CrowdStrike announced the general availability of Falcon Privileged Access, a new module within Falcon Identity Protection. With unified privileged access controls, the AI-native CrowdStrike Falcon® cybersecurity platform is the only platform that secures the entire identity attack lifecycle – from initial compromise to privilege escalation and lateral movement – across hybrid environments.
The company also extended breakthrough automation capabilities for Charlotte AI Agentic Detection Triage and Falcon Next-Gen SIEM to accelerate response to identity-based attacks. These innovations empower organisations to move beyond fragmented legacy tools and unify end-to-end identity security across on-premises Active Directory, cloud-based identity providers and SaaS applications with AI-powered platform protection.
“Identity is under relentless attack, and adversaries are going straight for the keys to the kingdom – privileged access,” said Michael Sentonas, president of CrowdStrike. “From social engineering to sophisticated insider abuse, they’re escalating privileges to access the most sensitive systems and data. With Falcon Privileged Access, we’re leveraging the power of the Falcon platform to eliminate standing privileges and make real-time, risk-aware access decisions. This latest innovation sets a new standard for end-to-end identity security, securing customers against persistent identity-based threats.”
Seventy-nine percent of attacks to gain initial access are malware-free, as adversaries exploit trusted identities to infiltrate organisations undetected and move laterally to reach high-value targets. Groups like SCATTERED SPIDER use stolen credentials and social engineering, manipulating IT help desks to grant unauthorised access to targeted accounts. Others, like FAMOUS CHOLLIMA, embed malicious insiders equipped with company-issued laptops preloaded with remote access tools and registering their own MFA devices to escalate privileges.
Stopping these threats requires live attack signals – like compromised credentials and risky device behavior – and the ability to assess risk and revoke access in real time. As a native part of the Falcon platform, Falcon Privileged Access uses real-time signals from endpoints/devices, industry-leading threat intelligence and advanced AI trained on trillions of security events to analyse user behavior and privilege status, and dynamically grant, block or revoke access. Paired with Falcon Identity Protection’s advanced capabilities for initial access prevention and identity threat detection and response (ITDR), CrowdStrike secures the entire identity attack lifecycle across hybrid environments. New features and benefits include:
* Just-in-Time Privileged Access: Eliminates standing privileges and manual requests with dynamic, risk-aware access decisions. CrowdStrike ensures users only receive elevated permissions when they need them, and only under secure conditions. Real-time risk signals from the Falcon platform continuously assess user and device context, instantly revoking access if risk levels change. Just-in-Time Access complements broader Privileged Access Management (PAM) capabilities – including password vaulting and session recording – by delivering real-time visibility and dynamic policy enforcement from a unified platform that secures the identity attack lifecycle.
* Agentic Detection Triage for Identity-Based Attacks: CrowdStrike is bringing the power of agentic AI to Falcon Identity Protection with Charlotte AI Agentic Detection Triage, autonomously triaging cross-domain attack detections with over 98% accuracy (Accuracy rating is a measure of Charlotte AI triage decisions that match the expert decisions from the CrowdStrike Falcon Complete Next-Gen MDR team) to rapidly prioritise the most critical threats.
* Unified Identity Security and Next-Gen SIEM: The combination of Falcon Identity Protection and Falcon Next-Gen SIEM enables security teams to detect and prioritise identity-based threats in real time, while Falcon Fusion SOAR automates Active Directory actions – like disabling compromised accounts and MFA enforcement – to respond at machine speed.
To help customers strengthen their overall cybersecurity posture, CrowdStrike also unveiled CrowdStrike Pulse Services, an expert-led engagement program designed to reduce active risk and accelerate security program maturity. Specifically for identity-focused use cases, customers can leverage Pulse Services for cloud configuration assessments, identity policy reviews and identity threat protection optimisation. These ongoing, outcome-focused and bite-sized sessions help teams uncover misconfigurations, enforce least privilege and fine-tune defenses to stop credential abuse.