Enterprise Advanced Security (Ransomware): CrowdStrike Falcon 2023

Sector: Enterprise
Testing: November 2023


CrowdStrike Ransomware

Ransomware vs. Endpoint Security

Ransomware vs. Endpoint Security – Results from the largest public ransomware test

In this report, we analyse ransomware vs. endpoint security. Ransomware is the most visible, most easily understood cyber threat affecting businesses today. Paralysed computer systems mean stalled business and loss of earnings. On top of that, a ransom demand provides a clear, countable value to a threat. A demand for “one million dollars!” is easier to quantify than the possible leak of intellectual property to a competitor.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download [2.66 MB]

Product factsheet:

In this report, we have taken two main approaches to assessing how well products can detect and protect against ransomware.

Ransomware Deep Attacks

For the first part of this test, we analysed the common tactics of ransomware gangs and created two custom gangs that use a wider variety of methods. In all cases, we run the attack from the very start, including attempting to access targets with stolen credentials or other means. We then move through the system and sometimes the network, before deploying the ransomware as the final payload.

Ransomware Direct Attacks

The second part of the test takes a wide distribution of known malware and adds variations designed to
evade detection. We’ve listed the ransomware families used in Hackers vs. Targets on page 9. We sent each of these ransomware payloads directly to target systems using realistic techniques, such as through
email social engineering attacks. This is a full but short attack chain. In this part of the test, we ensure any protection features are enabled in the product.

Sign up to our monthly business and personal security newsletters.

Find out more

Our latest reports, for enterprise, small business and home users are now available for free. Please download them and follow us on LinkedIn to receive news, comment, updates and future reports.

Visit our blog for more security testing news, analysis and the Cyber Security DE:CODED podcast.