Portnox & CrowdStrike team up for real-time access control
The integration brings together Portnox's cloud-native Network Access Control (NAC) platform with CrowdStrike's device telemetry and Zero Trust Assessment (ZTA) scoring, allowing organisations to tailor access controls based on continuous device risk evaluation.
Portnox stated that addressing endpoint visibility and risk-based access control is essential to modern cybersecurity, and that the collaboration with CrowdStrike directly supports this goal by aligning endpoint intelligence with network access enforcement.
Denny LeCompte, Chief Executive Officer of Portnox, commented: "In an era where cybersecurity threats are constantly evolving, dynamic, real-time access control is paramount. Our integration with CrowdStrike delivers on this need by empowering organizations to make informed, automated access decisions based on the most current device posture. This partnership significantly fortifies our customers' security posture, enabling them to confidently embrace Zero Trust principles and adapt to an ever-changing risk landscape."
CrowdStrike's Falcon platform is a cloud-delivered solution employing artificial intelligence to provide protection for endpoints, workloads, and identities. It features real-time detection and response, threat intelligence, and behaviour-based protection mechanisms aimed at preventing security breaches.
A distinctive metric offered by CrowdStrike is the ZTA score, which evaluates the risk level of a device based on inputs such as its health, known vulnerabilities, recent threat detections, patterns of user behaviour, and the operational status of the CrowdStrike agent. This score is represented on a scale from 0 to 100, and allows security teams to determine the appropriate level of network access or if device remediation is necessary.
Through the integration, Portnox's platform enhances its ability to implement detailed and adaptive access controls without relying on on-premises hardware or complex setups. New capabilities provided by the integration include: Automatic verification of whether a device is managed by the CrowdStrike Falcon agent before granting network access.
Incorporation of ZTA scores into policy decision-making, so that only low-risk devices can receive full access, while devices assessed as high-risk may be assigned to guest networks or receive restricted access.
Utilisation of real-time CrowdStrike risk signals to reinforce least-privilege models in both corporate and Bring Your Own Device (BYOD) scenarios.
Automated network access control policies that adjust to changes in device risk posture as reported by CrowdStrike, with the goal of limiting threats before escalation.
The companies note that this collaborative capability is intended to benefit organisations pursuing Zero Trust architectures, particularly those managing hybrid work environments or BYOD programmes. The system is designed to ensure only trusted and compliant devices connect to corporate networks, blocking unauthorised or insecure devices and helping to maintain ongoing security as threat patterns change.
Follow us on:
Share on:
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
5 days ago
- Techday NZ
CrowdStrike unveils AI-driven updates to Falcon threat intelligence
CrowdStrike has announced the latest release of Falcon Adversary Intelligence, providing real-time, personalised threat intelligence embedded into security operations centre workflows. The new version of Falcon Adversary Intelligence aims to align threat intelligence with each customer's environment, exposures, and detections, operationalising intelligence at scale for improved detection, hunting and response. CrowdStrike has a history of tracking over 265 nation-state, eCrime and hacktivist groups globally. Its current offering seeks to address the challenge security teams face with fragmented intelligence across disconnected tools and the lack of context needed to understand how adversary threats apply to an organisation's specific risk profile and technology stack. The company stated that adversaries are growing in sophistication, leveraging artificial intelligence to accelerate attacks while also targeting AI-supported business operations. The latest update of Falcon Adversary Intelligence is designed to address these developments by replacing fragmented intelligence tools and static feeds with a personalised approach that uses the Falcon platform's first-party telemetry. This system prioritises and personalises intelligence according to each organisation's unique environment and risk factors. Key features Among the main features introduced is automated onboarding and intelligent rule creation. The system integrates infrastructure mapping and utilises knowledge from across the Falcon platform to deliver customer-specific intelligence. This includes reporting on relevant threats and trends, monitoring dark web activities, and highlighting information according to industry, technology stack, and detection data. Platform-driven prioritisation is another component, generating contextual threat profiles that reflect real-time detections, known exposures, and company profiles. For example, if a new threat targets a specific industry, the system automatically elevates its priority, providing in-depth threat profiles, Tactics, Techniques, and Procedures, targeting patterns, and related intrusion information to support rapid decision-making by analysts. The release also introduces Threat Hunting Guides within Falcon Adversary Intelligence Premium. These guides allow analysts to shift directly from threat insights to targeted investigations across their environments. With prebuilt queries and guided workflows, analysts can avoid time-consuming manual research, reducing investigations from as many as 15 steps to just a few clicks. When used with Falcon Next-Gen SIEM, the platform's