It seems like a long time ago, but RSA 2020 was only at the end of February. Although we’re currently battling the COVID-19 pandemic and racing to address current challenges, it’s worthwhile to take a look at the larger picture: Many of the trends and issues facing our industry will continue once the crisis has passed. During the week of RSA, I sat down with Sydney-based Michael Sentonas, CrowdStrike’s new Chief Technology Officer, who’s been helping spearhead the company’s global technology strategy for the last four years. He took a few minutes to share his perspectives on the overall cybersecurity landscape.
The cybersecurity industry has changed dramatically over the last five years, but the pace of change in the last 12 months has been staggering. Organizations don’t buy a product to use it for 12 months — they want to use it for two or three years. But after they’ve bought technology, they’re looking for the vendor, and that vendor doesn’t exist anymore. We’ve seen a number of acquisitions, we’ve seen a number of organizations being broken apart, and that creates a lot of uncertainty.
Many people are nervous about niche vendors, and that could impact innovation. If you go back three to five years, people were eager to adopt bleeding-edge. But now, a lot of people are saying, “Well, I’m not sure if that company will exist in six or 12 months.”
Traditionally, it’s been a choice between the large vendors — who have been buying up some of the niche vendors and trying to integrate those technologies into their existing product suites — and the niche vendors that are just going after a little piece of the cybersecurity puzzle and leaving it up to end users to try to knit it all together and make it work.
Why Simplicity Is Key
Organizations have a business to run. Unless they’re built to be a systems integrator, they don’t want to stitch 10 or 20 products together. And that’s been the problem in the industry. We’ve seen a lot of the big players acquire 10 or 20 different vendors. All of that integration is hard, and the people that unfortunately suffer are the end users — multiple reboots to roll out new components, new modules, multiple management servers, and sometimes it doesn’t work.
Think about what it takes for an organization to respond to an incident when they have five places to look. How do they fix it? They may buy a SIEM (security information and event management) system, but that becomes another product they have to roll out. They have to get telemetry from multiple systems into the next one, and that complexity just causes more and more problems. At CrowdStrike, we can install within 10 seconds. The end-user experience? They see a pop-up. And that can be suppressed. The agent’s running, it doesn’t slow down their system. They can keep doing their business, and they know that they’re safe and secure.
The U.S., Australia and most European countries are aggressive in adopting newer technologies, including the cloud. But some regions are somewhat more cloud-averse when it comes to security. There are some interesting data privacy regulations you need to be aware of when you do business in Korea. Singapore has had a few issues, so they’re quite nervous about having a public infrastructure and public offices connect to the cloud. GDPR (General Data Protection Regulation) has driven a lot of interesting data privacy changes and regulations, certainly when you look at countries like Germany. We have an amazing team that looks at data privacy and regulations, and understands the public policy positions. CrowdStrike actually can help companies become more compliant.
When people think about GDPR, the natural response is it’s a cloud platform. Am I going to have a GDPR problem? We help accelerate your path to being GDPR-compliant, because you have so much visibility with the CrowdStrike Falcon® platform. I chuckle when the industry argues about prevention versus detection — you can’t do either without great visibility, and that’s what we were founded on. We can help an organization with hygiene and compliance, in addition to prevention, detection, response and stopping a breach.
We’ve seen massive adoption of cloud technology in banking and finance, as you would expect, and also in verticals like aviation — where security is incredibly important because they manage so much data and important information — and telecoms around the world. If you read our 2020 Global Threat Report, telecoms are being aggressively attacked both by eCrime actors and a number of different nation-states.
We’re focusing on cloud workload security and protection. We’re born in the cloud, we have cloud-native architecture, and we provide security hygiene as people start to move more of their workloads to the cloud. We’ve focused traditionally on AWS (Amazon Web Services), and now we’ve extended that capability into Google GCP (Google Cloud Platform) and Microsoft Azure, and added the ability to auto-provision the sensor into Google GCP environments as well.
Some companies that become CrowdStrike customers come to us because they’ve had a different product that failed. They’ve had an incident, they’ve had a breach, and they’ve asked us to help them with recovery. So for those situations, we’ve launched our new Endpoint Recovery Services. Now, when people come to us with a problem, we accelerate the time to help them recover and act as quickly as possible to help them remediate and get their business up and running again very, very quickly.
Our new firewall module extends the capability of our Falcon endpoint protection to allow people to manage and configure their Windows firewall with a single agent. For me, simplicity’s huge — one of the worst things that you can do in security is have a complex architecture. It’s incredibly important to combine many capabilities into our single-agent architecture. We’ve announced a number of new integrations with other vendors through our CrowdStrike Store ecosystem. Our partnership is extending with ServiceNow, as an example.
Why the MITRE ATT&CK Framework Matters
For the majority of organizations around the world, testing and validating products is a challenge. The MITRE ATT&CK® framework makes it very easy to understand the tactics and techniques that adversaries use. It’s baked into the Falcon interface. Many of our customers say that the CrowdStrike UI and its reliance on the MITRE framework really helps their new tech staff understand and master the whole operation very quickly.
It’s all about simplicity. We’ve mapped everything that we do to MITRE. So if you look at all of our descriptions in the UI, we were very clear to use the same language, we reference MITRE to make it easy for everybody that uses the platform. When you need to make decisions really quickly, you need a team that is following the same playbook. They understand the scenario, they can respond and pivot to a response that maps to what we talk about when we talk about the 1-10-60 rule: a minute to detect, 10 minutes to investigate, 60 to respond.
We stopped an attempted 35,000 breaches last year. Simply, the technology works. It’s easy to deploy, it’s easy to use and it prevents the breach. Test it for yourself and see how the technology would work in your environment. In my experience, when people see the incredible visibility that they get, their decision is made. Simple as that.
When we combine the technology — the cutting-edge graph architecture that we have with OverWatch hunting — with threat intelligence, with our services, that’s how we ultimately stop breaches.
- Watch the RSA 2020 interview of Crowdstrike CTO Mike Sentonas.
- Read Mike Sentonas’ blog on RSA 2020.
- Learn how the COVID-19 crisis is impacting cybersecurity in a blog from Mike Sentonas: “Cybersecurity in the Time of COVID-19: Keys to Embracing (and Securing) a Remote Workforce.”
- Visit the product website to learn how the powerful CrowdStrike Falcon platform provides comprehensive protection across your organization, workers and data wherever they are located.