Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

CrowdStrike Endpoint Security Platform Now Detects Firmware Attacks

CrowdStrike announced this week that its Falcon endpoint security platform now includes new capabilities for detecting firmware attacks and auditing security-related settings in the BIOS.

CrowdStrike announced this week that its Falcon endpoint security platform now includes new capabilities for detecting firmware attacks and auditing security-related settings in the BIOS.

CrowdStrike has pointed out that other endpoint protection solutions focus on the operating system and applications running on it, and claims its product is the first to include firmware attack detection capabilities.

CrowdStrike Falcon can detect firmware attacks

Sophisticated threat actors such as the Russia-linked cyberspy group Fancy Bear have been known to use Unified Extensible Firmware Interface (UEFI) rootkits in their attacks.

According to CrowdStrike, Falcon helps enterprises detect threats and risks by continuously monitoring the BIOS for signs of manipulation, vulnerabilities, and outdated versions. The lightweight agent deployed by Falcon also allows organizations to audit their security-related BIOS settings, including SPI flash memory protection.

CrowdStrike has partnered with Dell and the new Falcon capabilities provide enhanced firmware threat detection for Dell systems through integration with the Dell SafeBIOS off-host BIOS verification utility. The company says it’s working with other hardware manufacturers as well.

“Today’s persistent nation-state actors have already begun migrating to BIOS attacks as their next preferred environment for persistence and malicious control of systems. With security researchers and companies around the world showcasing various attacks against Intel Boot Guard, Secure Boot, Intel CSME, AMD PSP and other core platform security technologies, it’s only a matter of time until such techniques become commoditized by an even wider spectrum of attackers,” said Alex Ionescu, vice president of EDR strategy at CrowdStrike.

“As a leading cybersecurity company at the forefront of security research, CrowdStrike remains dedicated to providing our customers both firmware and hardware-level visibility into these vulnerabilities and attacks even before they have a chance to take off – and perhaps to even discover dormant threats that had so far been unseen,” Ionescu added.

Related: CrowdStrike Adds Malware Search Engine to ‘Hybrid Analysis’

Advertisement. Scroll to continue reading.

Related: Russian State-Sponsored Hackers Are Fastest

Related: CrowdStrike Launches EDR Solution for Mobile Devices

Related: CrowdStrike Unveils New Endpoint Protection, Threat Analysis Solutions

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.

Endpoint Security

Several major companies have published advisories in response to the Downfall vulnerability affecting Intel CPUs.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Endpoint Security

The Zero Day Dilemma

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...