CrowdStrike boss explains offensive security in targeted attacks

Analyse the shooter, not the bullet.

Data forensics are not enough for security pros looking to fend off targeted attacks, according to CrowdStrikechief and co-founder George Kurtz, who says companies want to take the fight to the adversary.

Defence, detection and details are not enough, Kurtz tells, claiming companies are increasingly demanding “deception, denial, disruption”.

“They’re moving more into the government mindset of deception,” says Kurtz, pointing to a hypothetical theft of the Northrop Grumman’s B-2 Spirit Stealth Bomber designs.

“Somebody breaks in and steals the plans, but if the plans are wrong and the thing doesn’t fly, think about the cost of that. Think about the scratching of the head that happens when you have that thing and ask ‘Was it real or was it a decoy’?”

Kurtz is among those that fear the nation’s intellectual property is slowly but surely being drained by Chinese Government sponsored hackers, hell bent on undermining the US’s technological edge.

“The majority of [intellectual property theft] stems from China and that’s what I’m intimately involved in; working with big companies who have had massive data breaches,” says Kurtz.

“When you look at the IP and the impact, it’s in the billions of dollars that you can calculate—not just someone saying, ‘Oh, it’s over a billion because they thought it was important’.”

Financial cybercrime that affect individuals and the banking sector through fraud on the other hand is annoying to deal with but comes down to “pure math”.

“You make five billion, you have a billion in fraud, you’re still up four billion. It still makes sense to do what you’re doing,” he said.

Intellectual property theft, however, has national impact which could linger for generations to come.

“When you think about the impact it has on a nation to have its intellectual property that took trillions of dollars to create, simply stolen and then goods and services replicated—putting aside the security implications of that—it’s a huge impact.”

Kurtz’s view is the antithesis to others such as the UK’s Cambridge University security researcher Ross Anderson, who recently attacked a report co-authored by the UK Government and BAE Systems’ security division Detica that estimated the cost of cybercrime, much of it lost through IP theft, was £27 billion a year.

While Anderson urged governments to consider spending less on ‘anticipatory security’ like firewalls and antivirus and more on police capabilities to fight cybercrime, Kurtz argues antivirus type security is necessary ‘basic hygiene’, which for the high value organisation needs to be bolstered with capabilities not just to prevent the attack but identify who the attacker was and what they were after.

“Think about all the companies that get hit. You think they don’t have AV? They all have it, right. So that’s just basic hygiene that keeps out the noise.”

“Most companies like AV companies or companies that just use technology are focussed on, ‘Well, geez I have a piece of malware or a bad file’. The reality is that most companies have an adversary problem, not a malware problem.

While attributing an attack to a specific individual or organisation remains impossible, Kurtz argues that they can be fingerprinted.

“If you understand how they operate, they may change the malware, but you can still understand who’s coming after you. For example, from the physical world, if someone is shooting at you, do you ask is that a 9mm or a 45? Or do you ask who is shooting at me, why are they shooting at me and how do I get it to stop?”

Complex malware like super-spy Flame or a downloader are “digital bullets” and the challenge is to connect the bullets to the shooter.

“There are tell-tale signs,” says Kurtz. “I wouldn’t say with 100 per cent certainty but with a high probability you can begin linking all this together.”

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

More about Cambridge UniversityCrowdStrikeCSONorthrop Grumman

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts