T1070 Indicator Removal Mappings

Intel Threat Detection Technology (TDT), combined with CrowdStrike Falcon Accelerated Memory Scanning (CAMS), strengthens cybersecurity defenses by enabling faster, real-time detection of Indicator Removal attacks. This integrated solution enhances CrowdStrike Falcon capabilities, improving its ability to detect and mitigate cyber threats earlier in the kill chain while minimizing system performance impact. Indicator Removal attacks involve adversaries attempting to erase or alter system logs, forensic artifacts, or other indicators of compromise (IOCs) to evade detection. By removing these telltale signs, attackers aim to avoid triggering security alerts and delay detection, allowing them to maintain persistent access to systems. Intel TDT plays a critical role in identifying these evasive techniques by providing deep, real-time telemetry on program execution, memory access, and control flow. This telemetry allows security teams to detect abnormal behaviors, such as unauthorized manipulation of system logs or tampering with file systems, which are indicative of efforts to remove attack indicators. In addition, CAMS offloads memory scanning tasks from the CPU to the Intel Integrated GPU, ensuring faster and more efficient detection of malicious activities without sacrificing system performance. CAMS helps identify suspicious actions, such as attempts to alter or delete logs, modify file system attributes, or hide evidence of compromise in memory.