RSAC 2022: CrowdStrike Delivers Protection that Powers Productivity

The theme of RSA Conference 2022 succinctly captures the aftermath of the disruption we’ve all experienced over the last couple of years: Transform.

 

 

Customers continue to transform and accelerate digital initiatives in response to the massive economic and technological shifts driven by the COVID-19 pandemic. The shift to the cloud, embrace of DevOps and broad adoption of software-as-a-service (SaaS) technologies have dramatically expanded the attack surface and made companies more vulnerable than ever.

 

In response to these widespread changes, adversaries continue to transform as well, refining tactics and tradecraft to exploit vulnerabilities and misconfigurations across digital infrastructure. As a result, attacks have become more sophisticated, brazen and pernicious. The CrowdStrike 2022 Global Threat Report documented many of these adversarial shifts, including the targeting of cloud service providers to exploit trusted relationships, the broad weaponization of vulnerabilities and architectural limitations in legacy systems, and the growth of devastating big game hunting (BGH) ransomware attacks. These trends have transformed our understanding of security as well. Security has moved into the spotlight and emerged as a top agenda item for boards of directors as the risk and impact of cyberattacks has become more consequential. Organizational leaders are increasingly seeking input from CISOs who understand business operations to help strengthen cyber resiliency plans and maintain business continuity.

 

As I’ve noted many times, these massive shifts require a security technology transformation as well. The complexity of today’s IT environment and security stack requires a cloud-native security platform that breaks down silos and delivers the speed and scale required to stay ahead of adversaries and stop breaches. It requires a platform that can harness data from across the organization to protect your most critical assets and deliver an adversary-focused view of your organizational risk posture. Most of all, it requires a platform that you can trust to protect you on what could be your worst day. Modern security should not only protect your organization, it should power your productivity as well. It needs to dynamically adapt security postures as environments change faster than adversaries can react and attack, without impacting IT.

 

That’s why I’m excited to announce that this week at RSAC, CrowdStrike is unveiling major new innovations to the CrowdStrike Falcon®® platform that meet the urgency of the moment and keep customers ahead of the adversary.

Introducing the CrowdStrike Asset Graph: Observability Across IT Assets and the Attack Surface

 

When we introduced CrowdStrike Threat Graph®, we fundamentally changed how the security industry ingested, indexed and actioned massive amounts of security data to automatically prevent threats in real time. This is an architectural linchpin of our “collect data once, reuse it multiple times” approach to solving the biggest problems that customers face.

 

 

With the introduction of CrowdStrike Asset Graph, we’re once again leading the industry forward by delivering observability data that provides a bridge to IT operations and security. CrowdStrike Asset Graph solves one of the most complex customer problems today: identifying and showing the interconnected relationship between the hundreds of millions of assets, identities and configurations accurately across all systems including cloud, on-premises, mobile, Internet of Things (IoT) and more, and connecting them together in a graph form. Ingesting this telemetry into the Falcon platform will provide organizations with critical productivity insight into asset performance, uptime and more, and empower security teams to understand how external activity like adversary attacks, patching and configuration changes alter the attack surface. The combination of our groundbreaking graph technologies creates a powerful, seamless and distributed data fabric, interconnected into a single cloud — the CrowdStrike Security Cloud — that powers the Falcon platform and our industry-leading solutions.

 

The addition of Asset Graph will enable new Falcon modules and features built on top of the platform. The first Falcon module to use Asset Graph is Falcon Discover™ Security Hygiene, providing customers with real-time visibility into the devices, users and applications on the network, and a deeper understanding of the relationships between these assets. For more on Asset Graph, you can read this companion blog post by our CPO, Amol Kulkarni.

 

Driving Innovations in Extended Detection and Response (XDR)

 

At CrowdStrike, XDR is not just a rebranding opportunity or simply the integration of data into a single console. XDR is the natural evolution of endpoint detection and response (EDR) — it must start with EDR technology and build on that foundation. XDR needs to deliver the most relevant telemetry from systems and applications from across the entire IT security ecosystem to accelerate visibility, detection and response actions beyond the endpoint. It needs to power security teams to stop breaches — faster.

 

That is why I’m excited to announce that CrowdStrike has expanded the ground breaking CrowdXDR Alliance to include key strategic partners across web and email security, identity and access management, and network detection and response. With the CrowdXDR Alliance, we’re creating a standardized schema for data sharing to enrich XDR detections with the most high-value telemetry data from leading security vendors. We also unveiled powerful new capabilities that deliver new levels of automation to speed threat detection and response efforts.

 

Unveiling Humio for Falcon: Do More with Data

 

Cybersecurity is fundamentally a data problem. To stay ahead of adversaries and uncover and detect potential threats, security teams need to be able to rapidly analyze and act on real-time and historical data in their environment. Organizations want to be able to log and action more data, but existing solutions prove cost prohibitive and fail to deliver the speed and scale required to meet the moment.

 

Today, CrowdStrike is empowering customers to do more with their data with the introduction of Humio for Falcon, a new capability that extends data retention of CrowdStrike

 

Falcon telemetry for one year or longer, enhancing threat analytics, threat hunting abilities and compliance requirements. The new capability gives security teams the ability to store security and IT telemetry from the Falcon platform, enriched and contextualized across endpoints, workloads and identities, to address the challenge of operationalizing massive volumes of data. For more on the exciting innovations we’re unveiling for CROWDSTRIKE FALCON® XDR and Humio for Falcon, you can read this companion blog post by our CTO, Michael Sentonas.

 

Join CrowdStrike at RSAC 2022

After being remote for most events for the past two years, it’s incredibly exciting to be able to see customers, partners and the security community in person again. If you’re attending RSAC this year, we encourage you to stop by booth N-6155 for a conversation, live demos or to participate in our adversary training. CrowdStrike will also be hosting a number of keynotes and presentations with a focus on the adversary and how they’re looking to exploit cloud technology and customer environments.

 

 

Here are a few things to look forward to this week: KEYNOTE: Hacking Exposed: Next-Generation Tactics, Techniques and Procedures
  • Date: Thursday, June 9, 9:40-10:30 a.m. PT

     

  • CrowdStrike CTO Michael Sentonas will join me on stage to demonstrate how adversaries seek to exploit cloud environments by breaking down cr8escape, a new vulnerability discovered by the CrowdStrike Cloud Threat Research team that could allow an attacker to escape from a Kubernetes container, gain root access to the host and be able to move anywhere in the cluster.

     

SESSION: Confessions of a Sandbox: How AI Is Disrupting Automated Threat Analysis
  • Date: Tuesday, June 7, 1:15-2:05 p.m. PT
  • Join CrowdStrikers Marian Radu (Senior Director, Data Science) and Liviu Arsene (Director of Threat Research and Reporting) for a discussion on the role of artificial intelligence (AI) in automating threat analysis.

     

SESSION: Extend EDR Visibility by Logging Everything: Demo with Free Integrations
  • Date: Thursday, June 9, 10:50-11:40 a.m. PT
  • Adam Hogan, CrowdStrike’s SE Director for Humio, will show why log management can be a powerful tool for investigating incidents.

     

Additional Resources