A New Approach to Advanced Threat Protection

Written by

Can you prevent and advanced persistent threat from taking hold within your enterprise network? Can you thwart a determined and targeted cyber-attacker – bent on the theft of your most sensitive information – from achieving successful entry? If you ask George Kurtz of security start-up CrowdStrike, then the answer to both of these questions is a resounding “no”. But, the firm’s CEO and co-founder added, “you can close the gap between identifying these attacks and when you remediate the situation”.

It was at the recent Gartner Security & Risk Management Summit outside of Washington DC when I sat down with this entrepreneur and security expert, as we discussed why his company’s Big Data-based security technology is at the cutting edge of the infosec industry. Kurtz has been down the start-up road before, formerly as founder and CEO of Foundstone, which was acquired McAfee in 2004. He made the move to McAfee as the security giant’s CTO and general manager, but now finds himself back where he began – seeking to push an innovation to market that addresses one of the industry’s most significant challenges.

CrowdStrike, which aims to specialize in the protection of IP and national security information, was on the cusp of releasing its first commercial offering. Called CrowdStrike Falcon, the “active defense” platform, as he described it, was unveiled last week. I could sense that Kurtz was a bit nervous about the new foray, but this was counterbalanced by hints of excitement and a passion for providing a novel approach to APT protection.

We discussed one of the key findings of the recent Verizon Data Breach Investigations report, which included the fact that 69% of security breaches are discovered by third parties and not the affected organization. Also key to this was that 66% of breaches went undetected for months or more.

Closing this gap between compromise and discovery is the key to more effective APT protection, Kurtz said. The assertion logically makes a whole lot of sense. After all, when a network is initially compromised, it’s not as if the attacker serendipitously stumbles upon exactly what they are looking for. And, in many cases Kurtz added, an attacker may not even know what they are seeking, but rather just having a poke around to collect information that can be gathered and analyzed at a later date.

“Real-time attribution” is what sets Falcon apart from what is currently being offered for APT protection, he told me, and by leveraging a “cloud-based platform, the identification of targeted attacks can be accelerated to prevent the theft of IP”.

Kurtz reviews many of the tools and features Falcon offers, among them the ability to leverage the cloud and Big Data analytics to more quickly identify zero-day and advanced malware. Then there’s Falcon’s ability to “attribute attacks back to their source”, he claimed, but in a world where attribution is often the most difficult challenge to overcome, only time will tell if Kurtz’s newest investment will deliver the goods on this promise.

It’s the philosophy shift this start-up represents, however, that I find most appealing as someone who is always looking for something new to cover in this industry. “Companies tend to look back in their logs to see what happened during a potential compromise situation, but by that time it’s too late – the damage has been done”, Kurtz commented. “Instead, what people need to do is leverage tools that give them the ability to immediately respond when these situations arise, and in the process limit the potential damage”.

It’s this ‘closing the gap’ philosophy that appears, to me, an important first step in responding to a complicated challenge. In a world where most admit that no organization with valuable information is impervious to cyber-espionage attempts, this basic change in approach seems entirely attainable. Regardless of how undoubtedly complicated CrowdStrike’s technology is from a technical standpoint, the shift in focus can’t help but remind me of Dr Leo Marvin’s advice in the 1991 comedy What About Bob?: “baby steps”.

Comedic comparisons aside, if Bill Murray’s character in the movie was right, then all you need to do is take one little step at a time, and you can accomplish anything. In this case, the market will tell us if Falcon is a baby step, or one giant leap in advanced threat protection.

What’s hot on Infosecurity Magazine?