Securing Remote Work: Blumira & Crowdstrike Integration

One-third of companies have moved 81-100% of their employees to a work from home (WFH) model (MalwareBytes). Meanwhile, there’s been an 85% increase in unauthorized login attempts in 2020, as seen by Blumira’s honeypots.

Security teams need visibility into attacks as users continue to rely heavily on remote access technology for work. Adding to their challenges, employees are also using unmanaged, personal devices to connect to work resources remotely, putting organizations at potential risk of malware, out-of-date software and vulnerabilities.

Blumira Integration With CrowdStrike Falcon

CrowdStrike Falcon Endpoint Protection is a cloud-based endpoint security platform, providing advanced detection and prevention for Windows, macOS and Linux (MITRE).

It includes a suite of security tools, including next-generation antivirus, threat intelligence, device control, firewall control, endpoint detection & response, threat hunting, IT hygiene and incident response services. Crowdstrike’s branded names for these products are Falcon Prevent, Falcon Insight, Falcon Device Control, Falcon OverWatch, Falcon Discover, Falcon Spotlight and Falcon X.

Once configured, you can stream endpoint security event logs from CrowdStrike Falcon Endpoint Protection to Blumira’s platform for threat detection and actionable response.

Learn more about Blumira’s CrowdStrike Falcon integration.

One example finding in Blumira’s platform, seen above, is the detection of malicious code. In this case, Blumira has detected a malware application running in the environment. It provides information about where the finding was found, and what type of finding/the priority level.

This particular finding is categorized as a Threat, meaning it poses an immediate and real threat to the security of data or resources, and it has been detected with a very high level of confidence. Blumira provides additional steps to mitigate or remediate a threat through workflow questions, also known as a security playbook.

The threat has also been categorized as Priority 3, meaning Blumira recommends that organizations respond within the next few business days unless notified otherwise. Threats designated as Priority 3 are considered lower priority alerts with the potential for malicious activities, but no further action has been performed or other exploits have been identified.

Blumira can alert your team to any detection of malicious files found via endpoint logs. While CrowdStrike can take care of quarantining and deleting the files from the host, we recommend that customers go a step further to verify that the file was successfully removed.