Jul 8, 2014 |
CrowdStrike

CrowdStrike™ Accredited by NSA for Cyber Incident Response Services

Company one of seven recommended by NSA to respond to and remediate cybersecurity incidents for compromised organizations.

IRVINE, Calif. – July 08, 2014 - CrowdStrike, a global provider of security technologies and services focused on identifying advanced threats and targeted attacks, announced today it is one of seven companies accredited by the National Security Agency (NSA) under its National Security Cyber Assistance Program.

The NSA developed the accreditation program in response to a need for trusted resources for victims of computer network breaches. Companies that qualified for the accreditation were assessed in 21 critical focus areas including intrusion detection, incident analysis and containment and remediation.

“CrowdStrike’s mission has always been to assist victim organizations mitigate the threat, and to remediate from, targeted attacks,” said Shawn Henry, President, CrowdStrike Services. “We are proud to receive this accreditation from the NSA and to be a trusted partner and resource for victim companies.”

CrowdStrike’s elite consultants provide proactive assessments, incident response and remediation services to a worldwide client base. To learn more about the company’s offerings, visit services.crowdstrike.com

About CrowdStrike Services

CrowdStrike Services, a wholly owned subsidiary of CrowdStrike, provides pre and post Incident Response services to proactively defend against and respond to cyber incidents. CrowdStrike’s seasoned team of Cyber Intelligence professionals, Incident Responders, and Malware Researchers consists of a number of internationally recognized authors, speakers, and experts who have worked on some of the most publicized and challenging intrusions and malware attacks in recent years. The CrowdStrike Services team leverages our Security Operations Center to monitor the full CrowdStrike Falcon Platform and provide cutting-edge advanced adversary intrusion detection services. The full spectrum of proactive and response services helps customers respond tactically as well as continually mature and strategically evolve Incident Response program capabilities.

About CrowdStrike

CrowdStrike is a global provider of security technology and services focused on identifying advanced threats and targeted attacks. Using big-data technologies, CrowdStrike’s next-generation threat protection platform leverages real-time Stateful Execution Inspection at the endpoint and Machine Learning in the cloud, instead of solely focusing on malware signatures, indicators of compromise, exploits, and vulnerabilities. The CrowdStrike Falcon Platform combines big data technologies and endpoint security driven by advanced threat intelligence. It enables enterprises to identify unknown malware, detect zero-day threats, pinpoint advanced adversaries and attribution, and prevent damage from targeted attacks in real time.

To learn more, please visit www.crowdstrike.com

You Don’t Have a Malware Problem. You Have an Adversary Problem.™

CrowdStrike

CrowdStrike™ Accredited by NSA for Cyber Incident Response Services

CrowdStrike™ Accredited by NSA for Cyber Incident Response Services

CrowdStrike™ Accredited by NSA for Cyber Incident Response Services

Company one of seven recommended by NSA to respond to and remediate cybersecurity incidents for compromised organizations.

IRVINE, Calif. – July 08, 2014 - CrowdStrike, a global provider of security technologies and services focused on identifying advanced threats and targeted attacks, announced today it is one of seven companies accredited by the National Security Agency (NSA) under its National Security Cyber Assistance Program.

The NSA developed the accreditation program in response to a need for trusted resources for victims of computer network breaches. Companies that qualified for the accreditation were assessed in 21 critical focus areas including intrusion detection, incident analysis and containment and remediation.

“CrowdStrike’s mission has always been to assist victim organizations mitigate the threat, and to remediate from, targeted attacks,” said Shawn Henry, President, CrowdStrike Services. “We are proud to receive this accreditation from the NSA and to be a trusted partner and resource for victim companies.”

CrowdStrike’s elite consultants provide proactive assessments, incident response and remediation services to a worldwide client base. To learn more about the company’s offerings, visit services.crowdstrike.com

About CrowdStrike Services

CrowdStrike Services, a wholly owned subsidiary of CrowdStrike, provides pre and post Incident Response services to proactively defend against and respond to cyber incidents. CrowdStrike’s seasoned team of Cyber Intelligence professionals, Incident Responders, and Malware Researchers consists of a number of internationally recognized authors, speakers, and experts who have worked on some of the most publicized and challenging intrusions and malware attacks in recent years. The CrowdStrike Services team leverages our Security Operations Center to monitor the full CrowdStrike Falcon Platform and provide cutting-edge advanced adversary intrusion detection services. The full spectrum of proactive and response services helps customers respond tactically as well as continually mature and strategically evolve Incident Response program capabilities.

About CrowdStrike

CrowdStrike is a global provider of security technology and services focused on identifying advanced threats and targeted attacks. Using big-data technologies, CrowdStrike’s next-generation threat protection platform leverages real-time Stateful Execution Inspection at the endpoint and Machine Learning in the cloud, instead of solely focusing on malware signatures, indicators of compromise, exploits, and vulnerabilities. The CrowdStrike Falcon Platform combines big data technologies and endpoint security driven by advanced threat intelligence. It enables enterprises to identify unknown malware, detect zero-day threats, pinpoint advanced adversaries and attribution, and prevent damage from targeted attacks in real time.

To learn more, please visit www.crowdstrike.com

You Don’t Have a Malware Problem. You Have an Adversary Problem.™

Company one of seven recommended by NSA to respond to and remediate cybersecurity incidents for compromised organizations.

IRVINE, Calif. – July 08, 2014 - CrowdStrike, a global provider of security technologies and services focused on identifying advanced threats and targeted attacks, announced today it is one of seven companies accredited by the National Security Agency (NSA) under its National Security Cyber Assistance Program.

The NSA developed the accreditation program in response to a need for trusted resources for victims of computer network breaches. Companies that quali...

Jun 9, 2014 |
NY Times

Second Chinese Army Unit Implicated in Cyberattacks

SAN FRANCISCO — The email attachment looked like a brochure for a yoga studio in Toulouse, France, the center of the European aerospace industry. But once it was opened, it allowed hackers to sidestep their victim’s network security and steal closely guarded satellite technology.

The fake yoga brochure was one of many clever come-ons used by a stealth Chinese military unit for hacking, say researchers at Crowdstrike, an Irvine, Calif., security company. Their targets were the networks of European, American and Japanese government entities, defense contractors and research companies in the space and satellite industry, systematically broken into for seven years.

Just weeks after the Justice Department indicted five members of the Chinese army, accusing them of cyberattacks on United States corporations, a new report by Crowdstrike, released Monday, offers more evidence of the breadth and ambition of China’s campaign to steal trade and military secrets from foreign victims.

NY Times

Second Chinese Army Unit Implicated in Cyberattacks

Second Chinese Army Unit Implicated in Cyberattacks

Second Chinese Army Unit Implicated in Cyberattacks

SAN FRANCISCO — The email attachment looked like a brochure for a yoga studio in Toulouse, France, the center of the European aerospace industry. But once it was opened, it allowed hackers to sidestep their victim’s network security and steal closely guarded satellite technology.

The fake yoga brochure was one of many clever come-ons used by a stealth Chinese military unit for hacking, say researchers at Crowdstrike, an Irvine, Calif., security company. Their targets were the networks of European, American and Japanese government entities, defense contractors and research companies in the space and satellite industry, systematically broken into for seven years.

Just weeks after the Justice Department indicted five members of the Chinese army, accusing them of cyberattacks on United States corporations, a new report by Crowdstrike, released Monday, offers more evidence of the breadth and ambition of China’s campaign to steal trade and military secrets from foreign victims.

SAN FRANCISCO — The email attachment looked like a brochure for a yoga studio in Toulouse, France, the center of the European aerospace industry. But once it was opened, it allowed hackers to sidestep their victim’s network security and steal closely guarded satellite technology.

The fake yoga brochure was one of many clever come-ons used by a stealth Chinese military unit for hacking, say researchers at Crowdstrike, an Irvine, Calif., security company. Their targets were the networks of European, American and Japanese government entities, defense contractors and research companies in...

May 20, 2014 |
Network World

Check Point builds seven-armed threat-intelligence sharing alliance

Network World - Check Point Software Technologies today announced an alliance with seven security firms to make use of their threat-intelligence feeds and fee data from those sources into Check Point security gateways to block attacks.

Check Point said the seven security firms are iSIGHT Partners, CrowdStrike, NetClean, PhishLabs, SenseCy, IID and ThreatGrid. Their cooperation in providing their threat-intelligence information in a way that Check Point security gateways can use for defensive purposes is part of what Check Point calls its Software-defined Protection program which it announced last February.

Alon Kantor, vice president of business development at Check Point, said the idea is that each of these seven security firms has valuable information about malware sources or impending denial-of-service attacks, for example, that can now be consolidated by Check Point in what it’s calling its ThreatCloud IntelliStore service.

Network World

Check Point builds seven-armed threat-intelligence sharing alliance

Check Point builds seven-armed threat-intelligence sharing alliance

Check Point builds seven-armed threat-intelligence sharing alliance

Network World - Check Point Software Technologies today announced an alliance with seven security firms to make use of their threat-intelligence feeds and fee data from those sources into Check Point security gateways to block attacks.

Check Point said the seven security firms are iSIGHT Partners, CrowdStrike, NetClean, PhishLabs, SenseCy, IID and ThreatGrid. Their cooperation in providing their threat-intelligence information in a way that Check Point security gateways can use for defensive purposes is part of what Check Point calls its Software-defined Protection program which it announced last February.

Alon Kantor, vice president of business development at Check Point, said the idea is that each of these seven security firms has valuable information about malware sources or impending denial-of-service attacks, for example, that can now be consolidated by Check Point in what it’s calling its ThreatCloud IntelliStore service.

Network World - Check Point Software Technologies today announced an alliance with seven security firms to make use of their threat-intelligence feeds and fee data from those sources into Check Point security gateways to block attacks.

Check Point said the seven security firms are iSIGHT Partners, CrowdStrike, NetClean, PhishLabs, SenseCy, IID and ThreatGrid. Their cooperation in providing their threat-intelligence information in a way that Check Point security gateways can use for defensive purposes is part of what Check Point calls its Software-defined Protection program which it an...

Apr 14, 2014 |
CrowdStrike

Chad Tilbury Joins CrowdStrike as Technical Director

Brings more than a decade of advanced forensics and incident response experience to CrowdStrike’s services team

Irvine, CA - April 14, 2014 - CrowdStrike Inc., a global provider of security technologies and services focused on identifying advanced threats and targeted attacks, today announced that Chad Tilbury has joined the company as its new Technical Director. In this role, Tilbury will provide technical leadership for the services team, driving innovation to support customers in a variety of offerings, including incident response, remediation, forensic support, penetration testing, intelligence operations, and counter-threat assessments.    

“Over the past two years, we’ve been extremely focused on building up our employee base, bringing in only the best and brightest in the industry that support the mission we have at CrowdStrike,” said Shawn Henry, President of CrowdStrike Services and CSO. “Chad has a proven track record as a leading forensics analysis and incident response expert and we’re thrilled to bring him onboard to help lead our services team.”

