T1087.002 Domain Account Mappings

Intel Threat Detection Technology (TDT), in combination with CrowdStrike Falcon Accelerated Memory Scanning (CAMS), strengthens cybersecurity defenses by enabling faster, real-time detection of Account or Domain Account Discovery attacks. This integrated solution enhances CrowdStrike Falcon, improving its ability to detect and mitigate cyber threats earlier in the kill chain, while minimizing system performance impact. Account or Domain Account Discovery techniques involve attackers enumerating user accounts or domain accounts within an organization. By discovering valid user credentials or domain accounts, adversaries can identify targets for further attacks, including lateral movement, privilege escalation, or credential harvesting. These techniques are often used to gather critical information about account structures, access levels, and administrative rights, enabling attackers to plan their next move more effectively. Intel TDT plays a crucial role in identifying these threats by providing real-time telemetry on program execution, memory access, and control flow at the hardware level. This telemetry helps security teams detect abnormal behaviors, such as unauthorized attempts to query or enumerate user or domain accounts, often indicating reconnaissance or preparation for lateral movement. By continuously monitoring low-level system activities, Intel TDT can quickly detect and alert on suspicious actions targeting account or domain account discovery.