One-third of companies have moved 81-100% of their employees to a work from home (WFH) model (MalwareBytes). Meanwhile, there’s been an 85% increase in unauthorized login attempts in 2020, as seen by Blumira’s honeypots.
Security teams need visibility into attacks as users continue to rely heavily on remote access technology for work. Adding to their challenges, employees are also using unmanaged, personal devices to connect to work resources remotely, putting organizations at potential risk of malware, out-of-date software and vulnerabilities.
Blumira Integration With CrowdStrike Falcon
CrowdStrike Falcon Endpoint Protection is a cloud-based endpoint security platform, providing advanced detection and prevention for Windows, macOS and Linux (MITRE).
It includes a suite of security tools, including next-generation antivirus, threat intelligence, device control, firewall control, endpoint detection & response, threat hunting, IT hygiene and incident response services. Crowdstrike’s branded names for these products are Falcon Prevent, Falcon Insight, Falcon Device Control, Falcon OverWatch, Falcon Discover, Falcon Spotlight and Falcon X.
Once configured, you can stream endpoint security event logs from CrowdStrike Falcon Endpoint Protection to Blumira’s platform for threat detection and actionable response.
Learn more about Blumira’s CrowdStrike Falcon integration.
One example finding in Blumira’s platform, seen above, is the detection of malicious code. In this case, Blumira has detected a malware application running in the environment. It provides information about where the finding was found, and what type of finding/the priority level.
This particular finding is categorized as a Threat, meaning it poses an immediate and real threat to the security of data or resources, and it has been detected with a very high level of confidence. Blumira provides additional steps to mitigate or remediate a threat through workflow questions, also known as a security playbook.
The threat has also been categorized as Priority 3, meaning Blumira recommends that organizations respond within the next few business days unless notified otherwise. Threats designated as Priority 3 are considered lower priority alerts with the potential for malicious activities, but no further action has been performed or other exploits have been identified.
Blumira can alert your team to any detection of malicious files found via endpoint logs. While CrowdStrike can take care of quarantining and deleting the files from the host, we recommend that customers go a step further to verify that the file was successfully removed.
Customer Story: Fechheimer
One of Blumira’s customers, Fechheimer has leveraged Blumira’s Crowdstrike endpoint monitoring integration to cut through the noise of too many alerts.
Fechheimer is a uniform manufacturing company, producing uniforms for police, military, EMS, and public safety organizations. Founded in 1842, Fechheimer is a Berkshire Hathaway company with global resources and partners in Central and South America, Europe, Africa and Asia that complement their three plants in the United States.
Challenge: Security & Visibility Gaps
Fechheimer was using a variety of services for threat detection and log management, but they lacked visibility, proper alerting and log aggregation. They needed a better solution for their limited IT/security team.
Fechheimer’s first pentest highlighted many security gaps for the company. Based on the findings from the test, Gatton was able to make quite a few changes within the company and wanted to ensure they were working. With the help of Blumira, Gatton was able to follow up, test and validate that Blumira’s platform was identifying security events as well as providing the alerting and security value that they were seeking.
Solution: Insight Into Incidents With Blumira
Subsequent pen tests have resulted in significant improvements, proving Fechheimer had greatly reduced their surface exposure with the help of Blumira. Blumira’s platform has also alerted Fechheimer to incidents that would otherwise go unnoticed, like system scanning, firewall attacks, null session attacks and more. They value the accessibility to Blumira’s security team, and the platform’s pre-built playbooks that guide them through remediation.
Upcoming Webinar With Google: Securing Remote Work
Learn more about our other integrations and support for remote work security, and sign up for our webinar with Google: How to Secure G Suite & Your Remote Workforce, where we’ll offer tips beyond just G Suite on how to implement best security practices for a remote workforce.