Knowing your attacker via CrowdStrike’s Threat Intelligence

The diverse cyber threat landscape continues to be a concern for businesses around the world. In Southeast Asia, organisations are facing the dilemma of understanding the various threat landscapes.

In an exclusive interview with CyberSecurity Asean, Michael Sentonas, Vice President, Technology Strategy of CrowdStrike discussed the diverse threat landscape and what organisations can do to prepare for it.

“Southeast Asia is a very challenging location to protect. Organisations in countries like Singapore need to think about threat protection on a global level.” Michael believes that the problem lies in the failure of the technology and solutions that businesses use to protect themselves and not with the chosen security providers. He said that CrowdStrike receives calls from organisations in the region to help rebuild their network after being heavily targeted and compromised.

 “From an organisation’s perspective, it depends on how you see it. You will find a weak point in big organisations. A lot of technology is not keeping up to date. Most people are exhausted with the number of security products they have to deal with,” Michael added. He questions if organisations are choosing tech solution that are too complex for use. “In many cases, the tech can’t detect the methods attackers use. We are successful because our tech delivers.”

 “Our goal is to stop breaches and we deliver on that promise to customers. There are many requirements to build a security platform. CrowdStrike is cloud native, and we are using censors from all around the world. You can’t have on-premise security on the cloud. You can’t move on-premise to the cloud and call it cloud-native. We leverage technology like AI and Machine Learning to give us the ability to detect never seen before attacks. At the same time, we have also lower false positives.”

The key to any cybersecurity solution as Michael puts it is to understand the human element and that technology alone will not suffice. “There is no silver bullet in this industry.  CrowdStrike combines human element and technology, which gives us an advantage.”
CrowdStrike and AI in Cybersecurity

When it comes to AI, CrowdStrike builds models to look at attacks in real-time. It allows them to do more prevention and is one of the many tools that CrowdStrike leverages on. From a security architecture perspective, CrowdStrike makes sure there is no single point of failure.

According to Michael, CrowdStrike has a dedicated managed hunting service team to look at machine-generated telemetry. “We process around two trillion machine events every week and stop thousands of breaches each year. We let our customers know if there are any issues.”

The CrowdStrike Threat Graph utilises machine-generated telemetry stored in the cloud and uses it not only for manage hunting but also to build Machine Learning models and retrospective analysis on what’s happening. It is used for crowdsourcing for threat intelligence.

The Falcon Platform by CrowdStrike is a cloud-delivered endpoint protection. It is powered by AI through the Threat Graph and is cloud-native, ensuring cloud-delivered endpoint protection by using crowdsourced data and cloud analytics to stop threats.

“We have machine learning and AI on the endpoint. We have it also in the cloud. One of the things we have pioneered in CrowdStrike is the Indicator of Attack. We look at the behaviours of the system and overlay that with the behaviours of the user. We look at the events that are happening on a machine in real-time and we monitor both post and pre-execution activity.”

From this, CrowdStrike looks at patterns of behaviour that indicates if there is something not right, something malicious, whether it is an attacker or a malware about to execute. It leverages a number of those techniques to terminate those processes. For example, it removes access to an attacker.

The Indicator of Attacker together with AI and ML together with manage hunting is the differentiation CrowdStrike has. And with that, CrowdStrike hopes to provide more security to their customers.

With that said, Michael added that the landscape for cybersecurity vendors have changed dramatically in the last 12 months. Competitors around the world are dropping off, as many have gone on to do different things.

“We continue to focus on keeping our customers safe, and we also continue to grow. We have many partners in the industry. Dell is a big partner to us. Historically, Dell SecureWorks worked with Carbon Black, but now they work with CrowdStrike because of customer demands.”

He added that the biggest innovation for CrowdStrike is the launch of the CrowdStrike Store. The CrowdStrike Store is an enterprise marketplace to discover, try, buy and deploy trusted partner applications that extend a company’s investment in the CrowdStrike Falcon Platform. The Store is organised into categories and solution so that businesses can install and buy applications all within one unified fully digital experience.

Moving forward, Michael pointed out while AI has a big role to play in cybersecurity, CrowdStrike continues to build on partnerships on IoT Security and network security. They want to work together with the various tech partners to come up with a better outcome for everyone.

You might also like
Most comment
share us your thought

0 Comment Log in or register to post comments