DataCenterNews Asia Pacific - Specialist news for cloud & data center decision-makers
Asia

Guides

#
disaster recovery
#
multi-cloud
#
power / energy
#
software defined wide area network
#
storage

Search

Ai detecting cyber threats hidden in data streams on computer screen
#
Cloud Security
#
Advanced Persistent Threat Protection
#
AI Security

CrowdStrike launches AI detection engine to catch stealthy threats

Yesterday
Author image
By Melvin Hipolito, Editor

CrowdStrike has announced the general availability of CrowdStrike Signal, an AI-powered detection engine designed to identify cyber threats that other systems miss.

The new solution applies self-learning time series models to analyse billions of daily events per customer. This approach allows the system to baseline behaviour, detect subtle deviations in real time, and correlate low-signal activity into high-confidence leads. These leads are designed to expose stealthy attacker behaviours and give security teams a starting point for response.

Detection approach

The company states that modern cyber attacks often begin with low-signal activity that appears benign when viewed in isolation. Traditional security systems, which are often rule-based, struggle to identify these early stages because they lack the contextual understanding needed to separate suspicious actions from ordinary behaviour. Even contemporary AI-based systems, according to CrowdStrike, generally apply scoring mechanisms only after an initial detection has occurred.

With Signal, the company claims to offer a different approach. CrowdStrike Signal is described as a continuously adaptive system that learns what constitutes normal operations for each user, host, and process in a customer's environment, and continuously revises its models as conditions change. It then pinpoints deviations from the norm and links early-stage behaviours to related downstream activity, aiming to surface threats earlier in the attack lifecycle.

"CrowdStrike pioneered AI-native cybersecurity, and continues to deliver the innovation driving the industry forward. Signal is our latest breakthrough, built to detect how modern adversaries actually operate," said Elia Zaitsev, Chief Technology Officer, CrowdStrike. "Today's attackers spread subtle signals over time to stay under the radar. Signal is designed to catch what others overlook, connecting the dots across systems and time to paint the full picture."

Technology and capabilities

The detection engine is underpinned by a new family of statistical time series models capable of analysing high volumes of events in a customer's environment. According to CrowdStrike, the platform works by linking signals across time and systems, filtering out repetitive activity, and highlighting unusual ones. This capability is intended to reveal stealthy attacker behaviour before it can escalate, providing defenders with an initial point for action.

Signal's use of self-learning AI allows it to model behaviour for each user and host, continually adapting over time. Unlike static rule sets or models that require frequent manual updates, Signal is intended to deliver early-stage detection without the need for constant adjustment. The system identifies patterns of low-signal activity often used in cyber attacks, such as the use of legitimate administrative tools for reconnaissance or executing applications from temporary directories. While such behaviours are sometimes legitimate, their detection across context and time can reveal hidden threats.

Response acceleration and alert management

One of the stated goals of CrowdStrike Signal is to condense a large volume of potential detections into a small number of high-fidelity leads for investigation. By surfacing early indicators of compromise and grouping related behaviours, the company says Signal can reduce false positive rates and streamline initial triage for security teams. This aims to decrease manual investigation time and accelerate overall response to active threats.

CrowdStrike claims that, by analysing behaviour earlier in the threat lifecycle and correlating subtle activities across events, it can identify threats that may be buried in everyday activity and are otherwise missed by conventional systems. Signal is designed to be deployed directly at the endpoint, and according to the company, it also lays the foundation for detection across identity management systems, cloud services, and third-party data sources.

Industry context

The launch of CrowdStrike Signal comes in response to the evolving nature of cyber threats and the need for security platforms to address increasingly sophisticated attack strategies, where traditional tools may not provide early warning or actionable intelligence. The approach of continuously learning and modelling customer environments has been positioned as a way to reduce alert fatigue and provide more effective leads for defenders.

The company highlights that, instead of relying solely on rules or fixed detection signatures, the self-learning aspect of Signal allows for adaptation to new behaviours and emerging threat patterns, theoretically increasing the potential for earlier detection.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
DXC launches new SAP practice in Japan to drive transformation
CrowdStrike launches new AI security & readiness services for SOCs
Alibaba Cloud named leader in Forrester Wave serverless report
CrowdStrike & OpenAI enhance SaaS security with AI agent oversight
CrowdStrike unveils AI-driven updates to Falcon threat intelligence

Top stories

Leaseweb launches S3-compatible object storage in Singapore
Cloudera upgrades AI services for secure on-premises deployment
Researchers directly measure quantum distance for the first time
NetApp & AWS extend FSx for ONTAP support to Amazon EVS
Vertiv launches scalable OneCore solution for high-density data centres