The ease of weaponising sophisticated nation-state compromises means that CSOs must adopt a security mindset based on workload protection, the head of one security vendor has advised, rather than trying to secure each device or network element individually.
That long-held approach had become increasingly untenable given the complexity of evolving cloud-based information architectures, CrowdStrike founder and CEO George Kurtz told CSO Australia.
“There’s always work with people move to the cloud using a ‘lift-and-shift’ approach as opposed to fundamentally working within the new architecture,” he explained.
“As people move those on-premises workloads to the cloud, it’s much better to think about the workload transformation. Just recreating what was done on-premises, in the cloud, doesn’t necessarily have the same effect.”
Failure to acknowledge those differences was leaving cloud-based workloads vulnerable to the depredations of cybercriminals that had increasingly gained access to sophisticated attack techniques that have “leaked out of nation states and been weaponised by the crime groups,” Kurtz said.
“While they may not have the expertise to find those vulnerabilities, they’re good enough to weaponise them, make them available as a service, and commoditise them. And we spend a lot of time being able to protect against those without any signatures.”
CrowdStrike’s use of artificial intelligence (AI) detection techniques had been key to enabling and refining signature-less detection techniques.
An early entrant into the AI security space, the company’s broad base of security data had helped the company train its detection and response models extensively. And that put it on the front edge of a trend that Gartner, for one, has identified as one of the ten most strategic technology trends for 2020.
AI security has become essential for protecting against the new vulnerabilities created by transformational technologies like hyperautomation and autonomous things, Gartner advises, with three key perspectives – protecting AI-powered systems, leveraging AI to enhance security defence, and anticipating nefarious use of AI by attackers – shaping companies’ necessary responses.
“Security teams must address these challenges and be aware of how AI will impact the security space,” Gartner advises.
It’s all old news for Kurtz, who saw the potential of AI early on and positioned the technology at the core of CrowdStrike when he left McAfee to found the new company in 2012.
High-profile engagements, during which the company investigated incidents such as the attack on the US Democratic National Committee, reflected growing confidence in the technology.
With Crowdstrike’s security platform now scanning around 2 trillion events per week, the AI approach had enabled the flexibility to establish baseline performance and outliers for cloud-based as well as on-premises workloads.
“In the space of a week we handle more security events than Twitter has tweets,” Kurtz explained, “and we continuously retrain our algorithms so we get smarter and better outcomes.”
“Many attacks don’t leverage malware, so you have to look at behaviours to understand where they are in the network, and what system they’re on. Looking at behaviours, it’s hard to escape what the adversary is doing.”
Given the breadth of cloud platforms being put into use every day, Increased adoption of cloud architectures offers customers “an advantage”, he said, because businesses can leverage sophisticated cloud-based services to manage detection and response of security services.
“While you may have an incident,” Kurtz explains, “you don’t have a breach.”