications. Can a balance be achieved between security and an organization’s (or agency’s) daily business requirements? We know it’s possible. Application Security (AppSec) Awareness Programs that are specifically focused on the development communit...

The recent shift towards DevOps makes it clear that Federal agencies are moving forward with adopting this operational model to facilitate the practice of automating development, delivery, and deployment of mission-critical software. While the traditional idea of a software release dissolves into a continuous cycle of service and delivery improvements, agencies find that their conventional approaches to software security are having a difficult...