T1573 Encrypted Channel Mappings

Intel Threat Detection Technology (TDT), integrated with CrowdStrike Falcon Accelerated Memory Scanning (CAMS), strengthens cybersecurity defenses by enabling faster, real-time detection of Encrypted Channel attacks. This integrated solution enhances CrowdStrike Falcon, improving its ability to detect and mitigate cyber threats earlier in the kill chain, all while minimizing system performance impact. Encrypted channel attacks involve adversaries using encrypted communications channels (such as SSL/TLS or other encryption protocols) to exfiltrate data, command-and-control traffic, or otherwise evade detection. These attacks can obscure the malicious intent of the communication, making it difficult for traditional security tools to identify the content or the true nature of the traffic. Intel TDT plays a key role in identifying these threats by providing real-time telemetry on program execution, memory access, and control flow. This telemetry allows for rapid detection of suspicious encrypted traffic patterns, such as abnormal SSL/TLS traffic, which could indicate malicious activities like data exfiltration or command-and-control (C2) communication. Additionally, CAMS offloads the memory scanning workload from the CPU to the Intel Integrated GPU, enabling faster and more efficient detection of encrypted channel activities without impacting system performance. CAMS helps identify suspicious behaviors such as unauthorized encryption processes or attempts to hide malicious traffic within encrypted channels, offering a proactive defense against attacks that seek to bypass detection.