Microsoft and CrowdStrike Join Forces to Improve Threat Actor Attribution
In a pivotal collaboration, Microsoft and CrowdStrike are taking significant strides to address the complexities surrounding threat actor attribution in cybersecurity. This partnership seeks to streamline how security professionals identify and respond to adversaries, thereby enhancing overall threat management.
The Challenge of Threat Attribution
Understanding the identity of potential threats is crucial for network defenders. However, the landscape of cybersecurity is riddled with inconsistencies in naming conventions, causing confusion. A single threat actor can be labeled differently across various platforms, which complicates the process of threat attribution. For example, a state-sponsored group with links to Russia has been referred to by multiple names such as CozyCar, Dark Halo, and more commonly, Cozy Bear. This inconsistency can hinder effective responses to cyber threats.
Unifying Threat Actor Names
To tackle this issue, CrowdStrike and Microsoft have united their expertise to “harmonize” the attribution of threat actors. Adam Meyers, Head of Counter-Adversary Operations at CrowdStrike, emphasized the importance of clarity in combating cyber adversaries. He stated, “Adversaries hide behind both technology and the confusion created by inconsistent naming." By providing a clearer understanding of who is targeting organizations, the two companies aim to empower security teams to respond more effectively.
Meyers acknowledges CrowdStrike’s leadership in adversary intelligence and Microsoft’s substantial data resources. This partnership aims to combine these strengths to offer enhanced clarity and speed in threat detection and response.
Developing a Shared Mapping System
One of the main outcomes of this collaboration is the creation of a shared mapping system that links threat actors across different vendor naming systems. Importantly, this approach does not require the establishment of a new naming convention, which could add further complexity to an already challenging situation.
So far, the collaboration has successfully deconflicted over 80 threat actors, unifying names such as Microsoft’s Volt Typhoon and CrowdStrike’s Vanguard Panda, both identified as the same state-sponsored actor from China. The hope is that this effort will encourage other cybersecurity vendors to join in and contribute to a collective mapping resource, ultimately benefiting the entire industry.
A Call to Action for the Industry
Cybersecurity is increasingly becoming a prominent challenge, especially in today’s technology-driven landscape. Vasu Jakkal, Microsoft’s Corporate Vice President of Security, highlighted the importance of collaboration, noting that the synergy between Microsoft and CrowdStrike positions them well to help clients and the wider community leverage actionable threat intelligence.
“Security is a team sport, and when defenders can share and react to information faster, it makes a difference in how we protect the world,” Jakkal stated. This sentiment underscores the significance of developing a more unified approach to threat intelligence to enable quicker, more effective responses.
Conclusion
As Microsoft and CrowdStrike move forward with their collaborative efforts, the promise of a more coherent understanding of cyber threats is on the horizon. By addressing the naming inconsistencies that plague threat actor attribution, the partnership aims to empower network defenders, ultimately enhancing their ability to safeguard organizations against potential cyber attacks.
