CrowdStrike and Microsoft have announced a strategic partnership to solve a common problem in cybersecurity. Confusion sometimes arises because different companies give cybercriminals and hacker groups their own names.
The partnership will result in a joint system that will enable threat actors to be identified in the same way across both companies’ security platforms. This will prevent confusion caused by differing names.
The problem is well known in the industry. Companies often use their own names for hacker groups, making it difficult for analysts and organizations to determine exactly who a report is about. For example, the group known to many as Cozy Bear is referred to as Midnight Blizzard by one company, while another uses a different name. This makes comparing information difficult and time-consuming.
CrowdStrike and Microsoft have recognized that this is a major obstacle. They have developed a system that links the different names together. The aim is not to impose a single standard name, but to eliminate confusion. This will enable security teams to make faster and more confident decisions and better correlate different threat reports, allowing them to intervene more quickly before an attack actually causes damage.
According to a senior executive at CrowdStrike, this is an important moment for the industry. He explains that cybercriminals use both technological means and the ambiguity surrounding their names to stay out of the hands of security professionals. By providing clarity about who exactly is behind an attack, companies can respond in a more targeted and effective manner.
Joint analysis by threat teams
The first step in the collaboration is a joint analysis by the threat teams of both companies, in which they align their names for known actors. Although the collaboration has only just been announced, they have already agreed on more than 80 actors. For example, it has been established that Microsoft’s Volt Typhoon and CrowdStrike’s VANGUARD PANDA both refer to groups believed to be supported by China, and that Secret Blizzard and VENOMOUS BEAR refer to the same Russian group.
The companies want to expand this approach and invite other partners to contribute to the shared overview of threat actors. The goal is to create a widely supported, joint source of information that will benefit the entire cybersecurity community.
A security executive at Microsoft emphasizes that cybersecurity is one of the biggest challenges of our time, especially in the AI era. He says that collaboration is crucial: if security teams can share information and respond more quickly, it will make a real difference in how we protect ourselves globally.