Tilbury brings over 15 years of experience in the computer security industry to CrowdStrike, specializing in intrusion incident response, digital forensic examinations, and corporate espionage investigations. His extensive law enforcement and international computer crime experience stems from working with a broad cross-section of Fortune 500 corporations and government agencies around the world. He has investigated and conducted computer forensics for numerous crimes, including hacking, abduction, espionage, intellectual property theft, and multi-million dollar fraud cases.  

During his service as a Special Agent with the Air Force Office of Special Investigations, Tilbury was a member of the National Intrusion Squad focusing on the largest US Department of Defense hacks with national security implications. Earlier in his career, Tilbury worked as a computer security engineer and forensic lead for a major defense contractor. He also served as the Vice President of Worldwide Internet Enforcement for the Motion Picture Association of America (MPAA) where he managed Internet anti-piracy operations and investigations for the seven major Hollywood studios in over sixty countries.  

Tilbury is a Senior Instructor and course author at the SANS Institute. In this capacity, he is responsible for educating thousands of students per year in advanced forensics and incident response techniques.  

CrowdStrike Services’ approach blends real-world cyber security experience with cutting-edge technologies to respond to targeted cyber intrusions and to proactively perform assessments to identify adversaries on your network. CrowdStrike’s seasoned team of Cyber Intelligence professionals, Incident Responders, and Malware Researchers consists of a number of internationally recognized authors, speakers, and experts who have worked on some of the most publicized and challenging intrusions and malware attacks in recent years.

For more information on CrowdStrike Services, please visit http://response.crowdstrike.com/services

About CrowdStrike

CrowdStrike Inc. is a global provider of security technology and services focused on identifying advanced threats and targeted attacks. Using big-data technologies, CrowdStrike’s next-generation threat protection platform leverages real-time Stateful Execution Inspection (SEI) at the endpoint and Machine Learning in the cloud instead of solely focusing on malware signatures, indicators of compromise, exploits, and vulnerabilities. The CrowdStrike Falcon Platform is a combination of big data technologies and endpoint security driven by advanced threat intelligence. CrowdStrike Falcon enables enterprises to identify unknown malware, detect zero-day threats, pinpoint advanced adversaries and attribution, and prevent damage from targeted attacks in real time.

To learn more, please visit www.crowdstrike.com

Additional Links

‪CrowdStrike Falcon Platform

‪CrowdStrike Blog

‪CrowdStrike Twitter

You Don’t Have a Malware Problem. You Have an Adversary Problem.™

CrowdStrike

Chad Tilbury Joins CrowdStrike as Technical Director

Chad Tilbury Joins CrowdStrike as Technical Director

Chad Tilbury Joins CrowdStrike as Technical Director

Brings more than a decade of advanced forensics and incident response experience to CrowdStrike’s services team

Irvine, CA - April 14, 2014 - CrowdStrike Inc., a global provider of security technologies and services focused on identifying advanced threats and targeted attacks, today announced that Chad Tilbury has joined the company as its new Technical Director. In this role, Tilbury will provide technical leadership for the services team, driving innovation to support customers in a variety of offerings, including incident response, remediation, forensic support, penetration testing, intelligence operations, and counter-threat assessments.    

“Over the past two years, we’ve been extremely focused on building up our employee base, bringing in only the best and brightest in the industry that support the mission we have at CrowdStrike,” said Shawn Henry, President of CrowdStrike Services and CSO. “Chad has a proven track record as a leading forensics analysis and incident response expert and we’re thrilled to bring him onboard to help lead our services team.”

Tilbury brings over 15 years of experience in the computer security industry to CrowdStrike, specializing in intrusion incident response, digital forensic examinations, and corporate espionage investigations. His extensive law enforcement and international computer crime experience stems from working with a broad cross-section of Fortune 500 corporations and government agencies around the world. He has investigated and conducted computer forensics for numerous crimes, including hacking, abduction, espionage, intellectual property theft, and multi-million dollar fraud cases.  

During his service as a Special Agent with the Air Force Office of Special Investigations, Tilbury was a member of the National Intrusion Squad focusing on the largest US Department of Defense hacks with national security implications. Earlier in his career, Tilbury worked as a computer security engineer and forensic lead for a major defense contractor. He also served as the Vice President of Worldwide Internet Enforcement for the Motion Picture Association of America (MPAA) where he managed Internet anti-piracy operations and investigations for the seven major Hollywood studios in over sixty countries.  

Tilbury is a Senior Instructor and course author at the SANS Institute. In this capacity, he is responsible for educating thousands of students per year in advanced forensics and incident response techniques.  

CrowdStrike Services’ approach blends real-world cyber security experience with cutting-edge technologies to respond to targeted cyber intrusions and to proactively perform assessments to identify adversaries on your network. CrowdStrike’s seasoned team of Cyber Intelligence professionals, Incident Responders, and Malware Researchers consists of a number of internationally recognized authors, speakers, and experts who have worked on some of the most publicized and challenging intrusions and malware attacks in recent years.

For more information on CrowdStrike Services, please visit http://response.crowdstrike.com/services

About CrowdStrike

CrowdStrike Inc. is a global provider of security technology and services focused on identifying advanced threats and targeted attacks. Using big-data technologies, CrowdStrike’s next-generation threat protection platform leverages real-time Stateful Execution Inspection (SEI) at the endpoint and Machine Learning in the cloud instead of solely focusing on malware signatures, indicators of compromise, exploits, and vulnerabilities. The CrowdStrike Falcon Platform is a combination of big data technologies and endpoint security driven by advanced threat intelligence. CrowdStrike Falcon enables enterprises to identify unknown malware, detect zero-day threats, pinpoint advanced adversaries and attribution, and prevent damage from targeted attacks in real time.

To learn more, please visit www.crowdstrike.com

Additional Links

‪CrowdStrike Falcon Platform

‪CrowdStrike Blog

‪CrowdStrike Twitter

You Don’t Have a Malware Problem. You Have an Adversary Problem.™

Brings more than a decade of advanced forensics and incident response experience to CrowdStrike’s services team

Irvine, CA - April 14, 2014 - CrowdStrike Inc., a global provider of security technologies and services focused on identifying advanced threats and targeted attacks, today announced that Chad Tilbury has joined the company as its new Technical Director. In this role, Tilbury will provide technical leadership for the services team, driving innovation to support customers in a variety of offerings, including incident response, remediation, forensic support, penetration testing...

Feb 24, 2014 |
CrowdStrike

CrowdStrike Inc. Partners with IBM to Launch Advanced Cyber Threat Intelligence Service

Irvine, CA - Feb 24, 2014 – CrowdStrike Inc., a global provider of security technologies and services focused on identifying advanced threats and targeted attacks, announced today a partnership with IBM to provide a new managed security service, Advanced Cyber Threat Intelligence Service.

The Advanced Cyber Threat Intelligence Service will help organizations lower the risks to critical information posed by external threats and respond rapidly to emerging threats with proactive protection. Planned for limited initial release in the first half of 2014, the managed service will combine leading intelligence, cutting-edge technologies, world-class analysts, and prioritized service delivery.

“The cyber security landscape has seen dramatic changes in recent years with the advent and evolution of new, growing, and ever-present cyber threats”, says CEO/President & Co-Founder of CrowdStrike, George Kurtz. “We look forward to combining cutting-edge technology with the experience of the IBM team to provide a solution that allows enterprises to keep pace and stay protected.”

"As targeted attacks and their impact become more serious, IBM's partnership with CrowdStrike brings a unique approach to providing our customers with the insight required to defend against the most advanced cyber threats", said Kris Lovejoy, General Manager, IBM Security Services. "By coupling best-of-breed intelligence capabilities with IBM's operational excellence and deep security expertise, our customers will be armed with a unique combination of deep and detailed threat insight with unparalleled global expertise in managed and professional security services to protect their enterprises and make better informed decisions on securing their IT infrastructure."   

Today’s advanced threats require organizations to have enhanced visibility into their data and security posture. CrowdStrike is proud to partner with IBM to provide a holistic view into an organization’s threat landscape and looks forward to collaborating on future IBM Global Technology Services offerings.

About CrowdStrike

CrowdStrike Inc. is a global provider of security technology and services focused on identifying advanced threats and targeted attacks. Using big-data technologies, CrowdStrike’s next-generation threat protection platform leverages real-time Stateful Execution Inspection (SEI) at the endpoint and Machine Learning in the cloud instead of solely focusing on malware signatures, indicators of compromise, exploits, and vulnerabilities. The CrowdStrike Falcon Platform is a combination of big data technologies and endpoint security driven by advanced threat intelligence. CrowdStrike Falcon enables enterprises to identify unknown malware, detect zero-day threats, pinpoint advanced adversaries and attribution, and prevent damage from targeted attacks in real time.

To learn more, please visit http://www.crowdstrike.com/intelligence

For more information about IBM, visit www.ibm.com

Additional Links

CrowdStrike Falcon Platform

CrowdStrike Blog

CrowdStrike Twitter

You Don’t Have a Malware Problem. You Have an Adversary Problem.™

All other brand names, product names, or trademarks belong to their respective owners.

CrowdStrike

CrowdStrike Inc. Partners with IBM to Launch Advanced Cyber Threat Intelligence Service

CrowdStrike Inc. Partners with IBM to Launch Advanced Cyber Threat Intelligence Service

CrowdStrike Inc. Partners with IBM to Launch Advanced Cyber Threat Intelligence Service

Irvine, CA - Feb 24, 2014 – CrowdStrike Inc., a global provider of security technologies and services focused on identifying advanced threats and targeted attacks, announced today a partnership with IBM to provide a new managed security service, Advanced Cyber Threat Intelligence Service.

The Advanced Cyber Threat Intelligence Service will help organizations lower the risks to critical information posed by external threats and respond rapidly to emerging threats with proactive protection. Planned for limited initial release in the first half of 2014, the managed service will combine leading intelligence, cutting-edge technologies, world-class analysts, and prioritized service delivery.

“The cyber security landscape has seen dramatic changes in recent years with the advent and evolution of new, growing, and ever-present cyber threats”, says CEO/President & Co-Founder of CrowdStrike, George Kurtz. “We look forward to combining cutting-edge technology with the experience of the IBM team to provide a solution that allows enterprises to keep pace and stay protected.”

"As targeted attacks and their impact become more serious, IBM's partnership with CrowdStrike brings a unique approach to providing our customers with the insight required to defend against the most advanced cyber threats", said Kris Lovejoy, General Manager, IBM Security Services. "By coupling best-of-breed intelligence capabilities with IBM's operational excellence and deep security expertise, our customers will be armed with a unique combination of deep and detailed threat insight with unparalleled global expertise in managed and professional security services to protect their enterprises and make better informed decisions on securing their IT infrastructure."   

Today’s advanced threats require organizations to have enhanced visibility into their data and security posture. CrowdStrike is proud to partner with IBM to provide a holistic view into an organization’s threat landscape and looks forward to collaborating on future IBM Global Technology Services offerings.

