If there’s one thing that businesses, boards of directors and C-level execs can take from CrowdStrike’s 2015 Threat Report, is that the paradigm has shifted from people, processes, and technology to now include integrated, crowdsourced, and enriched threat intelligence. The results of this report are so important that we have created an easily digestible executive summary that should be mandatory reading for every executive and board member.
We all know the trite saying that security is all about “People, processes and technology.” While a tried-and-true axiom in our industry, it is no longer enough for cyber security. In today’s threat environment, it takes people, processes, technology AND intelligence. Intelligence is no longer a nice to have; it is a mandatory element of stopping breaches. Emphasizing intelligence is not new to us at CrowdStrike. It has been a cornerstone to our approach to security since the foundation of the company five years ago. We are pleased to see that other cyber security companies are following our lead by realizing the importance of intelligence, as witnessed by the recent consolidation of companies that offer technology and companies that offer intelligence. We expect there to be further consolidation by other companies in an effort to catch up to where CrowdStrike is today: Providing cloud-based security powered by comprehensive, in-house threat intelligence, not third-party feeds.
Our Global Threat Report highlights today’s threats, more than ever before, are driven by geopolitical and economic events around the world. The economic downturn and new Five Year Plan in China will continue to drive their state-sponsored cyber espionage activities. The situation in the Ukraine and falling oil prices will continue to fuel targeted intrusions from Russia. The conflict in the Middle East between Saudi Arabia and Iran over Yemen will continue to generate hacktivism from that region. These are just a handful of examples to show that the primary motivation behind global cyber activity has now shifted from disparate activities carried out by individuals, groups and criminal gangs pursuing short-term financial gain, to skilled adversaries driven by strategic global conflicts.
All of these events will generate cyber activity that will continue to wash up on the doorstep of U.S. and global companies. CEOs and boards of directors who ignore or disregard the ramifications of these events will pay for it in loss of revenue, jobs, intellectual property, and shareholder value.
One of the key elements to thwarting a “mega” breach is an effective intelligence program. It makes no sense to IGNORE the motivations of your adversary. How can you expect to win if you don’t have a solid understanding of how your adversary operates, what their tendencies are, what their goals are, and what motivates them? Just like you can’t win a football game without relentless preparation, you will fail in your ability to successfully defend your corporation if you don’t know the plays of your aggressor. Essentially, why do they care about you, your company, and its crown jewels? It sounds like to common sense, but it something that is lost in the continued outdated discussion of people, processes and technology. Companies must have intelligence, either home grown or provided by third party sources who have the trained personnel who monitor, capture and analyze the data 24/7.
Finally, I want to emphasize that this report is not just theory, it is what we see in the real world with our Falcon Platform and response services team day in and day out. We have a unique bird’s-eye view having endpoint sensors in over 170 different countries handling more than ten billion events per day, as well as providing incident response services to some of the largest breaches. The “brains” behind our Falcon Platform is our Threat Graph engine which constantly analyzes billions of events real-time and retrospectively. As a result, on a weekly basis, we are identifying and mitigating hundreds of breaches for which traditional defenses silently fail. The CrowdStrike team has put tremendous effort into capturing this real attack telemetry, analyzing it, and distilling it into how adversaries operate, and more importantly, what motivates them. We hope our experiences and lessons learned that are manifested in the 2015 Threat Report can provide companies a sampling of the intelligence they will need to protect themselves in 2016 and beyond.
Find out more about how CrowdStrike can help you at www.crowdstrike.com.