Endpoint Security That’s Built for the Wild

Lock Icon Against A Forest Background

This blog is by YETI Holdings Inc. (NYSE: YETI) Senior Security Architect Eric Ooi and discusses what led him to choose the CrowdStrike Falcon® platform to protect YETI endpoints. The views expressed in this article are the author’s alone.

photo of Eric Ooi

Eric Ooi

In my role as senior security architect at YETI, it’s my mission to ensure that our information security systems, like our incredible products, are ­built for the wild. With this in mind, we continually measure and re-evaluate our security systems to determine if they live up to our high standards. We place particular emphasis on our endpoint security solution, as it is often the final defense against malware that has made it past systemwide security layers, such as email and network firewalls. 

In the last year, our legacy solution was proving to be more frustrating than beneficial. From a complete lack of endpoint detection and response (EDR) capabilities, to little or no protection for modern attacks, and virtually non-existent integration with third-party platforms — it was clear that our current solution had fallen far behind, illustrating just how quickly the endpoint security landscape had evolved.

What We Were Looking For

We immediately set out to find a solution that not only directly replaced our current capabilities, but went beyond them to include the latest technological innovations. We focused on three main criteria:

  • Combines endpoint protection platform (EPP) and EDR capabilities to avoid purchasing multiple products. Our incumbent solution would promise us new features, including EDR and forensics capabilities, but never delivered as the years went by. Ultimately, the solution didn’t grow with us and unfortunately, we didn’t have the budget or the desire to purchase a completely separate EDR solution.
  • Lightweight and effective at blocking the latest threats, including PowerShell attacks. End users and IT typically think of endpoint security solutions as simply an antivirus that consumes all their computing resources. It’s what end users blame when their computers feel sluggish. The finger is always pointed at the security teams, which typically don’t have great reputations to begin with, due to the various controls “forced on users” (see: “Windows Updates”).
  • Integrates with our existing security and system infrastructure. Like many businesses, we already have existing infrastructure that we depend on. We wanted something that would integrate with and complement our existing solutions. In particular, the solution needed to integrate with our SIEM and enrich our existing telemetry.

Why We Chose CrowdStrike

We reached out to three major endpoint security vendors — two who were familiar because we were already using other products from them, and one newcomer: CrowdStrike®. We selected CrowdStrike as our third candidate because their delivery model sounded compelling and we had heard positive word-of-mouth reviews. Going into the evaluation, we were confident we would ultimately choose one of the solutions from a vendor we were currently using. We fully expected that they would integrate well with their other products, which we already owned, and that it would ultimately be easier to work with one less vendor.

One of the challenges we ran into was how best to evaluate each of the solutions. I researched online and read through security mailing lists I was a part of, and put together what I found to be a useful methodology. This evaluation plan enabled me to review each product as fairly and thoroughly as possible, given my limited time and resources.

As I conducted my testing, it was clear our existing vendors were playing catch-up to what CrowdStrike offered. Time and again, the CrowdStrike Falcon platform met or exceeded our requirements. The competing solutions only offered half-baked features or were missing capabilities entirely.

Revisiting our requirements from earlier, we measured CrowdStrike against our criteria:

  • Combines EPP and EDR capabilities to avoid purchasing multiple products. CrowdStrike Falcon® features a comprehensive suite of prevention mitigations to stop attacks, and collects an incredible amount of system and network telemetry, providing context in the event an attack is able to successfully execute. On top of this, Falcon’s Real Time Response feature enables our team to perform incident response no matter where an endpoint may be. Having used this feature on our internationally-based endpoints, I can attest to how easy and low-latency the experience is.
  • Lightweight and effective at blocking the latest threats, including PowerShell attacks. The Falcon agent was quick to install and consumed very few computing resources in our testing. It successfully blocked known malware and PowerShell attacks, whether the system did or did not have connectivity to the CrowdStrike cloud. In testing the EDR capabilities, we disabled the prevention mitigations and allowed a full attack to run through completion. Falcon identified each step of the attack and mapped it to the MITRE ATT&CK framework.
  • Integrates with our existing security and system infrastructure. Falcon integrates with our SIEM, and its rich data set complements the telemetry that we were already collecting from our existing systems. Unlike other platforms, Falcon organizes this large volume of data into understandable categories, brings notable events to attention, and offers great flexibility in searching through data.

Beyond meeting our requirements, we also appreciated these additional capabilities:

  • The delivery model is built so that features can be licensed as needed, all while still using the same lightweight agent.
  • The optional Falcon OverWatchTM managed hunting service acts as an extra set of eyes on our systems and if needed, can assist in incident response activities.
  • CrowdStrike provides frequent feature updates and enhancements that simplify host management and improve prevention, detection, and response capabilities.

Immediate Results From Day One

Overall, we’ve had a great experience with CrowdStrike from the initial sales process to implementation. Where we’ve felt there was room for improvement, the CrowdStrike team has been receptive to our feedback and actively adds new features to meet our needs. Deployment of the agent across the organization was one of the smoothest we’ve experienced, and we saw immediate results from day one. Endpoint security is a crucial part of our layered defense approach, and we’re confident that CrowdStrike Falcon is truly built for the wild.

Visit my website and learn more: ericooi.com
Follow me on Twitter

Additional Resources from CrowdStrike

CrowdStrike Falcon Free Trial
 

Try CrowdStrike Free for 15 Days Get Started with A Free Trial