Q1. How will CrowdStrike's acquisition of Pangea from Fal.Con 2025 enhance AI security for Canadian organizations, adopting generative AI tools?
Generative AI is transforming how work gets done, but it also introduces risks that traditional security tools were never designed to handle. That’s why CrowdStrike’s acquisition of Pangea comes at such a pivotal moment. By building on CrowdStrike’s robust foundation for securing AI, we'll deliver the industry’s first complete AI Detection and Response (AIDR) – protecting the full enterprise AI lifecycle from development through workforce usage.
This enables Canadian organizations to detect risks, enforce safeguards, and ensure compliance, so they can confidently build, deploy, and scale AI without risk.
Q2. What did CrowdStrike's 2025 Global Threat Report reveal about attack trends and the threat landscape in Canada? What are the biggest cultural or organizational shifts Canadian enterprises need to make to stay ahead of threats over the next years?
The CrowdStrike 2025 Global Threat Report showed adversaries weaponizing GenAI, and the CrowdStrike 2025 Threat Hunting Report detailed how adversaries are targeting the autonomous AI systems transforming enterprise operations.
Adversaries are leveraging AI to accelerate every stage of attacks – what once took months can now happen in seconds, collapsing the defender's window of response. At the same time, they're exploiting vulnerabilities in tools used to build AI agents, gaining unauthenticated access, establishing persistence, harvesting credentials, and deploying ransomware. These attacks highlight how the rise of agentic AI is reshaping the enterprise attack surface and turning autonomous workflows and non-human identities into the next frontier of exploitation.
For Canadian enterprises, AI is transforming the security workforce by eliminating repetitive tasks better suited for machines, accelerating response, and keeping defenders firmly in command. At the same time, organizations must secure the AI systems their businesses are adopting – from generative AI tools to enterprise agents – to ensure innovation doesn't create new risks.
Q3. What is CrowdStrike's focus at SecTor 2025? What is your company's main messaging at the event?
The world is entering an arms race for AI superiority. As adversaries weaponize AI to accelerate attacks, defenders must move quickly to gain the AI advantage. At SecTor 2025, CrowdStrike's focus is on leading cybersecurity into the agentic era with innovations like the Agentic Security Platform, Agentic Security Workforce, and Charlotte AI Agentworks – designed to unify protection and operationalize AI securely, intelligently, and at scale. For Canadian organizations, this means embracing the agentic SOC, where AI is both secured and harnessed to give defenders the speed, intelligence, and control to stay ahead of adversaries.
Q1. Ransomware has matured into a professionalized business model. What’s the next evolution you anticipate in financially motivated attacks, and how should enterprises prepare?
The evolution of financially motivated attacks is a constant cat and mouse game between attackers and defenders. As enterprises improved their defenses with robust backups, attackers adapted their model because simple encryption was no longer enough to guarantee a payout. This led to the rise of double extortion—combining encryption with data theft—which has now become the standard playbook.
The next phase we're already seeing is the maturation of this model into a full-fledged ‘Extortion-as-a-Platform.’ Attackers are unbundling their tactics and tailoring the extortion method to the victim. For some, this is pure data exfiltration, where the threat of leaking sensitive information is the sole point of leverage. For publicly traded companies, the threat is evolving toward market manipulation, using stolen non-public information for financial gain. For others, it’s the quiet theft of intellectual property for corporate espionage, where the value to a competitor far exceeds any potential ransom.
Preparation requires a move beyond a singular focus on recovery and toward a more resilient, data-centric security posture. It begins with strong data governance to identify and classify your most critical data assets. This must be paired with comprehensive controls to prevent unauthorized data exfiltration and, most importantly, a modern security platform that can detect and stop an attack in its earliest stages. You have to catch the adversary during reconnaissance or lateral movement, long before they have the data in hand and can choose their weapon.
Q2. With software supply chain compromises now a top enterprise risk, where do you think the industry’s biggest blind spots still lie? How is SentinelOne approaching this challenge?
From my time at CISA, I saw firsthand the incredible progress the industry made in elevating software supply chain security, with government and the private sector championing initiatives like the Software Bill of Materials (SBOM). This policy push was vital, but it has revealed a significant blind spot: the operational gap between a static list of ingredients and a dynamic threat environment. An SBOM can tell you if a component is known to be vulnerable, but it creates immense operational burdens and can’t tell you if a trusted, legitimate-looking component begins acting maliciously at runtime.
Attackers are actively exploiting this gap. They target the CI/CD pipeline—the build and deployment infrastructure—to inject malicious code after static scans are complete. This compromised software, often properly signed and trusted, becomes a Trojan horse in the production environment. This is where the blind spot becomes a critical risk; your security tools see a legitimate application, but the reality is an active threat.
At SentinelOne, we bridge this gap between policy and reality by focusing on autonomous runtime security. Our approach is to complement static analysis with behavioral AI that monitors what software does, not just what it is. By establishing a baseline for normal behavior, we can instantly detect and block a trusted component when it attempts to encrypt a file, exfiltrate data, or contact a malicious domain. This provides the essential safety net that catches threats designed to bypass pre-deployment checks, turning a static SBOM into a dynamically defended software environment.
Q3. What are SentinelOne's plans at SecTor 2025? What are your company's plans for engaging with customers, researchers and other attendees at the event?
At this year's SecTor, SentinelOne is excited to showcase how we’re redefining cybersecurity with AI-powered innovation. Our plans include live demonstrations of our latest platform advancements, thought leadership sessions with our experts, and opportunities to connect one-on-one with customers, and peers in the community.
A key highlight this year is our recent acquisition of Prompt Security, which strengthens our ability to help companies securely adopt and scale generative AI.
We’re also proud to host Partner Power Hours on both days at our booth, featuring our strategic partners including AWS, Assurance IT, Bell, Mobia, and others. These sessions will provide attendees with unique insights into how SentinelOne and our partners are working together to deliver stronger, more comprehensive security outcomes.
Beyond the booth, you’ll also find us hosting customer events with our strategic tech alliances and joining networking sessions and community meetups. For us, SecTor isn’t just about showcasing technology—it’s about deepening relationships and building stronger partnerships across the cybersecurity ecosystem.
