Coinciding with Black Hat USA 2025, CrowdStrike (NASDAQ: CRWD) announced the general availability of CrowdStrike Signal, a new generation of AI-powered detection engines designed to identify early-stage threats that often go unnoticed by other security systems.
The company claims that Signal uses self-learning models for each host that understand what is “normal” in that environment over time, including systems and users. This enables it to identify subtle activities and link them to related behaviors before traditional tools can act.
This early correlation generates high-confidence, prioritized clues, speeding up investigation, threat hunting, and response, thereby enhancing the early detection advantage of the Falcon® platform.
“Modern attackers disperse minimal signals over time to stay under the radar. Signal is designed to connect these dots and provide the full picture before anyone else,” explained Elia Zaitsev, CTO of CrowdStrike.
From subtle activity to early alert
Many modern attacks start with low-profile activity that, in isolation, appears harmless. Rule-based systems often ignore this due to lack of context, and the latest AI approaches only assign scores after detection.
In contrast, Signal:
- Continuously learns the baseline behavior of each user, host, and process, adapting to changes to detect significant deviations without manual configuration.
- Identifies and links subtle behaviors used by attackers, such as living-off-the-land tools for reconnaissance or executing applications from temporary directories, which would not raise suspicion individually.
- Reduces alert volume by condensing numerous events into a small set of high-quality clues, grouping related activities to avoid manual triage and accelerate responses.
Large-scale statistical intelligence
Signal relies on a family of time-series statistical models capable of analyzing billions of daily events across each client environment. By correlating signals over time and between systems, it filters out repetitive activity and highlights genuinely unusual behavior.
This capability not only improves endpoint detection but also lays the groundwork for extending next-generation detection to identities, cloud environments, and third-party data.
Advancing native AI cybersecurity
CrowdStrike positions itself as a pioneer in AI-native cybersecurity, with the CrowdStrike Security Cloud and Falcon platform at the core of its strategy. The company states that this lightweight architecture, based on a single agent and cloud presence, allows for:
- Rapid, scalable deployment
- Highly accurate detection and protection
- Reduced operational complexity
- Protection against known and emerging threats
With Signal, the company aims to get ahead in the attack chain and detect compromises while they are still in their quietest phase.
Availability
CrowdStrike Signal is now generally available. The company provides more information on its corporate blog and at booth #2733 at Black Hat USA 2025.
Frequently Asked Questions (FAQs)
How does Signal differ from other AI detection systems?
Unlike rule-based solutions or pre-trained models, Signal creates adaptive host models that learn what is normal in each environment and detect deviations without manual setup.Does Signal replace other Falcon functions?
No. Signal is a motor that complements and enhances detection within the Falcon platform, integrating with its protection, response, and threat hunting capabilities.Can Signal detect attacks without prior indicators of compromise?
Yes. Its goal is to identify unusual activity patterns before traditional indicators, such as known malicious files or blocked IPs, are present.Which sectors benefit the most from Signal?
Organizations with distributed environments, critical operations, or high exposure to targeted attacks, such as finance, energy, healthcare, government, and technology.
via: crowdstrike