T1571 Non-Standard Port Mappings

Intel Threat Detection Technology (TDT), combined with CrowdStrike Falcon Accelerated Memory Scanning (CAMS), strengthens cybersecurity defenses by enabling faster, real-time detection of Non-Standard Port exploitation. This integrated solution enhances CrowdStrike Falcon, improving its ability to detect and mitigate cyber threats earlier in the kill chain while minimizing the impact on system performance. Non-Standard Port techniques involve adversaries using ports outside of the commonly recognized and secure range (e.g., ports 80 for HTTP, 443 for HTTPS) to communicate with compromised systems or exfiltrate data. These tactics help attackers avoid detection by security monitoring systems that primarily focus on well-known ports, making it harder for traditional security tools to identify malicious activities. By employing non-standard ports, attackers can bypass firewalls and network defenses, potentially facilitating covert communication or malicious data transfers. Intel TDT plays a critical role in identifying these threats by providing real-time telemetry on program execution, memory access, and control flow at the hardware level. This telemetry enables the detection of abnormal behaviors, such as suspicious outbound network traffic on non-standard ports or unauthorized applications attempting to communicate over unusual protocols. By closely monitoring low-level activities, Intel TDT helps security teams spot these covert methods of communication, preventing attackers from exploiting non-standard ports for command and control or data exfiltration.