About CrowdStrike

CrowdStrike Inc. is a global provider of security technology and services focused on identifying advanced threats and targeted attacks. Using big-data technologies, CrowdStrike’s next-generation threat protection platform leverages real-time Stateful Execution Inspection (SEI) at the endpoint and Machine Learning in the cloud instead of solely focusing on malware signatures, indicators of compromise, exploits, and vulnerabilities. The CrowdStrike Falcon Platform is a combination of big data technologies and endpoint security driven by advanced threat intelligence. CrowdStrike Falcon enables enterprises to identify unknown malware, detect zero-day threats, pinpoint advanced adversaries and attribution, and prevent damage from targeted attacks in real time.

To learn more, please visit http://www.crowdstrike.com/intelligence

For more information about IBM, visit www.ibm.com

Additional Links

CrowdStrike Falcon Platform

CrowdStrike Blog

CrowdStrike Twitter

You Don’t Have a Malware Problem. You Have an Adversary Problem.™

All other brand names, product names, or trademarks belong to their respective owners.

Irvine, CA - Feb 24, 2014 – CrowdStrike Inc., a global provider of security technologies and services focused on identifying advanced threats and targeted attacks, announced today a partnership with IBM to provide a new managed security service, Advanced Cyber Threat Intelligence Service.

The Advanced Cyber Threat Intelligence Service will help organizations lower the risks to critical information posed by external threats and respond rapidly to emerging threats with proactive protection. Planned for limited initial release in the first half of 2014, the managed service will combine l...

Feb 20, 2014 |
CrowdStrike

CrowdStrike Releases Endpoint Activity Monitoring Application

New Application Delivers Real-time Forensics, Automated Protection, and Visibility into Endpoint Activities

Irvine, CA - Feb 20, 2014 – CrowdStrike Inc., a global provider of security technologies and services focused on identifying advanced threats and targeted attacks, announced today the availability of Endpoint Activity Monitoring (EAM), an application on the CrowdStrike Falcon Platform. The CrowdStrike EAM application is powered by Splunk® software through an agreement with Splunk Inc. (NASDAQ: SPLK).

The CrowdStrike Endpoint Activity Monitoring (EAM) application gives customers the ability to gain real-time insight into attacks and to explore the rich Stateful Execution Inspection (SEI) data collected by Falcon Host sensors. Previously recorded adversary activity is available for on-demand recall and continuous in-the-cloud analysis and empowers key investigative tasks, such as breach discovery. CrowdStrike EAM offers real-time host forensics by tracking execution events on all systems at all times, shortening the window between infection and remediation.

“CrowdStrike brings the ability to identify attacks and prevent damage in real time through our CrowdStrike Falcon Platform, which embeds Splunk software as a machine data platform for the search, alerting, reporting and analytics capabilities of our EAM application,” says CEO/President & Co-Founder, George Kurtz. “CrowdStrike is looking forward to continued collaboration and innovation with Splunk as we bring additional capabilities and functionality to the market through our platform applications.”

The CrowdStrike Falcon Platform enables enterprises to identify unknown malware, detect zero-day threats, pinpoint advanced adversaries, provide attribution, and prevent damage from targeted attacks in real-time. CrowdStrike applications leverage the power of the platform to bring revolutionary new capabilities to the market from endpoint monitoring, threat detection, and prevention to cyber threat intelligence.

The Endpoint Activity Monitoring application is now available on the CrowdStrike Falcon Platform. To request a demo of CrowdStrike EAM, contact CrowdStrike Sales for more information.

About Splunk Inc.

Splunk Inc. (NASDAQ: SPLK) provides the leading software platform for real-time Operational Intelligence. Splunk® software and cloud services enable organizations to search, monitor, analyze and visualize machine-generated big data coming from websites, applications, servers, networks, sensors and mobile devices. More than 6,400 enterprises, government agencies, universities and service providers in over 90 countries use Splunk software to deepen business and customer understanding, mitigate cybersecurity risk, prevent fraud, improve service performance and reduce cost. Splunk products include Splunk® Enterprise, Splunk Cloud™, Splunk Storm®, Hunk™: Splunk Analytics for Hadoop and premium Splunk Apps. To learn more, please visit http://www.splunk.com/company.

Social MediaTwitter LinkedIn YouTube Facebook

About CrowdStrike

CrowdStrike Inc. is a global provider of security technology and services focused on identifying advanced threats and targeted attacks. Using big-data technologies, CrowdStrike’s next-generation threat protection platform leverages real-time Stateful Execution Inspection (SEI) at the endpoint and Machine Learning in the cloud instead of solely focusing on malware signatures, indicators of compromise, exploits, and vulnerabilities. The CrowdStrike Falcon Platform is a combination of big data technologies and endpoint security driven by advanced threat intelligence. CrowdStrike Falcon enables enterprises to identify unknown malware, detect zero-day threats, pinpoint advanced adversaries and attribution, and prevent damage from targeted attacks in real time.

To learn more, please visit www.crowdstrike.com

Additional Links

CrowdStrike Falcon Platform | CrowdStrike Blog | CrowdStrike Twitter

You Don’t Have a Malware Problem. You Have an Adversary Problem.™

All other brand names, product names, or trademarks belong to their respective owners.

CrowdStrike

CrowdStrike Releases Endpoint Activity Monitoring Application

CrowdStrike Releases Endpoint Activity Monitoring Application

CrowdStrike Releases Endpoint Activity Monitoring Application

New Application Delivers Real-time Forensics, Automated Protection, and Visibility into Endpoint Activities

Irvine, CA - Feb 20, 2014 – CrowdStrike Inc., a global provider of security technologies and services focused on identifying advanced threats and targeted attacks, announced today the availability of Endpoint Activity Monitoring (EAM), an application on the CrowdStrike Falcon Platform. The CrowdStrike EAM application is powered by Splunk® software through an agreement with Splunk Inc. (NASDAQ: SPLK).

The CrowdStrike Endpoint Activity Monitoring (EAM) application gives customers the ability to gain real-time insight into attacks and to explore the rich Stateful Execution Inspection (SEI) data collected by Falcon Host sensors. Previously recorded adversary activity is available for on-demand recall and continuous in-the-cloud analysis and empowers key investigative tasks, such as breach discovery. CrowdStrike EAM offers real-time host forensics by tracking execution events on all systems at all times, shortening the window between infection and remediation.

“CrowdStrike brings the ability to identify attacks and prevent damage in real time through our CrowdStrike Falcon Platform, which embeds Splunk software as a machine data platform for the search, alerting, reporting and analytics capabilities of our EAM application,” says CEO/President & Co-Founder, George Kurtz. “CrowdStrike is looking forward to continued collaboration and innovation with Splunk as we bring additional capabilities and functionality to the market through our platform applications.”

The CrowdStrike Falcon Platform enables enterprises to identify unknown malware, detect zero-day threats, pinpoint advanced adversaries, provide attribution, and prevent damage from targeted attacks in real-time. CrowdStrike applications leverage the power of the platform to bring revolutionary new capabilities to the market from endpoint monitoring, threat detection, and prevention to cyber threat intelligence.

The Endpoint Activity Monitoring application is now available on the CrowdStrike Falcon Platform. To request a demo of CrowdStrike EAM, contact CrowdStrike Sales for more information.

About Splunk Inc.

Splunk Inc. (NASDAQ: SPLK) provides the leading software platform for real-time Operational Intelligence. Splunk® software and cloud services enable organizations to search, monitor, analyze and visualize machine-generated big data coming from websites, applications, servers, networks, sensors and mobile devices. More than 6,400 enterprises, government agencies, universities and service providers in over 90 countries use Splunk software to deepen business and customer understanding, mitigate cybersecurity risk, prevent fraud, improve service performance and reduce cost. Splunk products include Splunk® Enterprise, Splunk Cloud™, Splunk Storm®, Hunk™: Splunk Analytics for Hadoop and premium Splunk Apps. To learn more, please visit http://www.splunk.com/company.

Social MediaTwitter LinkedIn YouTube Facebook

About CrowdStrike

CrowdStrike Inc. is a global provider of security technology and services focused on identifying advanced threats and targeted attacks. Using big-data technologies, CrowdStrike’s next-generation threat protection platform leverages real-time Stateful Execution Inspection (SEI) at the endpoint and Machine Learning in the cloud instead of solely focusing on malware signatures, indicators of compromise, exploits, and vulnerabilities. The CrowdStrike Falcon Platform is a combination of big data technologies and endpoint security driven by advanced threat intelligence. CrowdStrike Falcon enables enterprises to identify unknown malware, detect zero-day threats, pinpoint advanced adversaries and attribution, and prevent damage from targeted attacks in real time.

To learn more, please visit www.crowdstrike.com

Additional Links

CrowdStrike Falcon Platform | CrowdStrike Blog | CrowdStrike Twitter

You Don’t Have a Malware Problem. You Have an Adversary Problem.™

All other brand names, product names, or trademarks belong to their respective owners.

New Application Delivers Real-time Forensics, Automated Protection, and Visibility into Endpoint Activities

Irvine, CA - Feb 20, 2014 – CrowdStrike Inc., a global provider of security technologies and services focused on identifying advanced threats and targeted attacks, announced today the availability of Endpoint Activity Monitoring (EAM), an application on the CrowdStrike Falcon Platform. The CrowdStrike EAM application is powered by Splunk® software through an agreement with Splunk Inc. (NASDAQ: SPLK).

The CrowdStrike Endpoint Activity Monitoring (EAM) application gives cust...

Jan 24, 2014 |
The Washington Post

Researchers say they see Russian hackers’ hands in cyber espionage against Western energy interests

Russian hackers appear to be targeting Western energy interests for cyber espionage, according to a report to be issued Wednesday by a security research firm. Though researchers at CrowdStrike say they do not have definitive proof, they say they found links between command and control servers to Russian-language hosting services. If true, it would be one of the first reports alleging Russian cyber efforts aimed at U.S. and European energy companies. Up to now, most reports have focused on the Chinese.
The Washington Post

Researchers say they see Russian hackers’ hands in cyber espionage against Western energy interests

Researchers say they see Russian hackers’ hands in cyber espionage against Western energy interests

Researchers say they see Russian hackers’ hands in cyber espionage against Western energy interests

Russian hackers appear to be targeting Western energy interests for cyber espionage, according to a report to be issued Wednesday by a security research firm. Though researchers at CrowdStrike say they do not have definitive proof, they say they found links between command and control servers to Russian-language hosting services. If true, it would be one of the first reports alleging Russian cyber efforts aimed at U.S. and European energy companies. Up to now, most reports have focused on the Chinese.

