Security Experts:

Connect with us

Hi, what are you looking for?


Endpoint Security

CrowdStrike Endpoint Security Platform Now Detects Firmware Attacks

CrowdStrike announced this week that its Falcon endpoint security platform now includes new capabilities for detecting firmware attacks and auditing security-related settings in the BIOS.

CrowdStrike announced this week that its Falcon endpoint security platform now includes new capabilities for detecting firmware attacks and auditing security-related settings in the BIOS.

CrowdStrike has pointed out that other endpoint protection solutions focus on the operating system and applications running on it, and claims its product is the first to include firmware attack detection capabilities.

CrowdStrike Falcon can detect firmware attacks

Sophisticated threat actors such as the Russia-linked cyberspy group Fancy Bear have been known to use Unified Extensible Firmware Interface (UEFI) rootkits in their attacks.

According to CrowdStrike, Falcon helps enterprises detect threats and risks by continuously monitoring the BIOS for signs of manipulation, vulnerabilities, and outdated versions. The lightweight agent deployed by Falcon also allows organizations to audit their security-related BIOS settings, including SPI flash memory protection.

CrowdStrike has partnered with Dell and the new Falcon capabilities provide enhanced firmware threat detection for Dell systems through integration with the Dell SafeBIOS off-host BIOS verification utility. The company says it’s working with other hardware manufacturers as well.

“Today’s persistent nation-state actors have already begun migrating to BIOS attacks as their next preferred environment for persistence and malicious control of systems. With security researchers and companies around the world showcasing various attacks against Intel Boot Guard, Secure Boot, Intel CSME, AMD PSP and other core platform security technologies, it’s only a matter of time until such techniques become commoditized by an even wider spectrum of attackers,” said Alex Ionescu, vice president of EDR strategy at CrowdStrike.

“As a leading cybersecurity company at the forefront of security research, CrowdStrike remains dedicated to providing our customers both firmware and hardware-level visibility into these vulnerabilities and attacks even before they have a chance to take off – and perhaps to even discover dormant threats that had so far been unseen,” Ionescu added.

Related: CrowdStrike Adds Malware Search Engine to ‘Hybrid Analysis’

Related: Russian State-Sponsored Hackers Are Fastest

Related: CrowdStrike Launches EDR Solution for Mobile Devices

Related: CrowdStrike Unveils New Endpoint Protection, Threat Analysis Solutions

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Endpoint Security

The Zero Day Dilemma

Application Security

Less than a week after patching critical security defects affecting multiple enterprise-facing products, VMware is warning that one of the flaws is being exploited...