Australian office brings CrowdStrike's open, cloud-based endpoint security vision to APAC

Greater use of cloud-based services for threat-intelligence sharing will pivot security defence strategies from detection of malware to detection of that malware's behaviour, the newly appointed regional head of endpoint-protection vendor CrowdStrike has argued as he pulls the wraps off the company's first Asia-Pacific base and an aggressive channel-based strategy to match.

CrowdStrike's Falcon endpoint tools are already in use in Australia and 170 other countries, newly appointed vice president of technology strategy Mike Sentonas told CSO Australia as he outlined plans to heavily leverage the local channel to promote the company's behaviour-based detection strategy.

“We're getting a lot of users saying that their traditional end-user security strategy is not enough,” explains Sentonas, a security-industry veteran who was so convinced by CrowdStrike's approach that he left a 17-year career at Intel Security to head the new regional operation.

The company's founders “are absolutely focused on looking at where the industry is failing and what they can do differently,” he said. “Searching for indicators of compromise is no longer effective, and people are suffering attacks because of reasons well beyond malware.”

“People are struggling with breaches on a daily basis because someone has stolen their credentials and they are locked into a traditional security system that just isn't designed to detect that.”

One early local user, Telstra, has seen the CrowdStrike approach “providing a unique value to Telstra in its ability to detect and stop zero day exploits, malware attacks, along with hacker activity and ransomware, all of which go undetected by legacy security technologies,” said CISO Mike Burgess in a statement.

“Telstra relies on CrowdStrike’s combination of technology, people and intelligence to protect against the most sophisticated threats and help keep our customers' data safe and networks secure. CrowdStrike Falcon's next-generation threat prevention capabilities, its DVR-like endpoint detection and response features, aided by the elite Falcon Overwatch managed hunting team, has proved its value to us time and again.”

CrowdStrike's endpoint-protection technology monitors the behaviour of system resources to pick out unusual activity that may be suggestive of malware activity; this behaviour is logged and heavily documented in order to be shared with other users via the cloud platform.

“We don't look for malware,” Sentonas explained. “We look at what the effect is of the attack that the attacker is trying to do, and we trigger off of that.”

“We track everything that happens on a system, and store metadata around a particular event. It's very easy to detect ransomware when attackers are trying to do things like turn off shadow copy so victims can't recover their data. And, once we've seen that technique, we can share that with all of our customers across the cloud.”

The company had heavily leveraged APIs to facilitate the integration of complementary services to the existing security stack, providing opportunities for Australian resellers that wanted to add value in their own way.

“Every single vendor wants to be the single pane of glass that lets them be all things to all people,” Sentonas said. “I don't believe that's a viable strategy in architecture.”

CrowdStrike's open API stack “gives customers the ability to integrate our technology into their existing security stack, to provide enrichment and content to their security strategy,” he continued. “That lends itself well to an organisation that wants to provide a managed service and integrate our technologies into their overall go to market offering.”

The company's expansion into APAC geographies is being fueled by a $US100m investment led by Google Capital last year – funding that the company will leverage to tackle the fast-growing endpoint protection market.

Join the CSO newsletter!

Error: Please check your email address.

Tags cloud-based securityCrowdStrikeIntel securityapacCISOAPITelstracyber security

More about APACCrowdStrikeCSOGoogleIntelIntel Security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place