Russian hackers appear to be targeting Western energy interests for cyber espionage, according to a report to be issued Wednesday by a security research firm. Though researchers at CrowdStrike say they do not have definitive proof, they say they found links between command and control servers to Russian-language hosting services. If true, it would be one of the first reports alleging Russian cyber efforts aimed at U.S. and European energy companies. Up to now, most reports have focused on the Chinese.
Jan 24, 2014 |
NY Times

New Security Report Confirms Everyone Is Spying on Everyone

Lest we forget, the National Security Agency is in good company. A new security report confirms that Chinese hackers spied on The New York Times in 2012, as well as attendees of the G20 Summit in St. Petersburg last fall. Iranian hackers spied on dissidents in the lead up to state elections last May. The Syrian Electronic Army is only getting better, and North Korean hackers were behind a destructive cyberattack that wiped data from South Korean banks last year.
NY Times

New Security Report Confirms Everyone Is Spying on Everyone

New Security Report Confirms Everyone Is Spying on Everyone

New Security Report Confirms Everyone Is Spying on Everyone

Lest we forget, the National Security Agency is in good company. A new security report confirms that Chinese hackers spied on The New York Times in 2012, as well as attendees of the G20 Summit in St. Petersburg last fall. Iranian hackers spied on dissidents in the lead up to state elections last May. The Syrian Electronic Army is only getting better, and North Korean hackers were behind a destructive cyberattack that wiped data from South Korean banks last year.

Lest we forget, the National Security Agency is in good company. A new security report confirms that Chinese hackers spied on The New York Times in 2012, as well as attendees of the G20 Summit in St. Petersburg last fall. Iranian hackers spied on dissidents in the lead up to state elections last May. The Syrian Electronic Army is only getting better, and North Korean hackers were behind a destructive cyberattack that wiped data from South Korean banks last year.
Jan 24, 2014 |
Reuters

Russia hacked hundreds of Western, Asian companies: security firm

A U.S. cybersecurity firm says it has gathered evidence that the Russian government spied on hundreds of American, European and Asian companies, the first time Moscow has been linked to cyber attacks for alleged economic - rather than political - gains. According to the firm, CrowdStrike, the victims of the previously unreported cyber espionage campaign include energy and technology firms, some of which have lost valuable intellectual property.
Reuters

Russia hacked hundreds of Western, Asian companies: security firm

Russia hacked hundreds of Western, Asian companies: security firm

Russia hacked hundreds of Western, Asian companies: security firm

A U.S. cybersecurity firm says it has gathered evidence that the Russian government spied on hundreds of American, European and Asian companies, the first time Moscow has been linked to cyber attacks for alleged economic - rather than political - gains. According to the firm, CrowdStrike, the victims of the previously unreported cyber espionage campaign include energy and technology firms, some of which have lost valuable intellectual property.

A U.S. cybersecurity firm says it has gathered evidence that the Russian government spied on hundreds of American, European and Asian companies, the first time Moscow has been linked to cyber attacks for alleged economic - rather than political - gains. According to the firm, CrowdStrike, the victims of the previously unreported cyber espionage campaign include energy and technology firms, some of which have lost valuable intellectual property.
Jan 22, 2014 |
CrowdStrike

New CrowdStrike Report Offers Unprecedented Insight on World’s Most Sophisticated Cyber Attackers

CrowdStrike’s 2013 Global Threats Report Identifies Motivation and Intent Behind Cyber Attacks Originating from China, Russia, Syria, and Iran

IRVINE, Calif. – January 22, 2014 – CrowdStrike, a global provider of security technologies and services focused on identifying advanced threats and targeted attacks, today released “CrowdStrike Global Threats Report: 2013 Year in Review,” the product of CrowdStrike’s year-long study of more than 50 groups of cyber threat actors. The 30-plus page report offers insight into the evolving behaviors of these cyber attackers, naming groups in China, Iran, Russia, North Korea, and Syria that are responsible for some of the world’s most recent and visible online attacks.

“Organizations need to take an intelligence driven approach to security - proactively responding to advanced threats by prioritizing their limited resources,” said George Kurtz, CEO/President & Co-Founder of Crowdstrike. “The information in this report allows security professionals to differentiate between targeted and commodity attacks, thus saving time and focusing on the most critical threats to the enterprise.”

“With this report, we’re going above and beyond the traditional ‘threat report’ that simply analyzes malware trends,” said Dmitri Alperovitch, co-founder and CTO of CrowdStrike. “This report focuses on what’s most important -- the adversary -- rather than just the exploits they create. This is a great step toward fighting cyber security threats on a new battleground -- by identifying and defending against human adversaries, rather than simply trying to block malicious code.”

In addition to profiling some of the world’s most prominent threat actors, the CrowdStrike Global Threats Report offers a look at some of these attackers’ most popular tactics and techniques for breaching the defenses of a targeted organization. For example, the report offers a detailed analysis of how several organized threat groups are using strategic web compromise (SWC) – sometimes called “watering holes” – to penetrate a target by infecting the websites most frequently surfed by its members. SWC attacks on the Council on Foreign Relations, the U.S. Department of Labor, and several foreign embassies are described in detail in the report.

“Compromising and weaponizing a legitimate website has significant advantages over spear phishing, which historically has been the most common method of launching a targeted attack,” said Adam Meyers, VP of Intelligence at CrowdStrike. “A strategic web compromise does not require social engineering a victim, which can expose an adversary to detection. We believe this will tactic will be used with increasing frequency among the adversaries that we are tracking.”

The CrowdStrike Global Threats Report offers insight on the activities of several sophisticated groups of attackers, including:

DEADEYE JACKAL, commonly known as the Syrian Electronic Army (SEA)
NUMBERED PANDA, a group of China-based attackers, who conducted a number of spear phishing attacks in 2013
MAGIC KITTEN, an established group of cyber attackers based in Iran, who carried on several campaigns in 2013, including a series of attacks targeting political dissidents and those supporting Iranian political opposition
ENERGETIC BEAR, a Russia-based group that collects intelligence on the energy industry
EMISSARY PANDA, a China-based actor that targets foreign embassies to collect data on government, defense, and technology sectors

The report offers predictions on the evolution of sophisticated adversaries in 2014. CrowdStrike predicts that 2014 will bring increased targeting of third-party vendors, abuse of the Internet’s new generic top-level domains (gTLDs), and vulnerabilities in Windows XP, which will reach end-of-life from Microsoft this April. The report predicts increased use of encryption to help protect and obfuscate malware; greater use of black markets for buying and selling custom-made malware; and increased targeting of attacks around major events, such as the Olympics, the 2014 G20 Summit, and major national elections. In the wake of the recent breaches of major retailers, the CrowdStrike team also discusses the evolution of cyber criminals, who are beginning to develop capabilities to identify and breach specific targets in pursuit of sensitive account data.

“One of the advantages of focusing on adversaries, rather than malicious code, is that humans have detectable habits and often make mistakes,” said Meyers. “We believe that the data we have collected here is not only a good summary of what happened in 2013, but a harbinger of the attacks to come in 2014. This is the type of information that enterprises can use to develop better, more effective defenses.”

CrowdStrike’s full Global Threats Report: 2013 Year In Review is available for download here.

About CrowdStrike
CrowdStrike is a global provider of security technology and services focused on identifying advanced threats and targeted attacks. Using big-data technologies, CrowdStrike’s next-generation threat protection platform leverages real-time Stateful Execution Inspection (SEI) at the endpoint and Machine Learning in the cloud instead of solely focusing on malware signatures, indicators of compromise, exploits, and vulnerabilities. The CrowdStrike Falcon Platform is a combination of big data technologies and endpoint security driven by advanced threat intelligence. CrowdStrike Falcon enables enterprises to identify unknown malware, detect zero-day threats, pinpoint advanced adversaries and attribution, and prevent damage from targeted attacks in real time.

To learn more, please visit www.crowdstrike.com
You Don’t Have a Malware Problem. You Have an Adversary Problem.™

CrowdStrike

New CrowdStrike Report Offers Unprecedented Insight on World’s Most Sophisticated Cyber Attackers

New CrowdStrike Report Offers Unprecedented Insight on World’s Most Sophisticated Cyber Attackers

New CrowdStrike Report Offers Unprecedented Insight on World’s Most Sophisticated Cyber Attackers

CrowdStrike’s 2013 Global Threats Report Identifies Motivation and Intent Behind Cyber Attacks Originating from China, Russia, Syria, and Iran

IRVINE, Calif. – January 22, 2014 – CrowdStrike, a global provider of security technologies and services focused on identifying advanced threats and targeted attacks, today released “CrowdStrike Global Threats Report: 2013 Year in Review,” the product of CrowdStrike’s year-long study of more than 50 groups of cyber threat actors. The 30-plus page report offers insight into the evolving behaviors of these cyber attackers, naming groups in China, Iran, Russia, North Korea, and Syria that are responsible for some of the world’s most recent and visible online attacks.

“Organizations need to take an intelligence driven approach to security - proactively responding to advanced threats by prioritizing their limited resources,” said George Kurtz, CEO/President & Co-Founder of Crowdstrike. “The information in this report allows security professionals to differentiate between targeted and commodity attacks, thus saving time and focusing on the most critical threats to the enterprise.”

“With this report, we’re going above and beyond the traditional ‘threat report’ that simply analyzes malware trends,” said Dmitri Alperovitch, co-founder and CTO of CrowdStrike. “This report focuses on what’s most important -- the adversary -- rather than just the exploits they create. This is a great step toward fighting cyber security threats on a new battleground -- by identifying and defending against human adversaries, rather than simply trying to block malicious code.”

In addition to profiling some of the world’s most prominent threat actors, the CrowdStrike Global Threats Report offers a look at some of these attackers’ most popular tactics and techniques for breaching the defenses of a targeted organization. For example, the report offers a detailed analysis of how several organized threat groups are using strategic web compromise (SWC) – sometimes called “watering holes” – to penetrate a target by infecting the websites most frequently surfed by its members. SWC attacks on the Council on Foreign Relations, the U.S. Department of Labor, and several foreign embassies are described in detail in the report.

“Compromising and weaponizing a legitimate website has significant advantages over spear phishing, which historically has been the most common method of launching a targeted attack,” said Adam Meyers, VP of Intelligence at CrowdStrike. “A strategic web compromise does not require social engineering a victim, which can expose an adversary to detection. We believe this will tactic will be used with increasing frequency among the adversaries that we are tracking.”

The CrowdStrike Global Threats Report offers insight on the activities of several sophisticated groups of attackers, including:

DEADEYE JACKAL, commonly known as the Syrian Electronic Army (SEA)
NUMBERED PANDA, a group of China-based attackers, who conducted a number of spear phishing attacks in 2013
MAGIC KITTEN, an established group of cyber attackers based in Iran, who carried on several campaigns in 2013, including a series of attacks targeting political dissidents and those supporting Iranian political opposition
ENERGETIC BEAR, a Russia-based group that collects intelligence on the energy industry
EMISSARY PANDA, a China-based actor that targets foreign embassies to collect data on government, defense, and technology sectors

The report offers predictions on the evolution of sophisticated adversaries in 2014. CrowdStrike predicts that 2014 will bring increased targeting of third-party vendors, abuse of the Internet’s new generic top-level domains (gTLDs), and vulnerabilities in Windows XP, which will reach end-of-life from Microsoft this April. The report predicts increased use of encryption to help protect and obfuscate malware; greater use of black markets for buying and selling custom-made malware; and increased targeting of attacks around major events, such as the Olympics, the 2014 G20 Summit, and major national elections. In the wake of the recent breaches of major retailers, the CrowdStrike team also discusses the evolution of cyber criminals, who are beginning to develop capabilities to identify and breach specific targets in pursuit of sensitive account data.