click-to-hunt capabilities are intended to further reduce manual effort and enable faster response to emerging threats. Additionally, Intelligence Explorer provides analysts with a consolidated workspace to investigate threats, cross-reference adversary context, and correlate detection results within a single view for streamlined operations. "Today's adversaries are treating speed and stealth like weapons, using GenAI, cross-domain attacks, and targeted social engineering to move faster than ever while staying undetected," said Adam Meyers, Head of Counter Adversary Operations at CrowdStrike. "Threat intelligence can't just inform – it has to drive action. This is a smarter, more dynamic way to deliver intel aligned to each customer's environment. By boosting relevance, accelerating response, and delivering real operational ROI, analysts can act faster, hunt smarter, and stay ahead of today's most sophisticated threats." The approach taken by Falcon Adversary Intelligence is intended to increase the relevance and timeliness of data available to security analysts, replacing manual workflows with automation where possible and reducing investigation time. The system continually adapts based on live data from the client's environment, supporting prioritisation of threats that are most pertinent to each organisation's exposures and operations. CrowdStrike highlighted its intention for the Falcon platform to contribute to more effective and context-driven threat defence as adversaries escalate the use of automation and AI in their attacks against enterprise environments. The company reports that these updates are now available to customers, enabling security teams to access real-time intelligence and workflow support within the Falcon ecosystem.
Techday NZ
5 days ago
- Techday NZ
CrowdStrike & OpenAI enhance SaaS security with AI agent oversight
CrowdStrike has announced a new integration with OpenAI aimed at improving security and governance for AI agents used throughout the software-as-a-service (SaaS) landscape. The company's Falcon Shield product now features integration with the OpenAI ChatGPT Enterprise Compliance API, providing the ability to discover and manage both GPT and Codex agents created within OpenAI's ChatGPT Enterprise environment. This expansion supports more than 175 SaaS applications, addressing the increasing use of agentic AI in business operations. AI and the expanding attack surface As enterprises leverage AI agents to automate workflows and increase efficiency, the number of such agents is rising rapidly. CrowdStrike highlighted that while these agents deliver operational benefits, they also introduce new security challenges. Organisations may struggle to monitor agent activities, understand the data and systems these agents can access, and determine who is responsible for creating or controlling them. Autonomous AI agents frequently operate with non-human identities and persistent privileges. If a human identity associated with such an agent is compromised, there is potential for adversaries to use the agent to exfiltrate data, manipulate systems, or move across key business applications undetected. The proliferation of these agents increases the attack surface and can significantly amplify the impact of a security incident. Enhanced visibility and governance Falcon Shield's new capabilities are intended to help organisations address these risks by mapping each AI agent to its human creator, identifying risky behaviour, and aiding real-time policy enforcement. When combined with the company's Falcon Identity Protection, CrowdStrike's platform aims for unified visibility and protection for both human and non-human identities. "AI agents are emerging as superhuman identities, with the ability to access systems, trigger workflows, and operate at machine speed," said Elia Zaitsev, chief technology officer, CrowdStrike. "As these agents multiply across SaaS environments, they're reshaping the enterprise attack surface, and are only as secure as the human identities behind them. Falcon Shield and Falcon Identity Protection help secure this new layer of identity to prevent exploitation." Key features of the Falcon Shield integration include the discovery of embedded AI tools such as GPTs and Codex agents across various platforms, including ChatGPT Enterprise, Microsoft 365, Snowflake, and Salesforce. This is designed to give security teams increased visibility into AI agent proliferation within an organisation's digital environment. Accountability and threat containment The integration links each AI agent to its respective human creator. According to CrowdStrike, this supports greater accountability and enables organisations to trace access and manage privileges using contextual information. Falcon Identity Protection works alongside these capabilities to further secure human identities associated with AI agent activity. CrowdStrike stated that the system is capable of analysing identity, application, and data context to flag risks such as overprivileged agents, GPTs with sensitive abilities, and any unusual activity. Threats can be contained automatically using Falcon Fusion, the company's no-code security orchestration, automation, and response (SOAR) engine, which can block risky access, disable compromised agents, and trigger response workflows as required. Unified protection approach The product suite combines Falcon Shield, Falcon Identity Protection, and Falcon Cloud Security to provide what the company describes as end-to-end visibility and control over AI agent activity, tracking actions from the person who created an agent to the cloud systems it is able to access. Organisations using agentic AI in their operations are being encouraged to consider tools and approaches that not only monitor the agents themselves but also strengthen oversight of the human identities behind these digital entities.
