CrowdStrike also announced the release of its Falcon Sandbox platform, allowing customers to identify what an application or payload seeks to do, within a secure space.
CrowdStrike’s Michael Sentonas, vice-president of Technology Strategy, says while the company is still a start-up, it is enjoying tremendous success. “This is our second year in the magic quadrant,” he said, “and Gartner has now placed us at the top of the visionary quadrant. The big thing this year is we separated ourselves from the mass sitting close to the niche area, and were highlighted for the fact we are replacing a lot of the traditional players by how we differentiated ourselves.”
Sentonas considers a number of factors have played to CrowdStrike’s advantages, not least being the sheer number of threats today leading business to seek new and different approaches and solutions to ensure protection. “So many people were compromised and attacked and suffered through traditional tools,” Sentonas says. “There’s a huge market looking for ways to do things more efficiently, and smarter, and with a lighter endpoint. It really aligns well with our strategy.”
“The traditional security industry requires an end-user to essentially deploy an entire management infrastructure. You need to deploy a database server and then a management suite of the product you’re deploying. You need to roll out virus signature updates and the bigger your network is, and the more geographically diverse it is, you end up needing more and more servers to do this, multiple components on the endpoint, domain policies dictating how frequently to update, and so on. The net result is a massive complex ecosystem of technology that does, really, an average job,” Sentonas explains.
Adding to this pain with traditional endpoint protection systems is the classic scenario where a staff member goes on leave and their device is not kept updated. They open their laptop, execute a malicious app, and the company finds it has an outbreak on its hands.
Instead, CrowdStrike strives to eliminate the burdens on infrastructure administrators and end users alike. The lightweight sensor continually records activity on the device, whether good or bad. All system changes are recorded because what may be considered good today will be recognised as bad in time if new intelligence surfaces. The sensor combines cyber hygiene, next-generation protection and managed hunting in a tiny package in a way that CrowdStrike says has never been seen before, and which resonates with its customers.
CrowdStrike has been active in Australia since 2012 and established an office locally in 2016, continuing to build out the team. Telstra came onboard as a customer in 2013 and saw CrowdStrike’s architecture and vision as the right direction, becoming a reseller in 2016 and then in 2017 putting its own money into CrowdStrike as an investor.
“Australia is an interesting market because we are early adopters of a lot of technologies,” Sentonas says. “One reason CrowdStrike has experienced aggressive growth in this market is because customers are disappointed with managing bloated technologies which aren’t making them any more safe or secure. They’re looking for newer techniques.”
“At CrowdStrike we changed the entire security model. Our platform captures all telemetry from the time you boot, logging the machine you’re running on, the privilege level you authenticated with, files you’ve executed, system changes and so on. All these things paint a picture of risk and can be used in many different ways,” Sentonas explains.
All this information captured is stored in the cloud, and CrowdStrike makes it available to customers within a system titled Overwatch. This data is also available to CrowdStrikes team of ‘hunters’ who constantly monitor customer environments to identify if they are under attack or are being targeted, then proactively advising.
“During WannaCry we saw activity inside environments,” Sentonas says, “and could advise customers they weren’t patched. We have this relationship with them to tell them what’s inside 24/7 their environment.”
Speaking about the product roadmap, Sentonas advises Falcon sandbox is available. This is a new in-the-cloud and on-premises sandboxing technology. “Customers say it’s great you prevented this attack, but we want to know what happened if it executed. This is where Falcon sandbox comes in, so if something is passed onto it we can give more intelligence to the end user, especially if its a targeted attack. You would lose this intelligence if the file was just terminated,” Sentonas explains.
Two further technologies on the roadmap are vulnerability management and device control. “It’s another example of how our customers don’t have to do anything different but get access to this technology.”
CrowdStrike, as a SaaS platform, is priced as a monthly subscription model, catering for the largest enterprise with hundreds and thousands of endpoints down to small business. “It scales up and down, so it’s a great opportunity for someone in a small business to get access to a lot of high-end solid technologies,” Sentonas states.