T1016 System Network Configuration Discovery Mappings

Intel Threat Detection Technology (TDT) and CrowdStrike Falcon Accelerated Memory Scanning (CAMS): Defending Against System, Owner, User, and Network Information Discovery Attacks Intel Threat Detection Technology (TDT), combined with CrowdStrike Falcon Advanced Memory Scanning (CAMS), enhances cybersecurity defenses by enabling faster, real-time detection of System, Owner, User, and Network Information Discovery attacks. This integrated solution strengthens CrowdStrike Falcon, improving its ability to detect and mitigate cyber threats earlier in the kill chain, while minimizing system performance impact. System, Owner, User, and Network Information Discovery attacks involve adversaries attempting to collect detailed information about the system they’ve infiltrated. Attackers gather data about the operating system, local users, network configurations, system owner, active connections, and network shares. This information is typically used to plan further exploitation, lateral movement, and privilege escalation within the target network. By querying system properties, user accounts, and network settings, attackers gain the intelligence necessary for executing advanced attacks. Intel TDT plays a crucial role by providing real-time telemetry on program execution, memory access, and control flow, enabling quick detection of abnormal activities like unauthorized information gathering from system and network resources. Additionally, CAMS offloads the memory scanning workload from the CPU to the Intel Integrated GPU, ensuring faster and more efficient detection of suspicious activity without negatively impacting system performance. CAMS is capable of identifying the unauthorized collection of system, user, or network-related data, helping to detect when attackers are gathering intelligence for the purpose of launching further attacks.