“One of the advantages of focusing on adversaries, rather than malicious code, is that humans have detectable habits and often make mistakes,” said Meyers. “We believe that the data we have collected here is not only a good summary of what happened in 2013, but a harbinger of the attacks to come in 2014. This is the type of information that enterprises can use to develop better, more effective defenses.”

CrowdStrike’s full Global Threats Report: 2013 Year In Review is available for download here.

About CrowdStrike
CrowdStrike is a global provider of security technology and services focused on identifying advanced threats and targeted attacks. Using big-data technologies, CrowdStrike’s next-generation threat protection platform leverages real-time Stateful Execution Inspection (SEI) at the endpoint and Machine Learning in the cloud instead of solely focusing on malware signatures, indicators of compromise, exploits, and vulnerabilities. The CrowdStrike Falcon Platform is a combination of big data technologies and endpoint security driven by advanced threat intelligence. CrowdStrike Falcon enables enterprises to identify unknown malware, detect zero-day threats, pinpoint advanced adversaries and attribution, and prevent damage from targeted attacks in real time.

To learn more, please visit www.crowdstrike.com
You Don’t Have a Malware Problem. You Have an Adversary Problem.™

CrowdStrike’s 2013 Global Threats Report Identifies Motivation and Intent Behind Cyber Attacks Originating from China, Russia, Syria, and Iran

IRVINE, Calif. – January 22, 2014 – CrowdStrike, a global provider of security technologies and services focused on identifying advanced threats and targeted attacks, today released “CrowdStrike Global Threats Report: 2013 Year in Review,” the product of CrowdStrike’s year-long study of more than 50 groups of cyber threat actors. The 30-plus page report offers insight into the evolving behaviors of these cyber attackers, naming groups in China,...

Jun 6, 2013 |
NBC

Chinese hackers a ‘significant threat’ to US

Shawn Henry, President of CrowdStrike Services, tells NBC's Michael Isikoff there's "little doubt" the Chinese government has an aggressive electronic espionage program targeting the US government and the commercial sector. 

 

 

 

NBC

Chinese hackers a ‘significant threat’ to US

Chinese hackers a ‘significant threat’ to US

Chinese hackers a ‘significant threat’ to US

Shawn Henry, President of CrowdStrike Services, tells NBC's Michael Isikoff there's "little doubt" the Chinese government has an aggressive electronic espionage program targeting the US government and the commercial sector. 

 

 

 

Shawn Henry, President of CrowdStrike Services, tells NBC's Michael Isikoff there's "little doubt" the Chinese government has an aggressive electronic espionage program targeting the US government and the commercial sector. 

 

 

 
Feb 13, 2013 |
NPR

Victims of Cyberattacks Get Proactive Against Intruders

U.S. companies that have their networks routinely penetrated and their trade secrets stolen cannot be surprised by a new National Intelligence Estimate on the cyber-espionage threat. The classified NIE, the first-ever focusing on cybersecurity, concludes that the U.S. is the target of a major espionage campaign, with China the leading culprit.

Private firms and government agencies have struggled with cyberattacks from China and other countries for years. Many are angry about the constant intrusions into their networks, and in frustration some want to turn the tables on their attackers.

"There is no way that we are going to win the cybersecurity effort on defense," says Steven Chabinsky, formerly the FBI's top cyber-attorney. "We have to go on the offensive."

After leaving the FBI, Chabinsky took a position as chief risk officer at CrowdStrike, a firm set up to serve companies ready to take the cybersecurity fight to their adversaries.

NPR

Victims of Cyberattacks Get Proactive Against Intruders

Victims of Cyberattacks Get Proactive Against Intruders

Victims of Cyberattacks Get Proactive Against Intruders

U.S. companies that have their networks routinely penetrated and their trade secrets stolen cannot be surprised by a new National Intelligence Estimate on the cyber-espionage threat. The classified NIE, the first-ever focusing on cybersecurity, concludes that the U.S. is the target of a major espionage campaign, with China the leading culprit.

Private firms and government agencies have struggled with cyberattacks from China and other countries for years. Many are angry about the constant intrusions into their networks, and in frustration some want to turn the tables on their attackers.

"There is no way that we are going to win the cybersecurity effort on defense," says Steven Chabinsky, formerly the FBI's top cyber-attorney. "We have to go on the offensive."

After leaving the FBI, Chabinsky took a position as chief risk officer at CrowdStrike, a firm set up to serve companies ready to take the cybersecurity fight to their adversaries.

U.S. companies that have their networks routinely penetrated and their trade secrets stolen cannot be surprised by a new National Intelligence Estimate on the cyber-espionage threat. The classified NIE, the first-ever focusing on cybersecurity, concludes that the U.S. is the target of a major espionage campaign, with China the leading culprit.

Private firms and government agencies have struggled with cyberattacks from China and other countries for years. Many are angry about the constant intrusions into their networks, and in frustration some want to turn the tables on their attackers...

May 10, 2012 |
NPR

Cybersecurity Firms Ditch Defense, Learn To 'Hunt'

A new entrant in the field is CrowdStrike, a company co-founded by Dmitri Alperovitch, the former chief of threat research at McAfee, where he led a team that uncovered several major cyber-espionage intrusions from China.

For Alperovitch, the key element in the APT phenomenon is the persistence of the threat.

"There's really no organization, including government agencies, that can prevent this type of attack," Alperovitch says. "So you need to shift your mode into thinking that you are always in a state of compromise, and you need to start thinking about how to hunt on the network."

This is the new cybersecurity game: hunting the cyber adversary, tracking him down wherever he goes on a computer network, and confronting him over and over.

NPR

Cybersecurity Firms Ditch Defense, Learn To 'Hunt'

Cybersecurity Firms Ditch Defense, Learn To 'Hunt'

Cybersecurity Firms Ditch Defense, Learn To 'Hunt'

A new entrant in the field is CrowdStrike, a company co-founded by Dmitri Alperovitch, the former chief of threat research at McAfee, where he led a team that uncovered several major cyber-espionage intrusions from China.

For Alperovitch, the key element in the APT phenomenon is the persistence of the threat.

"There's really no organization, including government agencies, that can prevent this type of attack," Alperovitch says. "So you need to shift your mode into thinking that you are always in a state of compromise, and you need to start thinking about how to hunt on the network."

This is the new cybersecurity game: hunting the cyber adversary, tracking him down wherever he goes on a computer network, and confronting him over and over.

A new entrant in the field is CrowdStrike, a company co-founded by Dmitri Alperovitch, the former chief of threat research at McAfee, where he led a team that uncovered several major cyber-espionage intrusions from China.

For Alperovitch, the key element in the APT phenomenon is the persistence of the threat.

"There's really no organization, including government agencies, that can prevent this type of attack," Alperovitch says. "So you need to shift your mode into thinking that you are always in a state of compromise, and you need to start thinking about how to hunt on the netwo...

Apr 26, 2012 |
NPR

Could Iran Wage A Cyberwar On The U.S.?

The big fear in the U.S. is that a cyberattacker could penetrate a computer system that controls a critical asset like the power grid and shut it down. Such an effort is probably beyond the capability of Iranian actors right now, according to cybersecurity experts. But a less ambitious approach would be to hack into the U.S. banking systems and modify the financial data. Alperovitch, whose new company CrowdStrike focuses on cyberthreats from nation-states, says such an attack is well within Iran's current capability.

"If you can get into those systems and modify those records, you can cause dramatic havoc that can be very long lasting," he says.

NPR

Could Iran Wage A Cyberwar On The U.S.?

Could Iran Wage A Cyberwar On The U.S.?

Could Iran Wage A Cyberwar On The U.S.?

The big fear in the U.S. is that a cyberattacker could penetrate a computer system that controls a critical asset like the power grid and shut it down. Such an effort is probably beyond the capability of Iranian actors right now, according to cybersecurity experts. But a less ambitious approach would be to hack into the U.S. banking systems and modify the financial data. Alperovitch, whose new company CrowdStrike focuses on cyberthreats from nation-states, says such an attack is well within Iran's current capability.

"If you can get into those systems and modify those records, you can cause dramatic havoc that can be very long lasting," he says.

The big fear in the U.S. is that a cyberattacker could penetrate a computer system that controls a critical asset like the power grid and shut it down. Such an effort is probably beyond the capability of Iranian actors right now, according to cybersecurity experts. But a less ambitious approach would be to hack into the U.S. banking systems and modify the financial data. Alperovitch, whose new company CrowdStrike focuses on cyberthreats from nation-states, says such an attack is well within Iran's current capability.

"If you can get into those systems and modify those records, you can...

Jun 9, 2014 |
NY Times

Second Chinese Army Unit Implicated in Cyberattacks

SAN FRANCISCO — The email attachment looked like a brochure for a yoga studio in Toulouse, France, the center of the European aerospace industry. But once it was opened, it allowed hackers to sidestep their victim’s network security and steal closely guarded satellite technology.

The fake yoga brochure was one of many clever come-ons used by a stealth Chinese military unit for hacking, say researchers at Crowdstrike, an Irvine, Calif., security company. Their targets were the networks of European, American and Japanese government entities, defense contractors and research companies in the space and satellite industry, systematically broken into for seven years.

Just weeks after the Justice Department indicted five members of the Chinese army, accusing them of cyberattacks on United States corporations, a new report by Crowdstrike, released Monday, offers more evidence of the breadth and ambition of China’s campaign to steal trade and military secrets from foreign victims.

NY Times

Second Chinese Army Unit Implicated in Cyberattacks

Second Chinese Army Unit Implicated in Cyberattacks

Second Chinese Army Unit Implicated in Cyberattacks

SAN FRANCISCO — The email attachment looked like a brochure for a yoga studio in Toulouse, France, the center of the European aerospace industry. But once it was opened, it allowed hackers to sidestep their victim’s network security and steal closely guarded satellite technology.

The fake yoga brochure was one of many clever come-ons used by a stealth Chinese military unit for hacking, say researchers at Crowdstrike, an Irvine, Calif., security company. Their targets were the networks of European, American and Japanese government entities, defense contractors and research companies in the space and satellite industry, systematically broken into for seven years.

Just weeks after the Justice Department indicted five members of the Chinese army, accusing them of cyberattacks on United States corporations, a new report by Crowdstrike, released Monday, offers more evidence of the breadth and ambition of China’s campaign to steal trade and military secrets from foreign victims.

