CrowdStrike discusses their approach to data loss incident investigations
Tim Briggs, Director of Incident Response at CrowdStrike, shared a story about a recent incident when their security team received an alert from CrowdStrike Falcon that was related to torrent activity in their system. Torrent activity could be extremely malicious, in that an employee may be exfiltrating valuable IP, or it could simply mean an employee was misusing company assets.
With the alert in hand, the CrowdStrike security team was able to use Code42 Incydr to look at the files and download the history of the employee in question. They quickly figured out that the employee was downloading movies onto their device. With that context, the CrowdStrike team was able to ascertain that while the employee was misusing company assets, he wasn’t behaving maliciously or exfiltrating data. The security team was then able to report that to their executive team.
While the threat landscape is in a constant state of flux, two things will never change. Breaches will happen, and employees will take data when they leave. It is that simple. Together, CrowdStrike and Code42 are dedicated to making it faster and easier for our respective customers to detect and respond to insider and external threats.
Nathan Hunstad, Principal Security Research & Engineer at Code42, was able to sit down with Tim to further discuss how his usage of CrowdStrike’s Falcon in tandem with Code42’s Incydr has evolved. Hear more about how Tim’s team has continued to build a powerful tech stack and started to understand the human side of Insider Risk in the full case study readout.Download Full Case Study