Techday NZ
04-08-2025
- Techday NZ
CrowdStrike report warns of GenAI driving surge in cyberattacks
CrowdStrike has released its 2025 Threat Hunting Report detailing how adversaries are using generative AI (GenAI) to enhance and scale cyberattacks, with a particular focus on emerging threats to autonomous AI systems within enterprises. The report draws on intelligence from CrowdStrike's team of threat hunters and analysts, surveying attacks by over 265 known adversary groups. The findings highlight how attack vectors are evolving with increased automation and use of AI, as well as the targeting of AI-driven systems themselves. AI-powered attacks According to the report, GenAI-built malware is now operational, with lower-tier cybercriminals and hacktivist groups utilising AI to generate scripts, troubleshoot technical issues, and develop new forms of malware. Early examples cited include attacks named Funklocker and SparkCat, which underscore how the barrier to entry for sophisticated cybercrime has been lowered. China-linked adversaries have driven a significant increase in attacks on cloud infrastructure, accounting for 40% of a 136% rise in such incidents during the first half of 2025. The report notes that actors like GENESIS PANDA and MURKY PANDA exploited cloud misconfigurations and access privileges to carry out attacks, while GLACIAL PANDA focused on embedding itself in telecommunications networks, leading to a 130% year-over-year surge in nation-state activity in that sector. Accelerating social engineering Beyond technical exploits, the report outlines how AI is being leveraged to automate social engineering campaigns. FAMOUS CHOLLIMA, a North Korea-linked group, used GenAI to generate fraudulent résumés, create deepfake videos for interviews, and complete technical assignments under assumed identities. This group reportedly infiltrated more than 320 companies worldwide, constituting a 220% year-over-year increase. The report also references Russia-linked EMBER BEAR's amplification of pro-Russia narratives and Iran-linked CHARMING KITTEN's deployment of phishing emails crafted with large language models targeting US and EU organisations. AI agents: A new target The rise of agentic AI - autonomous AI agents handling key business workflows - has created new opportunities for attackers. Several threat actors have reportedly exploited vulnerabilities in the tools used to build and manage these agents. Access was gained through unauthenticated channels, followed by credential harvesting, malware deployment, and ransomware installation. According to CrowdStrike, this marks the emergence of AI systems, and the identities they use, as a key part of the enterprise attack surface. "The AI era has redefined how businesses operate, and how adversaries attack. We're seeing threat actors use GenAI to scale social engineering, accelerate operations, and lower the barrier to entry for hands-on-keyboard intrusions. At the same time, adversaries are targeting the very AI systems organizations are deploying. Every AI agent is a superhuman identity: autonomous, fast, and deeply integrated, making them high-value targets. Adversaries are treating these agents like infrastructure, attacking them the same way they target SaaS platforms, cloud consoles, and privileged accounts. Securing the AI that powers business is where the cyber battleground is evolving," said Adam Meyers, Head of Counter Adversary Operations at CrowdStrike. Trend observations The report also highlights the resurgence of the SCATTERED SPIDER group, which has accelerated its use of identity-based attacks across multiple domains. The group's tactics in 2025 included using phone-based social engineering (vishing) and impersonation of help desk personnel to reset credentials, bypass multi-factor authentication measures, and deploy ransomware in less than 24 hours after gaining initial access. CrowdStrike's data shows a clear trend of increased adversary sophistication with the use of AI-enabled tools, not only for direct attacks but also for the exploitation of cloud, SaaS, and AI agent infrastructure. This shift is rapidly transforming both the methods and preferred targets of cybercriminal and nation-state actors. The report suggests that as enterprises further integrate AI agents into their operations, additional security measures are required to safeguard these autonomous, non-human identities and workflows from being compromised or manipulated.