SAN FRANCISCO — The email attachment looked like a brochure for a yoga studio in Toulouse, France, the center of the European aerospace industry. But once it was opened, it allowed hackers to sidestep their victim’s network security and steal closely guarded satellite technology.

The fake yoga brochure was one of many clever come-ons used by a stealth Chinese military unit for hacking, say researchers at Crowdstrike, an Irvine, Calif., security company. Their targets were the networks of European, American and Japanese government entities, defense contractors and research companies in...

Jan 24, 2014 |
NY Times

New Security Report Confirms Everyone Is Spying on Everyone

Lest we forget, the National Security Agency is in good company. A new security report confirms that Chinese hackers spied on The New York Times in 2012, as well as attendees of the G20 Summit in St. Petersburg last fall. Iranian hackers spied on dissidents in the lead up to state elections last May. The Syrian Electronic Army is only getting better, and North Korean hackers were behind a destructive cyberattack that wiped data from South Korean banks last year.
NY Times

New Security Report Confirms Everyone Is Spying on Everyone

New Security Report Confirms Everyone Is Spying on Everyone

New Security Report Confirms Everyone Is Spying on Everyone

Lest we forget, the National Security Agency is in good company. A new security report confirms that Chinese hackers spied on The New York Times in 2012, as well as attendees of the G20 Summit in St. Petersburg last fall. Iranian hackers spied on dissidents in the lead up to state elections last May. The Syrian Electronic Army is only getting better, and North Korean hackers were behind a destructive cyberattack that wiped data from South Korean banks last year.

Lest we forget, the National Security Agency is in good company. A new security report confirms that Chinese hackers spied on The New York Times in 2012, as well as attendees of the G20 Summit in St. Petersburg last fall. Iranian hackers spied on dissidents in the lead up to state elections last May. The Syrian Electronic Army is only getting better, and North Korean hackers were behind a destructive cyberattack that wiped data from South Korean banks last year.
Feb 20, 2013 |
NY Times

Some Victims of Online Hacking Edge Into the Light

SAN FRANCISCO — Hackers have hit thousands of American corporations in the last few years, but few companies ever publicly admit it. Most treat online attacks as a dirty secret best kept from customers, shareholders and competitors, lest the disclosure sink their stock price and tarnish them as hapless. Rarely have companies broken that silence, usually when the attack is reported by someone else. But in the last few weeks more companies have stepped forward. Twitter, Facebook and Apple have all announced that they were attacked by sophisticated cybercriminals. The New York Times revealed its experience with hackers in a front-page article last month.

The admissions reflect the new way some companies are calculating the risks and benefits of going public. While companies once feared shareholder lawsuits and the ire of the Chinese government, some can’t help noticing that those that make the disclosures are lauded, as Google was, for their bravery. Some fear the embarrassment of being unable to fend off hackers who may still be in high school.

 

NY Times

Some Victims of Online Hacking Edge Into the Light

Some Victims of Online Hacking Edge Into the Light

Some Victims of Online Hacking Edge Into the Light

SAN FRANCISCO — Hackers have hit thousands of American corporations in the last few years, but few companies ever publicly admit it. Most treat online attacks as a dirty secret best kept from customers, shareholders and competitors, lest the disclosure sink their stock price and tarnish them as hapless. Rarely have companies broken that silence, usually when the attack is reported by someone else. But in the last few weeks more companies have stepped forward. Twitter, Facebook and Apple have all announced that they were attacked by sophisticated cybercriminals. The New York Times revealed its experience with hackers in a front-page article last month.

The admissions reflect the new way some companies are calculating the risks and benefits of going public. While companies once feared shareholder lawsuits and the ire of the Chinese government, some can’t help noticing that those that make the disclosures are lauded, as Google was, for their bravery. Some fear the embarrassment of being unable to fend off hackers who may still be in high school.

 

SAN FRANCISCO — Hackers have hit thousands of American corporations in the last few years, but few companies ever publicly admit it. Most treat online attacks as a dirty secret best kept from customers, shareholders and competitors, lest the disclosure sink their stock price and tarnish them as hapless. Rarely have companies broken that silence, usually when the attack is reported by someone else. But in the last few weeks more companies have stepped forward. Twitter, Facebook and Apple have all announced that they were attacked by sophisticated cybercriminals. The New York Times revealed i...

Apr 24, 2012 |
NY Times

Nissan Is Latest Company to Get Hacked

The attack is just the latest in a string of cyberattacks on corporations, the majority of which, experts say, go undisclosed or unnoticed.

“There are two types of companies: companies that have been breached and companies that don’t know they’ve been breached,” Shawn Henry, the F.B.I.’s top former cyber cop who recently joined the cybersecurity start-up CrowdStrike, said in an interview. “I’ve seen behind the curtain. I’ve been in all the briefings. I can’t go into the particulars because it’s classified, but the vast majority of companies have been breached.”

Attributing the breaches back to specific actors can be difficult, Mr. Henry noted, but said “The primary adversary is foreign intelligence services that are stealing corporate information.”

NY Times

Nissan Is Latest Company to Get Hacked

Nissan Is Latest Company to Get Hacked

Nissan Is Latest Company to Get Hacked

The attack is just the latest in a string of cyberattacks on corporations, the majority of which, experts say, go undisclosed or unnoticed.

“There are two types of companies: companies that have been breached and companies that don’t know they’ve been breached,” Shawn Henry, the F.B.I.’s top former cyber cop who recently joined the cybersecurity start-up CrowdStrike, said in an interview. “I’ve seen behind the curtain. I’ve been in all the briefings. I can’t go into the particulars because it’s classified, but the vast majority of companies have been breached.”

Attributing the breaches back to specific actors can be difficult, Mr. Henry noted, but said “The primary adversary is foreign intelligence services that are stealing corporate information.”

The attack is just the latest in a string of cyberattacks on corporations, the majority of which, experts say, go undisclosed or unnoticed.

“There are two types of companies: companies that have been breached and companies that don’t know they’ve been breached,” Shawn Henry, the F.B.I.’s top former cyber cop who recently joined the cybersecurity start-up CrowdStrike, said in an interview. “I’ve seen behind the curtain. I’ve been in all the briefings. I can’t go into the particulars because it’s classified, but the vast majority of companies have been breached.”

Attributing the b...

Mar 28, 2012 |
NY Times

Cybersecurity Researchers Team Up to Combat Online Crime

Last Friday, Microsoft employees and federal marshals raided command centers in Pennsylvania and Illinois used by criminals to run a botnet, a cluster of infected computers used to steal personal and financial information from millions of victims.

But two days earlier, a separate group of cybersecurity researchers based in San Francisco quietly took down another botnet using more technical means. The five researchers, from four security firms — Crowdstrike, Dell SecureWorks, the Honeynet Project and Kaspersky Labs – worked together to decrypt and successfully commandeer the so-called Kelihos.b botnet that was using over 100,000 infected computers to blast pharmaceutical spam and, in some cases, steal Bitcoins, a virtual currency that is impossible to recover once stolen.

NY Times

Cybersecurity Researchers Team Up to Combat Online Crime

Cybersecurity Researchers Team Up to Combat Online Crime

Cybersecurity Researchers Team Up to Combat Online Crime

Last Friday, Microsoft employees and federal marshals raided command centers in Pennsylvania and Illinois used by criminals to run a botnet, a cluster of infected computers used to steal personal and financial information from millions of victims.

But two days earlier, a separate group of cybersecurity researchers based in San Francisco quietly took down another botnet using more technical means. The five researchers, from four security firms — Crowdstrike, Dell SecureWorks, the Honeynet Project and Kaspersky Labs – worked together to decrypt and successfully commandeer the so-called Kelihos.b botnet that was using over 100,000 infected computers to blast pharmaceutical spam and, in some cases, steal Bitcoins, a virtual currency that is impossible to recover once stolen.

Last Friday, Microsoft employees and federal marshals raided command centers in Pennsylvania and Illinois used by criminals to run a botnet, a cluster of infected computers used to steal personal and financial information from millions of victims.

But two days earlier, a separate group of cybersecurity researchers based in San Francisco quietly took down another botnet using more technical means. The five researchers, from four security firms — Crowdstrike, Dell SecureWorks, the Honeynet Project and Kaspersky Labs – worked together to decrypt and successfully commandeer the so-called...

Aug 10, 2013 |
The Economist

Firewalls and Firefights

“IF SOMEONE is shooting at you, the last thing you should focus on is the calibre of the bullet,” says George Kurtz, the boss of CrowdStrike, a young tech company. Seated at a coffee table at Black Hat, a conference for the cyber-security industry held in Las Vegas recently, Mr Kurtz is expounding on the fundamental flaw he sees in the way many firms deal with cyber-intrusions. Most, he says, spend too much time trying to work out what hit them and far too little trying to understand the motivations of their attackers and how to counter future assaults.

CrowdStrike is a vocal advocate of “active defence” technologies that are generating much buzz in the cyber-security world. Their proponents argue that those who think firewalls, antivirus programmes and other security software are enough to keep their networks safe are kidding themselves. Instead, companies should work on the assumption that their systems have been breached, and take the fight to the hackers. The methods they prescribe include planting false information on their systems to mislead data thieves, and creating “honeypot” servers, decoys that gather information about intruders.

The Economist

Firewalls and Firefights

Firewalls and Firefights

Firewalls and Firefights

“IF SOMEONE is shooting at you, the last thing you should focus on is the calibre of the bullet,” says George Kurtz, the boss of CrowdStrike, a young tech company. Seated at a coffee table at Black Hat, a conference for the cyber-security industry held in Las Vegas recently, Mr Kurtz is expounding on the fundamental flaw he sees in the way many firms deal with cyber-intrusions. Most, he says, spend too much time trying to work out what hit them and far too little trying to understand the motivations of their attackers and how to counter future assaults.

CrowdStrike is a vocal advocate of “active defence” technologies that are generating much buzz in the cyber-security world. Their proponents argue that those who think firewalls, antivirus programmes and other security software are enough to keep their networks safe are kidding themselves. Instead, companies should work on the assumption that their systems have been breached, and take the fight to the hackers. The methods they prescribe include planting false information on their systems to mislead data thieves, and creating “honeypot” servers, decoys that gather information about intruders.

“IF SOMEONE is shooting at you, the last thing you should focus on is the calibre of the bullet,” says George Kurtz, the boss of CrowdStrike, a young tech company. Seated at a coffee table at Black Hat, a conference for the cyber-security industry held in Las Vegas recently, Mr Kurtz is expounding on the fundamental flaw he sees in the way many firms deal with cyber-intrusions. Most, he says, spend too much time trying to work out what hit them and far too little trying to understand the motivations of their attackers and how to counter future assaults.

CrowdStrike is a vocal advocate...

