Q1. You recently mentioned identity as being the new battleground for enterprise cybersecurity teams. Why is that the case? What should organizations be doing differently, or more of, to secure identities?
Identity-based attacks are subtle, but destructive, and organizations must be on high alert. As CrowdStrike reported in our 2022 Global Threat Report, 80% of cyberattacks now leverage stolen or compromised credentials. Identity attacks are so popular with adversaries because valid employee credentials provide an adversary with everything they need to log into a business, move laterally, escalate privileges and achieve their goals.
It’s important to note that protecting identities goes beyond usernames and passwords. All kinds of identity and authentication materials can be abused in the course of an intrusion attempt. We recently released our CrowdStrike 2023 Threat Hunting Report, which found that valid accounts usage is among the top 5 techniques used in the initial tactic areas of intrusions with 62% of all interactive intrusions involving the abuse of valid accounts. To defend against identity attacks, organizations must implement identity-based countermeasures such as user account audits, Zero Trust frameworks and increased analysis of security logs and network traffic to identify vulnerabilities that could expose organizations to identity-based threats.
Protecting against modern attacks requires a security platform that unifies endpoint protection with real-time identity protection to cover all aspects of an adversary’s toolkit — from exploitation, malware delivery and fileless attacks, all the way through stolen credentials or compromised identities.
Q2. Why is a best-of-breed approach important when it comes to implementing a zero-trust strategy? What are some of the questions security decision makers need to be asking when deploying technologies for implementing a zero-trust approach?
Zero Trust is a security framework requiring all users, whether in or outside the organization’s network to be authenticated, authorized, and continuously validated before being granted or keeping access to applications and data - Never Trust, Always Verify! Identities are a favorite battleground for adversaries, so organizations must have a Zero Trust architecture that works by monitoring and confirming that a user and their device has proper privileges and access.
When implementing a Zero Trust architecture, CISOs should be applying a best-of-breed approach to ensure that their organization has the best protection across their workloads, endpoints, identities and data. Before deploying a Zero Trust architecture, CISOs and security leaders must thoroughly assess their IT infrastructure and identify potential attack paths to contain attacks and minimize the impact if a breach should happen. This can include segmentation by device types, identity, or group functions to understand what security solutions are needed and where.
Security leaders must also ask themselves how to deploy a frictionless Zero Trust framework that doesn’t put additional fatigue on the end users. CrowdStrike’s Zero Trust combines all aspects needed to meet Zero Trust compliances and standards: the cloud-native architecture maximizes Zero Trust protection, covering multi-directory identity stores (Microsoft AD, Azure AD), multi-OS endpoints and workloads across organizations. The single lightweight-agent architecture delivers a frictionless experience and makes it easier for SOC analysts to detect anomalies. Cloud-delivered attack correlations, behavioral risk analytics and simple to implement policy enforcement, reduce the mean time to detect and respond to all threats, while eliminating manual data analysis and management.
Q3. What are some of CrowdStrike's objectives at SecTor 2023? What are you hoping customers and others at the event will take away from your organization's participation there?
At SecTor, we would like existing customers, prospects and industry attendees to understand the threats the industry faces and how our platform is the best protection against relentless, sophisticated threat actors. We will be unveiling our new platform upgrades and product innovations released during our annual user conference, Fal.Con, to the wider Canadian cybersecurity market. Additionally. CrowdStrike will be leading a session titled “why siloed Cloud Security tooling in the modern cloud environment isn’t enough” discussing how adversaries are taking advantage of current cloud security gaps to achieve their goals.
Today’s adversaries are faster than ever and average breakout time, the time it takes for adversaries to move laterally in a victim environment, hit an all time low of 79 minutes in 2023 versus 84 minutes in 2022 as reported by CrowdStrike’s threat hunting team. To help combat these threat actors, CrowdStrike just released the next generation of the CrowdStrike Falcon platform. The ‘Raptor’ release of Falcon gives customers the petabyte-scale, lightning fast data collection, search and storage needed to fuel the next era of generative AI-powered cybersecurity innovations to stay ahead of rapidly evolving adversary tradecraft and stop breaches. With these enhancements, the CrowdStrike Falcon platform enables customers to take advantage of data and AI with the speed needed to defeat the fastest adversaries. During SecTor, we will be diving deep on how the new enhancements enable organizations to better defend against the most aggressive threat actors.
Adversaries’ proficiency in the cloud has also evolved in recent years. As organizations navigate the rise of cloud-based technologies, their security teams struggle to keep up with adversaries’ skill and confidence in leveraging the cloud. In particular, adversaries have quickly identified and exploited common misconfigurations and abused built-in cloud management tooling. The concerning reality is that threat actors are well aware of their cloud advantage, and according to the CrowdStrike 2023 Global Threat Report, cloud exploitations increased by 95% in the last year, and the number of cloud-conscious threat actors increased more than 3x in the same time period.
Siloed point=based cloud tools, such as those that focus on capabilities like CSPM (Cloud Security Posture Management), or CWP (Cloud Workload Protection) or are agentless, are unable to keep up with the modern cloud computing environment. The industry hasn’t had a complete answer for these cloud security threats. In September, CrowdStrike announced the acquisition of Bionic, an Application Security Posture Management startup (ASPM), to extend CrowdStrike’s leading Cloud Native Application Protection Platform (CNAPP) with ASPM to deliver comprehensive risk visibility and protection across the entire cloud, from cloud infrastructure to the applications and services running inside of them. The speed and dynamic nature of application development makes it nearly impossible for organizations to maintain a full picture of every application and their dependencies running their environment, or the microservices interacting with cloud infrastructure, creating a massive risk profile that cloud-savvy adversaries continually look to exploit.
Following the completion of the Bionic acquisition, CrowdStrike will be the first cybersecurity company to deliver complete code-to-runtime cloud security from one unified platform.
