At Black Hat, CrowdStrike announced the launch of the CrowdStrike Intelligence Exchange Program (CSIX).
The exchange enables vendor partners to access and share threat intelligence. This threat intelligence continuously improves vendor partners’ ability to detect and attribute attacks, allows for attack prioritization, and provides the end customer with rich context about the attacks in their environment.
CSIX launches with seven industry partners: Agiliance, Centripetal Networks, Check Point Software Technologies, General Dynamics Fidelis Cybersecurity Solutions, LogRhythm, ThreatQuotient, and ThreatStream. Security solution vendors can add rich context and attack prioritization through three go-to-market program options:
- Option 1: CrowdID
- OEM Partner can deliver basic attribution to help their customer understand if an attack is targeted or commodity, free of charge. The OEM Partner queries the CrowdStrike API with supported indicators and/or submits a malware sample receiving attribution information.
- Option 2: Falcon Intelligence – Adversary Profile
- Attribution data is made available to the OEM Partner’s solution to provide rich context and prioritization of targeted attacks. Content delivered to the customer includes both adversary name and full profile details, including targeted sectors, exploits used, and other trend data, under a license and revenue sharing model.
- Option 3: Falcon Intelligence Connect
- CrowdStrike and the OEM Partner certify the integration of CrowdStrike Intelligence to the OEM Partner’s solution for use with joint customers.
CSIX is the first program of many collaborative CrowdStrike partnerships within the security vendor community. CrowdStrike is committed to building an ecosystem that enhances the defensive posture and response capabilities of our customers. Participation in CSIX provides OEM Partners with multiple options to enhance their offering with contextual information specific to major threat actors.