Roland Daccache, Senior Manager of Sales Engineering at CrowdStrike MEA, highlights that Identity-based attacks are surging as adversaries exploit compromised credentials for undetected lateral movement. Traditional cybersecurity falls short, requiring an AI-driven, unified platform approach integrating identity, endpoint, and cloud security to mitigate threats effectively.
Why do you think identity-based attacks are on the rise, and why are the current cybersecurity solutions unable to address such attacks?
Identity-based attacks are surging because they are more effective for the adversary. Why lockpick a heavily locked side door when you can enter the front with a key? This is essentially how identity-based attacks work. Adversaries leverage compromised credentials to log on as legitimate users instead of breaking in. Once gaining access, they move laterally undetected to achieve their objectives.
Traditional cybersecurity solutions focus on endpoints and network security but fail to address the dynamic nature of identity threats. These tools cannot often correlate identity-based anomalies across the enterprise—user behaviour, device log-ins, and compromised credentials. To stay ahead, organizations need a modern platform approach that unifies AI-driven detection, visibility across environments, and continuous monitoring for identity threats.
How are you preparing the organisations to address the rapid rise in identity-based attacks?
We empower our customers to combat identity-based attacks with a proactive, unified platform approach. Falcon Identity Protection delivers real-time visibility into identity ecosystems, enabling organizations to detect and respond to credential misuse, privilege escalation and lateral movement before breaches occur.
By integrating AI-driven analytics, behavioural baselining and continuous monitoring, we help organizations pinpoint anomalies and prevent unauthorized access. The Falcon platform unifies identity protection with endpoint and cloud security, giving defenders unparalleled context as adversaries increasingly target multiple domains and move laterally across systems.
Why do you believe an identity-first strategy is crucial for modern cybersecurity, and how is CrowdStrike leading this shift?
Today, 75% of attacks to gain initial access are malware-free as attackers exploit identity and cloud as trusted entry points. The speed of attacks is increasing, with the average breakout time—the time it takes for an attacker to move laterally from a compromised host to other hosts after gaining initial access—now at 62 minutes, with the fastest recorded breakout occurring in just 2 minutes and 7 seconds. CrowdStrike is the only vendor to provide unified, end-to-end protection against identity-based attacks across the entire modern cloud ecosystem – from on-premises Active Directory to cloud-based identity providers to SaaS applications – delivered from one unified platform.
Falcon Identity Protection stops lateral movement in real time across hybrid environments by harnessing first party endpoint and identity risk signals to stop adversaries who have obtained valid credentials and exploited the loopholes in the IAM tools. By leveraging the Falcon platform’s industry-leading threat intelligence, Next-Gen SIEM and proactive threat hunting, CrowdStrike delivers the industry’s most comprehensive protection against identity-based attacks while optimizing SOC efficiency.
How does CrowdStrike collaborate with industry players to tackle the evolving tactics of adversaries targeting identity systems?
CrowdStrike’s collaboration with industry-leading solutions ensures organizations can protect their identity systems while optimizing their existing security stack to combat today’s adversaries. For example, our partnership with Okta delivers comprehensive identity protection, combining the Falcon platform’s AI-driven detection with Okta’s identity management capabilities for unmatched visibility and real-time prevention of credential-based threats.
This collaboration extends to combating advanced tactics such as lateral movement, privilege escalation and misuse of protocols. With proactive threat hunting, intelligence sharing and unified telemetry, we empower organizations to secure hybrid environments with speed and precision.
CrowdStrike’s real-time protection for Microsoft Entra ID delivers Falcon’s AI-powered identity protection against password spraying, phishing and other identity threats targeting Entra ID (cloud-based active directory) environments.
How is CrowdStrike’s platform designed to integrate identity security seamlessly with endpoint and cloud protections?
CrowdStrike’s single-agent architecture was purpose-built to unify protection across all critical areas of enterprise risk – identity, cloud, endpoint and data – on the same console and workflow.
CrowdStrike provides real-time visibility and context across the entire attack surface by correlating identity signals with endpoint and cloud telemetry.
With identity attacks on the rise, what do you see as the primary risk for organisations that fail to adopt an identity-first approach?
Organizations risk prolonged attacker dwell time, data theft and operational disruption. With the prevalence and sophistication of identity-based attacks in today’s threat landscape, organizations are significantly increasing their risk of breach by not adopting an identity-first approach.
How does a platform approach ensure that identity protection is integrated across endpoints, clouds, and applications, and why is this integration essential?
While attackers leverage identity as a trusted entry point, they move laterally across systems once gaining access. These attacks leave minimal footprints in each domain, like separate puzzle pieces, making them harder to detect. The platform approach – unified visibility and protection across identity, cloud and endpoints, on the same console and workflow, is essential to put the pieces together and prevent attackers from exploiting gaps between disjointed solutions.
What are adversaries’ most common tactics to acquire user credentials, and how can organisations defend against them?
Phishing and social engineering—tactics used to manipulate individuals into revealing confidential information, such as credentials—are not new. However, with AI and GenAI, attackers can now execute these schemes at an unprecedented scale and sophistication, automating highly personalized and convincing messages that are harder to detect.
There’s also the market for stolen identities, which continues to grow. In 2023, CrowdStrike observed a 20% jump in access broker advertisements selling valid credentials.
Stopping the misuse of valid credentials requires advanced identity protection solutions like Falcon Identity Protection, which not only detect anomalous user behavior but also correlate it with known compromised credentials, enabling proactive threat mitigation.
How are attackers exploiting cloud vulnerabilities and lateral movement techniques to bypass traditional defences, and what steps can organisations take to detect and stop these activities?
Attackers exploit cloud vulnerabilities by leveraging misconfigurations, weak identity controls and unpatched software to gain initial access. Once inside, they use lateral movement techniques – such as abusing privileged accounts, exploiting API misconfigurations and leveraging living-off-the-land tactics – to navigate undetected across cloud environments, bypassing traditional perimeter-based defences. To detect and stop these activities, organizations should enforce the least privilege access and deploy AI-driven threat detection solutions like Falcon Identity Protection to monitor anomalous behaviour and stop lateral movement in real-time.