CrowdStrike’s Austin Murphy: The Cybersecurity Skills Gap and the Importance of Addressing Capacity

Person Pushing A Red Gear Off A Cliff

Tom Field from ISMG recently sat down with CrowdStrike® Vice President of Managed Services Austin Murphy to get his insight into the current cybersecurity skills gap and what organizations can do to meet this challenge.

It’s Also a Capacity Gap

Murphy begins by explaining that the gap is not just about a lack of skills on the part of security teams, but also one of capacity, “The gap is widening, mainly driven by the fact that our networks are becoming more complex. They’re more distributed and mobile and cloud-enabled. Therefore, it’s becoming more of a challenge to properly defend them using traditional methods,” he says.

He explains that to remedy this lack of capacity, he sees many organizations narrowing their focus to conserve resources: “They do this by filtering out detections that are below a certain threshold in an attempt to focus their efforts on the most critical things with the capacity they have available. However, this strategy misses the opportunity to identify those small issues before they become a larger critical crisis,” he warns.

Small Issues Can Become Critical Problems

Murphy contends, “We know that it’s common in large data breaches or large critical security failures that they’ll start out at a single endpoint that’s compromised with commodity malware. From there, the attackers will sell or trade access to that network to another group that perpetrates a much larger attack. So, we’re missing the opportunity to stop it before it becomes much worse.”

Shifting the Costs to IT

Murphy describes a cost-shifting approach organizations sometimes take when capacity is an issue, “Many organizations deal with these capacity challenges by shifting some of the cost of incident handling to their IT helpdesks or tasking IT to rebuild computers from scratch … instead of going through the process of investigating and remediating the threats.”  He explains that this in effect, “takes the costs and shifts that over to IT and end users who are disrupted while their laptops are being reimaged.”

Engaging Managed Services Solutions

Murphy also discusses how many companies are turning to managed service providers (MSPs) to help augment capacity. This is often a less than ideal approach, he says, because the majority of MSPs only offer part of the incident handling life cycle, “They are triaging detections and doing research to add value and context. But ultimately, in many cases, they’re just sending those enriched alerts over to an organization to actually remediate the problem. It’s certainly a help, but it’s not a comprehensive solution.”

How Can Organizations Meet These Challenges?

The Right Tools

Murphy outlines several things organizations can do to help close this capacity gap, including having the right technology in place. He says, “Security teams need to leverage technology that has some critical capabilities, that should support what we consider the fundamental areas of security operations — prevention, detection and response. Those are the three components that are really needed. “

He also explains that tools enhancing visibility are key, “The tools need to provide visibility into a computing environment with real-time data so that most of these issues are prevented before they start. This visibility gives analysts the ability to triage and quickly understand the context.”

Speed of Response

Speed of response is also critical, Murphy says, “At CrowdStrikewe recently published a global threat report where we highlighted why this is so important. Attackers are operating on a timeline, and compromising a single endpoint typically doesn’t give them exactly what they’re after.” He continues, “ So from that endpoint that they compromised, typically through phishing, they have to escalate privileges, enumerate other systems on the network, identify their targets or the data they’re looking to steal, and move laterally. In order for them to win, they’ve got to get all of that done. And if we can do our job faster than they can do theirs, they lose. That’s the goal every day. And speed to response is the best way to be successful.”

Remote Remediation

Another prescriptive approach Murphy puts forth is remote remediation, “The ability to remotely remediate an endpoint is critical in a modern network. Users are mobile and they depend heavily on their IT system through their job. In order to engage the modern attackers that we face and expect to win, we need to be able to quickly and remotely stop the attacks and eradicate the attackers’ access into the environment,” he says.

How Falcon Complete Meets the Capacity Challenge

Murphy closes his interview by explaining how CrowdStrike Falcon® CompleteTM helps organizations augment both their skills and capacity deficits. “Falcon Complete is our offering where we’re providing the technology that facilitates prevention, detection and response. We’re delivering it with the management team of certified experts. They’re analysts who are providing that human judgment and the expertise needed to combat the modern threats that we’re facing. Additionally, to clarify, our workflow has us engaged in the entire incident-handling lifecycle — not just detection and prevention, but also incorporating full remote response there — we’re eradicating threats in the fastest time possible,” he says.

 Additional Resources

CrowdStrike Falcon Free Trial
 

Try CrowdStrike Free for 15 Days Get Started with A Free Trial