Aug 4, 2012 |
The Economist

The company that spooked the world

Over the past ten years or so, Chinese telecoms firms such as Huawei and ZTE, another telecoms-equipment provider, have expanded from their vast home market to become global players. This is a worry not just for the rich-world incumbents under threat but also for those responsible for the integrity of critical infrastructure such as phone systems. They fear that the companies’ networking gear and software could be used by China’s spooks to eavesdrop on sensitive communications, or that it might contain “kill switches” which would allow China to disable the systems involved in the event of a conflict. “I think it’s ridiculous to allow a Chinese company with connections to the Chinese government and the People’s Liberation Army (PLA) to have access to a network,” says Dmitri Alperovitch of CrowdStrike, a web-security outfit.

The Economist

The company that spooked the world

The company that spooked the world

The company that spooked the world

Over the past ten years or so, Chinese telecoms firms such as Huawei and ZTE, another telecoms-equipment provider, have expanded from their vast home market to become global players. This is a worry not just for the rich-world incumbents under threat but also for those responsible for the integrity of critical infrastructure such as phone systems. They fear that the companies’ networking gear and software could be used by China’s spooks to eavesdrop on sensitive communications, or that it might contain “kill switches” which would allow China to disable the systems involved in the event of a conflict. “I think it’s ridiculous to allow a Chinese company with connections to the Chinese government and the People’s Liberation Army (PLA) to have access to a network,” says Dmitri Alperovitch of CrowdStrike, a web-security outfit.

Over the past ten years or so, Chinese telecoms firms such as Huawei and ZTE, another telecoms-equipment provider, have expanded from their vast home market to become global players. This is a worry not just for the rich-world incumbents under threat but also for those responsible for the integrity of critical infrastructure such as phone systems. They fear that the companies’ networking gear and software could be used by China’s spooks to eavesdrop on sensitive communications, or that it might contain “kill switches” which would allow China to disable the systems involved in the event of a...

May 20, 2013 |
New Yorker

Network Insecurity: Are we losing the battle against cyber crime?

Richard McFeely, of the F.B.I., is a former insurance adjuster from Unionville, in eastern Pennsylvania horse country. He has a friendly face, meaty hands, and a folksy speaking style that doesn’t seem very F.B.I.-like. “Call me Rick,” he said, when I met him at his office, in Washington, coming around his wide desk and gesturing toward the soft furniture in the front part of the room.

McFeely, who is fifty-one, and whose official title is executive assistant director (“E.A.D.,” in office shorthand), oversees about sixty per cent of F.B.I. operations, including the Cyber Division: some one thousand agents, analysts, forensic specialists, and computer scientists. The bureau has made several high-profile takedowns in recent years, including the dismantling of the Coreflood botnet, a network of millions of infected “zombie” computers, or bots, controlled by a Russian hacking crew.

“But we are just touching the tip of the surface in terms of what companies and what government agencies are at the most risk,” McFeely said, shaking his big head ruefully. “We simply don’t have the resources to monitor the mammoth quantity of intrusions that are going on out there.” Shawn Henry, McFeely’s predecessor at the F.B.I., told me, “When I started in my career, in the late eighties, if there was a bank robbery, the pool of suspects was limited to the people who were in the vicinity at the time. Now when a bank is robbed the pool of suspects is limited to the number of people in the world with access to a five-hundred-dollar laptop and an Internet connection. Which today is two and a half billion people.” And instead of stealing just one person’s credit card, you can steal from millions of people at the same time. This may have happened when, in 2011, PlayStation’s gaming network was hacked and its members’ credit-card data compromised. . . .

New Yorker

Network Insecurity: Are we losing the battle against cyber crime?

Network Insecurity: Are we losing the battle against cyber crime?

Network Insecurity: Are we losing the battle against cyber crime?

Richard McFeely, of the F.B.I., is a former insurance adjuster from Unionville, in eastern Pennsylvania horse country. He has a friendly face, meaty hands, and a folksy speaking style that doesn’t seem very F.B.I.-like. “Call me Rick,” he said, when I met him at his office, in Washington, coming around his wide desk and gesturing toward the soft furniture in the front part of the room.

McFeely, who is fifty-one, and whose official title is executive assistant director (“E.A.D.,” in office shorthand), oversees about sixty per cent of F.B.I. operations, including the Cyber Division: some one thousand agents, analysts, forensic specialists, and computer scientists. The bureau has made several high-profile takedowns in recent years, including the dismantling of the Coreflood botnet, a network of millions of infected “zombie” computers, or bots, controlled by a Russian hacking crew.

“But we are just touching the tip of the surface in terms of what companies and what government agencies are at the most risk,” McFeely said, shaking his big head ruefully. “We simply don’t have the resources to monitor the mammoth quantity of intrusions that are going on out there.” Shawn Henry, McFeely’s predecessor at the F.B.I., told me, “When I started in my career, in the late eighties, if there was a bank robbery, the pool of suspects was limited to the people who were in the vicinity at the time. Now when a bank is robbed the pool of suspects is limited to the number of people in the world with access to a five-hundred-dollar laptop and an Internet connection. Which today is two and a half billion people.” And instead of stealing just one person’s credit card, you can steal from millions of people at the same time. This may have happened when, in 2011, PlayStation’s gaming network was hacked and its members’ credit-card data compromised. . . .

Richard McFeely, of the F.B.I., is a former insurance adjuster from Unionville, in eastern Pennsylvania horse country. He has a friendly face, meaty hands, and a folksy speaking style that doesn’t seem very F.B.I.-like. “Call me Rick,” he said, when I met him at his office, in Washington, coming around his wide desk and gesturing toward the soft furniture in the front part of the room.

McFeely, who is fifty-one, and whose official title is executive assistant director (“E.A.D.,” in office shorthand), oversees about sixty per cent of F.B.I. operations, including the Cyber Division: som...

May 22, 2013 |
Bloomberg

Sanctions Seen by Commission as Deterring China Theft

The U.S. should consider new laws to let American companies better defend themselves against cyberattacks from Chinese-based hackers, said a commission led by two former advisers to President Barack Obama.

The Treasury Department should be empowered to deny access to the U.S. banking system to companies from China and other countries that benefit from stolen data, and sanctions could be imposed on those found to benefit from theft, the commission said in a report released today.

“New laws might be considered for corporations and individuals to protect themselves in an environment where law enforcement is very limited,” the Commission on the Theft of American Intellectual Property said. The commission is headed by Jon Huntsman, Obama’s former ambassador to China who ran as a Republican for president, and Dennis Blair, Obama’s first director of national intelligence.

The commission didn’t conclude that U.S. companies should be able to conduct retaliatory cyberattacks, known as hacking back, which has been the subject of a policy debate among U.S. policy makers and computer security experts.

Bloomberg

Sanctions Seen by Commission as Deterring China Theft

Sanctions Seen by Commission as Deterring China Theft

Sanctions Seen by Commission as Deterring China Theft

The U.S. should consider new laws to let American companies better defend themselves against cyberattacks from Chinese-based hackers, said a commission led by two former advisers to President Barack Obama.

The Treasury Department should be empowered to deny access to the U.S. banking system to companies from China and other countries that benefit from stolen data, and sanctions could be imposed on those found to benefit from theft, the commission said in a report released today.

“New laws might be considered for corporations and individuals to protect themselves in an environment where law enforcement is very limited,” the Commission on the Theft of American Intellectual Property said. The commission is headed by Jon Huntsman, Obama’s former ambassador to China who ran as a Republican for president, and Dennis Blair, Obama’s first director of national intelligence.

The commission didn’t conclude that U.S. companies should be able to conduct retaliatory cyberattacks, known as hacking back, which has been the subject of a policy debate among U.S. policy makers and computer security experts.

The U.S. should consider new laws to let American companies better defend themselves against cyberattacks from Chinese-based hackers, said a commission led by two former advisers to President Barack Obama.

The Treasury Department should be empowered to deny access to the U.S. banking system to companies from China and other countries that benefit from stolen data, and sanctions could be imposed on those found to benefit from theft, the commission said in a report released today.

“New laws might be considered for corporations and individuals to protect themselves in an environmen...

Apr 18, 2012 |
CBS

FBI cyber expert joins private firm CrowdStrike

One of the FBI's top cyber experts, Shawn Henry, has joined a new company, CrowdStrike, which bills itself as a "stealth-mode security start-up." Amid the established field, CrowdStrike is taking a ninja approach, advertising for "kick a** coders, consultants and experts" to help companies in their "pursuit of the enemy."

In a mission statement and video message posted on the company's website, Henry explained his decision to retire from the FBI last month at the age of 50. He said he can "continue to hunt the adversary" from the private sector as well as he did as an FBI agent and senior executive. He also said he relishes working "with meat-eaters again, not vegetarians - not that there's anything wrong with that," he said.

CBS

FBI cyber expert joins private firm CrowdStrike

FBI cyber expert joins private firm CrowdStrike

FBI cyber expert joins private firm CrowdStrike

One of the FBI's top cyber experts, Shawn Henry, has joined a new company, CrowdStrike, which bills itself as a "stealth-mode security start-up." Amid the established field, CrowdStrike is taking a ninja approach, advertising for "kick a** coders, consultants and experts" to help companies in their "pursuit of the enemy."

In a mission statement and video message posted on the company's website, Henry explained his decision to retire from the FBI last month at the age of 50. He said he can "continue to hunt the adversary" from the private sector as well as he did as an FBI agent and senior executive. He also said he relishes working "with meat-eaters again, not vegetarians - not that there's anything wrong with that," he said.

One of the FBI's top cyber experts, Shawn Henry, has joined a new company, CrowdStrike, which bills itself as a "stealth-mode security start-up." Amid the established field, CrowdStrike is taking a ninja approach, advertising for "kick a** coders, consultants and experts" to help companies in their "pursuit of the enemy."

In a mission statement and video message posted on the company's website, Henry explained his decision to retire from the FBI last month at the age of 50. He said he can "continue to hunt the adversary" from the private sector as well as he did as an FBI agent and se...

May 24, 2013 |
CNN

Weighing the threat of cyber war

Imagine that with a few keystrokes by a foreign enemy armed with nothing more than a laptop, an American city is suddenly plunged into darkness. Air traffic controllers watch their radar screens go black. A critical banking system is taken down, causing a financial crisis. Hospitals cannot operate. Clean water is no longer available.

With the looming specter of cyber warfare, that is the kind of threat the United States faces from enemies abroad, according to warnings from top intelligence and military officials.

It is the kind of thing that keeps former Secretary of Defense Leon Panetta awake at night:

"The collective results of theses kinds of attacks could be a cyber Pearl Harbor. An attack that would cause physical destruction and the loss of life," Panetta said in October 2012.

On Friday, The Wall Street Journal reported that Iran hacked U.S. oil, gas, and power companies. The hackers are far enough inside, that people are starting to get really worried.

"Power grids, electricity, communications, transportation - the critical infrastructure that lets us to do our day-to-day jobs, it's all run by computers." said Shawn Henry, former executive assistant director of the FBI.

