To differentiate between threat intelligence solutions, begin by looking at the sources of information used to generate the intelligence. Since vendors have access to different information, the way they collect and analyze that data has a profound impact on the intelligence they produce.
CrowdStrike uses an “all source” method of data collection to make threat intelligence assessments, which means data can come from everywhere and across multiple disciplines. A critical data source, the CrowdStrike Falcon platform, is unique to CrowdStrike Falcon® Intelligence Premium.
The CrowdStrike Falcon platform gathers information from millions of protected endpoints across 176 countries, collecting trillions of events per week. These events provide visibility into how adversaries operate worldwide in real time. CrowdStrike uses this data to assess trends and behaviors and expose adversaries’ motives and intent, capabilities and infrastructure, and tactics, techniques and procedures (TTPs). In addition, CrowdStrike employs a broad data collection strategy that harvests data from the technical processing of millions of malware samples, incident response engagements, forensics analysis, honeypots and honeynets, network telemetry, web forums, human intelligence gathering, open source and much more.
To analyze this data and create intelligence, a world-class team is required. The CrowdStrike Intelligence team is a pioneer in adversary analysis, tracking more than 130 cybercrime, espionage and hacktivist groups, studying their intent and analyzing their tradecraft. This team of threat intelligence analysts, security researchers, cultural experts and linguists uncovers unique threats and provides groundbreaking research that fuels CrowdStrike’s ability to deliver proactive security that dramatically improves security posture.