Crowdstrike Conceal

Closing the Browser Gap in Endpoint Security: ConcealBrowse Meets CrowdStrike

It’s a little-known fact that endpoint security solutions such as EDR and EPP lack visibility into browser activity necessary to detect phishing and credential theft. This is because browsers act as a sandbox in an attempt to reduce the risk of browser based threats escaping and reaching the OS. However this means that endpoint security tools such as EDR, lack visibility into browser activity and have to rely on network layer traffic inspection, such as DNS or HTTP to identify web threats.

In a landscape where cyber threats are increasingly sophisticated, ConcealBrowse takes a novel approach, deployed as an extension in the browser continuously assessing sites in real time to protect the user from advanced web-based attacks. Conceal’s integration with CrowdStrike enables joint customers to close their browser gap, extending endpoint detection and response into the browser. This new integration automatically ingests malicious or suspicious domains detected by ConcealBrowse as indicators of compromise (IOCs) within the CrowdStrike Falcon® platform, unifying threat visibility in a single console.

Advanced Threat Protection

Integrating ConcealBrowse with CrowdStrike Falcon EDR adds an unparalleled layer of web security, directly targeting threats at their most common entry point—the browser. By integrating ConcealBrowse with the Falcon platform, joint customers can unify web threat domains and custom IOCs in CrowdStrike’s threat-centric command console for comprehensive threat context and visibility to accelerate detection, investigation and response to web-based threats such as phishing.

Prevent Phishing Attacks

ConcealBrowse offers unique visibility into browser activity, facilitating early detection of threats. Easily create detection events and enhance threat hunting with high confidence phishing IOCs from ConcealBrowse in Falcon, empowering your team to intervene in the kill chain before damage is done.

Comprehensive Cybersecurity Solution

The seamless integration of ConcealBrowse allows the ingestion of browser event data into CrowdStrike’s platforms, enhancing the ability of Security Operations Centers (SOCs) to detect, respond to, and hunt web-based threats with enriched telemetry.

Why Customers Should Care

Adversaries use phishing as a technique to gain initial access to victim systems through credential theft or malicious code execution (see MITRE T-1566). According to a recent Deloitte study, 91% of cyberattacks initiate with phishing. These attacks are conducted via electronically delivered social engineering such as email and, more recently, messaging applications and social media. Regardless of the vector, a victim will click on a malicious link in an email or embedded in a file, which invokes a web browser to present a phishing page intended to steal credentials or execute malicious code. Phishing is also a common technique used for further attack execution and lateral movement (see MITRE T-1204 & T-1534) in the attack chain.

Streamlined Security Operations: This integration offers a streamlined, lightweight solution that enriches CrowdStrike’s security landscape without adding complexity, improving effectiveness and reducing time to value.

Vendor-Maintained Integration: Ease of maintenance through the partnership allows cybersecurity teams to concentrate more on strategic defense initiatives rather than managing the operational overhead of integration upkeep.

How It Works

ConcealBrowse intervention event domainscan be uploaded to Falcon as “Custom IOCs”for detection events or further investigation.When a host detects a Custom IOC (based onnetwork activity), the Falcon console displays adetection in activity. Administrators can setthresholds for Falcon actions, such asdetecting or not taking action, as well as aseverity based on ConcealBrowse risk score orfrequency of the intervention event. Thisenables real-time response and investigationof ConcealBrowse event indicators ofcompromise from within the Falcon platformduring the critical window when the phishingcampaign is still active.

Seamless Integration

The integration process is straightforward, ensuring yourCrowdStrike Falcon platform can quickly and efficientlyincorporate ConcealBrowse’s capabilities. Available as aplugin within the ConcealBrowse console, administrators caneasily activate the integration with a CrowdStrike API tokenand straight forward configuration options.

Try It Now

CrowdStrike customers can now try and buy ConcealBrowse in the CrowdStrike Marketplace to easily add integrated browser security.

The ConcealBrowse integration with the CrowdStrike Falcon platform is immediately available and can be enabled in the Conceal management console.