CNN

Weighing the threat of cyber war

Weighing the threat of cyber war

Weighing the threat of cyber war

Imagine that with a few keystrokes by a foreign enemy armed with nothing more than a laptop, an American city is suddenly plunged into darkness. Air traffic controllers watch their radar screens go black. A critical banking system is taken down, causing a financial crisis. Hospitals cannot operate. Clean water is no longer available.

With the looming specter of cyber warfare, that is the kind of threat the United States faces from enemies abroad, according to warnings from top intelligence and military officials.

It is the kind of thing that keeps former Secretary of Defense Leon Panetta awake at night:

"The collective results of theses kinds of attacks could be a cyber Pearl Harbor. An attack that would cause physical destruction and the loss of life," Panetta said in October 2012.

On Friday, The Wall Street Journal reported that Iran hacked U.S. oil, gas, and power companies. The hackers are far enough inside, that people are starting to get really worried.

"Power grids, electricity, communications, transportation - the critical infrastructure that lets us to do our day-to-day jobs, it's all run by computers." said Shawn Henry, former executive assistant director of the FBI.

Imagine that with a few keystrokes by a foreign enemy armed with nothing more than a laptop, an American city is suddenly plunged into darkness. Air traffic controllers watch their radar screens go black. A critical banking system is taken down, causing a financial crisis. Hospitals cannot operate. Clean water is no longer available.

With the looming specter of cyber warfare, that is the kind of threat the United States faces from enemies abroad, according to warnings from top intelligence and military officials.

It is the kind of thing that keeps former Secretary of Defense Leo...

Jan 24, 2014 |
The Washington Post

Researchers say they see Russian hackers’ hands in cyber espionage against Western energy interests

Russian hackers appear to be targeting Western energy interests for cyber espionage, according to a report to be issued Wednesday by a security research firm. Though researchers at CrowdStrike say they do not have definitive proof, they say they found links between command and control servers to Russian-language hosting services. If true, it would be one of the first reports alleging Russian cyber efforts aimed at U.S. and European energy companies. Up to now, most reports have focused on the Chinese.
The Washington Post

Researchers say they see Russian hackers’ hands in cyber espionage against Western energy interests

Researchers say they see Russian hackers’ hands in cyber espionage against Western energy interests

Researchers say they see Russian hackers’ hands in cyber espionage against Western energy interests

Russian hackers appear to be targeting Western energy interests for cyber espionage, according to a report to be issued Wednesday by a security research firm. Though researchers at CrowdStrike say they do not have definitive proof, they say they found links between command and control servers to Russian-language hosting services. If true, it would be one of the first reports alleging Russian cyber efforts aimed at U.S. and European energy companies. Up to now, most reports have focused on the Chinese.

Russian hackers appear to be targeting Western energy interests for cyber espionage, according to a report to be issued Wednesday by a security research firm. Though researchers at CrowdStrike say they do not have definitive proof, they say they found links between command and control servers to Russian-language hosting services. If true, it would be one of the first reports alleging Russian cyber efforts aimed at U.S. and European energy companies. Up to now, most reports have focused on the Chinese.
Oct 9, 2013 |
The Washington Post

Steve Chabinsky: How do you bring the private sector in to help with cybersecurity?

You have traditional lines of business that really never did have to worry about security before and so they’re really unprepared. The government really has to figure out: How do you stop the bad guys here? We’ve figured out in the private-sector world how to professionalize security services that work with, not against, law enforcement. I think that’s an area to explore. How do you bring the private sector in a professionalized way to help with security?

The Washington Post

Steve Chabinsky: How do you bring the private sector in to help with cybersecurity?

Steve Chabinsky: How do you bring the private sector in to help with cybersecurity?

Steve Chabinsky: How do you bring the private sector in to help with cybersecurity?

You have traditional lines of business that really never did have to worry about security before and so they’re really unprepared. The government really has to figure out: How do you stop the bad guys here? We’ve figured out in the private-sector world how to professionalize security services that work with, not against, law enforcement. I think that’s an area to explore. How do you bring the private sector in a professionalized way to help with security?

You have traditional lines of business that really never did have to worry about security before and so they’re really unprepared. The government really has to figure out: How do you stop the bad guys here? We’ve figured out in the private-sector world how to professionalize security services that work with, not against, law enforcement. I think that’s an area to explore. How do you bring the private sector in a professionalized way to help with security?

Sep 16, 2012 |
The Washington Post

Cybersecurity should be more active, official says

The federal government has taken a “failed approach” to cybersecurity, with efforts that focus on reducing vulnerabilities rather than actively deterring attackers, according to one of the FBI’s top former cyber officials.

Steven Chabinsky, a 17-year bureau veteran who stepped down this month as the FBI’s top cyber lawyer, argued that the movement to set security standards for companies — which has been a goal for the Obama administration and the focus of congressional debate — is useful only “in the margins.”

The Washington Post

Cybersecurity should be more active, official says

Cybersecurity should be more active, official says

Cybersecurity should be more active, official says

The federal government has taken a “failed approach” to cybersecurity, with efforts that focus on reducing vulnerabilities rather than actively deterring attackers, according to one of the FBI’s top former cyber officials.

Steven Chabinsky, a 17-year bureau veteran who stepped down this month as the FBI’s top cyber lawyer, argued that the movement to set security standards for companies — which has been a goal for the Obama administration and the focus of congressional debate — is useful only “in the margins.”

The federal government has taken a “failed approach” to cybersecurity, with efforts that focus on reducing vulnerabilities rather than actively deterring attackers, according to one of the FBI’s top former cyber officials.

Steven Chabinsky, a 17-year bureau veteran who stepped down this month as the FBI’s top cyber lawyer, argued that the movement to set security standards for companies — which has been a goal for the Obama administration and the focus of congressional debate — is useful only “in the margins.”

May 23, 2013 |
zdnet

Online businesses need citizens' arrest powers: Alperovitch

As a US commission debates whether companies should be allowed to retaliate against hackers, CrowdStrike co-founder and CTO Dmitri Alperovitch believes that more companies should be taking matters into their own hands with what they can already do.

Speaking at AusCERT 2013 at the Gold Coast, Queensland, the former McAfee Threat Research vice-president said that companies could use deception, misinformation, and malware to raise the bar against adversaries.

He said that when it comes to targeted attacks, adding layers of defence only delays the inevitable, since the return that hackers obtained — intellectual property that can sell for millions, if not billions — makes it worth taking the time and effort to defeat them. Worse still, Alperovitch said that defenders are losing the arms race against hackers, since defences tend to cost much more than attackers' offensive techniques and weapons.

To balance the engagement, Alperovitch said that there are a number of tools that businesses could use to throw off their attackers, even while remaining within the law. One such tool is the use of misinformation.

Alperovitch said that if, for example, Boeing were hacked, it could leave blueprints for its aircraft that would contain subtle flaws or inefficiencies that make building the aircraft a complete waste of time for the competition. Similarly, false information could be used to throw off foreign intelligence agencies that may have many more times the resources than a company, allowing them to balance the attack in their favour.

"There is nothing more impactful to an intelligence agency than not being able to trust your sources," he said.

Another tactic that companies could employ is the online equivalent of the dye pack used in banks to identify robbers. Businesses could bait attackers into infecting themselves with malware purposefully placed on their servers, disguised as company documents, he said. Such malware could then phone home or alert authorities.

zdnet

Online businesses need citizens' arrest powers: Alperovitch

Online businesses need citizens' arrest powers: Alperovitch

Online businesses need citizens' arrest powers: Alperovitch

As a US commission debates whether companies should be allowed to retaliate against hackers, CrowdStrike co-founder and CTO Dmitri Alperovitch believes that more companies should be taking matters into their own hands with what they can already do.

Speaking at AusCERT 2013 at the Gold Coast, Queensland, the former McAfee Threat Research vice-president said that companies could use deception, misinformation, and malware to raise the bar against adversaries.

He said that when it comes to targeted attacks, adding layers of defence only delays the inevitable, since the return that hackers obtained — intellectual property that can sell for millions, if not billions — makes it worth taking the time and effort to defeat them. Worse still, Alperovitch said that defenders are losing the arms race against hackers, since defences tend to cost much more than attackers' offensive techniques and weapons.

To balance the engagement, Alperovitch said that there are a number of tools that businesses could use to throw off their attackers, even while remaining within the law. One such tool is the use of misinformation.

Alperovitch said that if, for example, Boeing were hacked, it could leave blueprints for its aircraft that would contain subtle flaws or inefficiencies that make building the aircraft a complete waste of time for the competition. Similarly, false information could be used to throw off foreign intelligence agencies that may have many more times the resources than a company, allowing them to balance the attack in their favour.

"There is nothing more impactful to an intelligence agency than not being able to trust your sources," he said.

Another tactic that companies could employ is the online equivalent of the dye pack used in banks to identify robbers. Businesses could bait attackers into infecting themselves with malware purposefully placed on their servers, disguised as company documents, he said. Such malware could then phone home or alert authorities.

As a US commission debates whether companies should be allowed to retaliate against hackers, CrowdStrike co-founder and CTO Dmitri Alperovitch believes that more companies should be taking matters into their own hands with what they can already do.

Speaking at AusCERT 2013 at the Gold Coast, Queensland, the former McAfee Threat Research vice-president said that companies could use deception, misinformation, and malware to raise the bar against adversaries.

He said that when it comes to targeted attacks, adding layers of defence only delays the inevitable, since the return that h...

Feb 27, 2012 |
zdnet

Android drive-by download attack via phishing SMS

Summary: A new security start-up focused on helping businesses deal with targeted attacks plans to showcase a drive-by download that plans malware silently on Android smart phones.

A new security start-up focused on helping high-profile businesses deal with targeted attacks and advanced persistent threats (APTs) plans to showcase a drive-by download that plants malware silently on Android smart phones.

CrowdStrike, which emerged from stealth mode last week with $26 million in funding, says the attack is delivered via spear-phishing SMS messages that lure users to a link that exploits a WebKit zero-day vulnerability.

zdnet

Android drive-by download attack via phishing SMS

Android drive-by download attack via phishing SMS

Android drive-by download attack via phishing SMS

Summary: A new security start-up focused on helping businesses deal with targeted attacks plans to showcase a drive-by download that plans malware silently on Android smart phones.

A new security start-up focused on helping high-profile businesses deal with targeted attacks and advanced persistent threats (APTs) plans to showcase a drive-by download that plants malware silently on Android smart phones.

CrowdStrike, which emerged from stealth mode last week with $26 million in funding, says the attack is delivered via spear-phishing SMS messages that lure users to a link that exploits a WebKit zero-day vulnerability.

Summary: A new security start-up focused on helping businesses deal with targeted attacks plans to showcase a drive-by download that plans malware silently on Android smart phones.

A new security start-up focused on helping high-profile businesses deal with targeted attacks and advanced persistent threats (APTs) plans to showcase a drive-by download that plants malware silently on Android smart phones.

CrowdStrike, which emerged from stealth mode last week with $26 million in funding, says the attack is delivered via spear-phishing SMS messages that lure users to a link that exp...