CrowdStrike was named by Forrester research earlier this month as the leader in Endpoint Detection and Response, with the top ranking in “current offering”, “market presence” and “strategy”, along with the highest possible score in 14 categories. Forrester previously named CrowdStrike a leader in Endpoint Security Solutions, making the company “the only named a leader in both EDR and ESS,” says Michael Sentonas, vice-president Technology Strategy, CrowdStrike.
CrowdStrike today announced the results of its global supply chain survey, Securing the Supply Chain, produced by independent research firm Vanson Bourne. The survey surveyed 1300 senior IT decision-makers and security professionals across major industries in Australia, the US, Canada, the UK, Mexico, Germany, Japan and Singapore.
A supply chain attack is a cyber attack that indirectly, initially, attacks an organisation by targeting less secure elements in the supply network. There is no industry more or less impervious or susceptible to a supply chain attack than any other, whether financial, oil, government, health or other. The Stuxnet computer worm is an example of a supply chain attack. Management experts recommend strict control of an institution’s supply network to prevent potential damage from cyber criminals.
Out of all responses around the globe, it is Australian organisations that take the longest time - 96 hours - to action a supply chain attack. By contrast, Japan acts within 54 hours.
The research reveals 77% of Australian respondents believe supply chain attacks will continue to be one of the biggest threats within the next three years, and further says Australian businesses know internally they need to invest more in cybersecurity, but the supply chain is not front of mind.
Eighty-five percent of Australian respondents believe security is a critical factor when making purchasing decisions surrounding new suppliers, and 80% of organisations state they avoid working with less-established vendors due to perceived weaknesses in security strategy, yet only 21% vet suppliers. Only 37% of respondents in the US, UK and Singapore said their organisation had vetted all suppliers — new or existing — in the past 12 months. Only 25% believed with certainty their organisation would increase supply chain resilience in the future.
Two-thirds of the organisations surveyed experienced a software supply chain attack in the past 12 months. Ninety percent confirmed they incurred a financial cost as a result of these attacks, with an average exceeding $1.1 million. Within Australia, the average cost to local businesses was more than $1.37 million, above the global average, and higher than Asia Pacific neighbours.
Having a strategy doesn’t provide immunity by itself: 87% of those that suffered an attack had a full strategy in place or some level of response pre-planned at the time of their attack.
It’s very serious, Sentonas says. “If it takes an organisation the best part of a week to try and respond to an attack, and you think about the attacks seen in 2017 — WannaCry in May and NotPetya in June — this is a lot of damage. If it’s taking half a week to respond there’s a period of time the business may have lost data and where the attacker could have established persistence inside the organisation. It can cause a lot of damage.
"It’s incumbent on enterprises of all size to be prepared for these types of issues, Sentonas says, and “having the technology in place to identify an attacker is on the network, and having the ability to effectively leverage the right skills to hunt for an attacker to mitigate an attack and to even removing them from the network.
“In my travels I see Japan and Singapore really doubling-down and investing in these areas while in Australia we still see naive debate about prevention being better than cure, as well as marketing slogans from security industry itself,” Sentonas states.
Security comes down to "survival of the fastest", Sentonas advises. “You have to think about everything you do in security – how quickly can you detect, investigate, remediate and contain.”
Benchmarking against the best in the industry means you have 60 seconds to detect an issue and incident is going on in your organisation, then 10 minutes to investigate. Once you have built a plan you have about one hour to remediate and contain it. This doesn’t relate to commodity malware — that should simply be prevented from execution immediately — but a whole range of attacks you can’t deal with proactively. These are the response rates CrowdStrike says we need to strive for, yet at 96 hours Australian organisations are way behind.
The argument cannot be whether security is nice to have, or something you do if you can. “You need to protect your sensitive information, the intellectual property that puts you into business, and your employer and customer data. There is no way of accepting that risk and saying ‘I’m not going to pay for that risk or to secure that information’. It has to be done,” Sentonas says. “You either do it yourself or work with someone who can provide the service to you.”
To that end, CrowdStrike also announced a new 24x7 platform service titled EPP Complete, to monitor and respond to threats within organisations that do not have in-house security skills or access to a reseller who can provide it for them.
CrowdStrike further recently announced a new financing round of $US 200 million, with existing investors increasing their contribution and new investors joining in. The injection of cash allows CrowdStrike “to accelerate our roadmap in some of the strategies we have in play", Sentonas says. “It’s another vote of confidence by our investors and in new investors wanting to come in, looking at what we do today, and our potential. Together with the Forrester report it has been a pretty significant time.”
Internationally, CrowdStrike now exceeds 1000 employees, including increasing its Australian staffing within sales, marketing and channel, hiring 12 people in the last four weeks.
CrowdStrike’s core Falcon product now provides for all customers using the endpoint detection and response solution to carry out incident response within the platform, empowering responders to quickly access systems from anywhere in the world, investigating, taking action and eradicating threats quickly.
A new subscription model, Falcon X, has also been announced, expanding the Falcon platform and enabling customers to be more proactive. “It turns a level one helpdesk analyst into tier security operations centre engineers,” Sentonas says. “It combines malware intelligence and threat intelligence and automates all the analysis, delivering a single simple report advising all that is going on in an organisation.”
Other announcements include enhancements to CrowdStrike’s machine learning model and more integrations to other technology providers.
“The research focused on supply chain attacks, but we need to look at what else it means. The key point is around the time it takes to respond,” Sentonas said.