Security Experts:

CrowdStrike Endpoint Security Platform Now Detects Firmware Attacks

CrowdStrike announced this week that its Falcon endpoint security platform now includes new capabilities for detecting firmware attacks and auditing security-related settings in the BIOS.

CrowdStrike has pointed out that other endpoint protection solutions focus on the operating system and applications running on it, and claims its product is the first to include firmware attack detection capabilities.

CrowdStrike Falcon can detect firmware attacks

Sophisticated threat actors such as the Russia-linked cyberspy group Fancy Bear have been known to use Unified Extensible Firmware Interface (UEFI) rootkits in their attacks.

According to CrowdStrike, Falcon helps enterprises detect threats and risks by continuously monitoring the BIOS for signs of manipulation, vulnerabilities, and outdated versions. The lightweight agent deployed by Falcon also allows organizations to audit their security-related BIOS settings, including SPI flash memory protection.

CrowdStrike has partnered with Dell and the new Falcon capabilities provide enhanced firmware threat detection for Dell systems through integration with the Dell SafeBIOS off-host BIOS verification utility. The company says it’s working with other hardware manufacturers as well.

“Today’s persistent nation-state actors have already begun migrating to BIOS attacks as their next preferred environment for persistence and malicious control of systems. With security researchers and companies around the world showcasing various attacks against Intel Boot Guard, Secure Boot, Intel CSME, AMD PSP and other core platform security technologies, it’s only a matter of time until such techniques become commoditized by an even wider spectrum of attackers,” said Alex Ionescu, vice president of EDR strategy at CrowdStrike.

“As a leading cybersecurity company at the forefront of security research, CrowdStrike remains dedicated to providing our customers both firmware and hardware-level visibility into these vulnerabilities and attacks even before they have a chance to take off – and perhaps to even discover dormant threats that had so far been unseen,” Ionescu added.

Related: CrowdStrike Adds Malware Search Engine to 'Hybrid Analysis'

Related: Russian State-Sponsored Hackers Are Fastest

Related: CrowdStrike Launches EDR Solution for Mobile Devices

Related: CrowdStrike Unveils New Endpoint Protection, Threat Analysis Solutions

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.