Falcon platform secures the entire identity attack lifecycle – from initial access to privilege escalation and lateral movement – across hybrid environments; extends Charlotte AI Agentic Detection Triage to identity-based attacks

AUSTIN, Texas, April 22, 2025--(BUSINESS WIRE)--CrowdStrike (NASDAQ: CRWD) today announced the general availability of Falcon® Privileged Access, a new module within Falcon® Identity Protection. With unified privileged access controls, the AI-native CrowdStrike Falcon® cybersecurity platform is the only platform that secures the entire identity attack lifecycle – from initial compromise to privilege escalation and lateral movement – across hybrid environments.

The company also extended breakthrough automation capabilities for Charlotte AI Agentic Detection Triage and Falcon® Next-Gen SIEM to accelerate response to identity-based attacks. These innovations empower organizations to move beyond fragmented legacy tools and unify end-to-end identity security across on-premises Active Directory, cloud-based identity providers and SaaS applications with AI-powered platform protection.

"Identity is under relentless attack, and adversaries are going straight for the keys to the kingdom – privileged access," said Michael Sentonas, president of CrowdStrike. "From social engineering to sophisticated insider abuse, they’re escalating privileges to access the most sensitive systems and data. With Falcon Privileged Access, we’re leveraging the power of the Falcon platform to eliminate standing privileges and make real-time, risk-aware access decisions. This latest innovation sets a new standard for end-to-end identity security, protecting customers against persistent identity-based threats."

Seventy-nine percent of attacks to gain initial access are malware-free, as adversaries exploit trusted identities to infiltrate organizations undetected and move laterally to reach high-value targets. Groups like SCATTERED SPIDER use stolen credentials and social engineering, manipulating IT help desks to grant unauthorized access to targeted accounts. Others, like FAMOUS CHOLLIMA, embed malicious insiders equipped with company-issued laptops preloaded with remote access tools and registering their own MFA devices to escalate privileges.

Stopping these threats requires live attack signals – like compromised credentials and risky device behavior – and the ability to assess risk and revoke access in real time. As a native part of the Falcon platform, Falcon Privileged Access uses real-time signals from endpoints/devices, industry-leading threat intelligence and advanced AI trained on trillions of security events to analyze user behavior and privilege status, and dynamically grant, block or revoke access. Paired with Falcon Identity Protection’s advanced capabilities for initial access prevention and identity threat detection and response (ITDR), CrowdStrike secures the entire identity attack lifecycle across hybrid environments. New features and benefits include:

• Just-in-Time Privileged Access: Eliminates standing privileges and manual requests with dynamic, risk-aware access decisions. CrowdStrike ensures users only receive elevated permissions when they need them, and only under secure conditions. Real-time risk signals from the Falcon platform continuously assess user and device context, instantly revoking access if risk levels change. Just-in-Time Access complements broader Privileged Access Management (PAM) capabilities – including password vaulting and session recording – by delivering real-time visibility and dynamic policy enforcement from a unified platform that secures the identity attack lifecycle.
• Agentic Detection Triage for Identity-Based Attacks: CrowdStrike is bringing the power of agentic AI to Falcon Identity Protection with Charlotte AI Agentic Detection Triage, autonomously triaging cross-domain attack detections with over 98% accuracy¹ to rapidly prioritize the most critical threats.
• Unified Identity Security and Next-Gen SIEM: The combination of Falcon Identity Protection and Falcon Next-Gen SIEM enables security teams to detect and prioritize identity-based threats in real time, while Falcon Fusion SOAR automates Active Directory actions – like disabling compromised accounts and MFA enforcement – to respond at machine speed.

To help customers strengthen their overall cybersecurity posture, CrowdStrike also unveiled CrowdStrike Pulse Services, an expert-led engagement program designed to reduce active risk and accelerate security program maturity. Specifically for identity-focused use cases, customers can leverage Pulse Services for cloud configuration assessments, identity policy reviews and identity threat protection optimization. These ongoing, outcome-focused and bite-sized sessions help teams uncover misconfigurations, enforce least privilege and fine-tune defenses to stop credential abuse.

Falcon Privileged Access is now generally available. To learn more about Falcon Privileged Access and Falcon Identity Protection, read our blog.

About CrowdStrike

CrowdStrike (NASDAQ: CRWD), a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data.

Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.

Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.

CrowdStrike: We stop breaches.

Learn more: https://www.crowdstrike.com/
Follow us: Blog | X | LinkedIn | Facebook | Instagram
Start a free trial today: https://www.crowdstrike.com/free-trial-guide/

© 2025 CrowdStrike, Inc. All rights reserved. CrowdStrike and CrowdStrike Falcon are marks owned by CrowdStrike, Inc. and are registered in the United States and other countries. CrowdStrike owns other trademarks and service marks and may use the brands of third parties to identify their products and services.

¹Accuracy rating is a measure of Charlotte AI triage decisions that match the expert decisions from the CrowdStrike Falcon Complete Next-Gen MDR team.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250421413931/en/

Contacts

Media Contact:
Jake Schuster
CrowdStrike Corporate Communications
press@crowdstrike.com