Greater use of cloud-based services for threat-intelligence sharing will pivot security defence strategies from detection of malware to detection of that malware's behaviour, the newly appointed regional head of endpoint-protection vendor CrowdStrike has argued as he pulls the wraps off the company's first Asia-Pacific base and an aggressive channel-based strategy to match.
CrowdStrike's Falcon endpoint tools are already in use in Australia and 170 other countries, newly appointed vice president of technology strategy Mike Sentonas told CSO Australia as he outlined plans to heavily leverage the local channel to promote the company's behaviour-based detection strategy.
“We're getting a lot of users saying that their traditional end-user security strategy is not enough,” explains Sentonas, a security-industry veteran who was so convinced by CrowdStrike's approach that he left a 17-year career at Intel Security to head the new regional operation.
The company's founders “are absolutely focused on looking at where the industry is failing and what they can do differently,” he said. “Searching for indicators of compromise is no longer effective, and people are suffering attacks because of reasons well beyond malware.”
“People are struggling with breaches on a daily basis because someone has stolen their credentials and they are locked into a traditional security system that just isn't designed to detect that.”
One early local user, Telstra, has seen the CrowdStrike approach “providing a unique value to Telstra in its ability to detect and stop zero day exploits, malware attacks, along with hacker activity and ransomware, all of which go undetected by legacy security technologies,” said CISO Mike Burgess in a statement.
“Telstra relies on CrowdStrike’s combination of technology, people and intelligence to protect against the most sophisticated threats and help keep our customers' data safe and networks secure. CrowdStrike Falcon's next-generation threat prevention capabilities, its DVR-like endpoint detection and response features, aided by the elite Falcon Overwatch managed hunting team, has proved its value to us time and again.”
CrowdStrike's endpoint-protection technology monitors the behaviour of system resources to pick out unusual activity that may be suggestive of malware activity; this behaviour is logged and heavily documented in order to be shared with other users via the cloud platform.
“We don't look for malware,” Sentonas explained. “We look at what the effect is of the attack that the attacker is trying to do, and we trigger off of that.”
“We track everything that happens on a system, and store metadata around a particular event. It's very easy to detect ransomware when attackers are trying to do things like turn off shadow copy so victims can't recover their data. And, once we've seen that technique, we can share that with all of our customers across the cloud.”
The company had heavily leveraged APIs to facilitate the integration of complementary services to the existing security stack, providing opportunities for Australian resellers that wanted to add value in their own way.
“Every single vendor wants to be the single pane of glass that lets them be all things to all people,” Sentonas said. “I don't believe that's a viable strategy in architecture.”
CrowdStrike's open API stack “gives customers the ability to integrate our technology into their existing security stack, to provide enrichment and content to their security strategy,” he continued. “That lends itself well to an organisation that wants to provide a managed service and integrate our technologies into their overall go to market offering.”
The company's expansion into APAC geographies is being fueled by a $US100m investment led by Google Capital last year – funding that the company will leverage to tackle the fast-growing endpoint protection market.