CrowdStrike Webcast with Mercedes-AMG Petronas Motorsport Focuses on the Need for Speed in Cybersecurity

An on-demand webcast featuring CrowdStrike Sr. Engineer Zeki Turedi and Mercedes-AMG Petronas Head of IT Matt Harris details why speed, just as in Formula One racing, is a critical element in effective cybersecurity. Titled “Every Second Counts: Speed and Cybersecurity with Mercedes-AMG Petronas Motorsport,” the webcast discusses how CrowdStrike helps the Mercedes-AMG Petronas Motorsport F1 team protect valuable data across their many international event locations. The webcast opens with Harris explaining the global nature of his role: “I have overall responsibility for IT as a function — that’s everything to do with finance, resources, partners, and technologies to a degree, but that's mostly handled by members of my team. The team is part of a global sport. We go to 21 countries at the moment, next year I believe (it) will be 22.” He goes on to explain the challenges of having to secure data, systems and personnel across the globe: “That leads us into many partners and technologies that we work with, CrowdStrike being one of them, to help us make sure we're aware of anything that could be a threat to us, both people and technologies, when we're traveling around the world,” he says. Harris also discusses how CrowdStrike functions as an extension of his IT team and why speed plays such a critical role, “I can't afford to have a mini army of security people looking after our systems, but we have to be secure — everything's about speed. We say our currency is time, money does matter and it is important to us, but time is our currency.”

Data Security Is Crucial to Formula One Racing

Historically, there have been regulations around accessing data from competing teams, Harris says, however, now data protection has taken on a more global perspective. “If other people would like to try and get to, for instance, the engine division’s IP, maybe around the cars, maybe the engine itself — that type of information is very, very important to other manufacturers —

 

not necessarily in F1 but in other countries, other companies. We have to make sure that we're protected in the best way possible,” he says. He goes on to explain how the CrowdStrike Falcon CompleteTM solution enriches his security capabilities by providing global threat protection virtually without overhead, in terms of either infrastructure or time. Falcon Complete is CrowdStrike’s turnkey solution that includes Falcon PreventTM next-generation AV,

 

Falcon InsightTM endpoint detection and response (EDR), Falcon OverWatchTM managed threat hunting, Falcon DiscoverTM IT hygiene, and the Falcon Complete managed detection and response (MDR) team. Harris explains, “CrowdStrike gives us that extension of the IT team without the overhead, without that time. And they're learning from a huge customer base ... and everything that's happening around the world rather than just maybe what we're seeing and we're understanding. We have the benefit of actually learning from what other people are seeing … so we're protected way before it's actually a problem for us.”

Massive Amounts of Data to Protect

Harris offers details on the massive amount of data his team must protect, the type of data they deal with, and why speed is so critical. “We have around 18,000 channels of information coming off the car in real time — that's from about 300 sensors individually. Those sensors give us a piece of information that on its own is very useful.”

 

However, he points out that correlating the data is also crucial, “Sometimes we have to combine multiple channels of information to get something sensible. As an example, to know whether you've actually got a (tire) puncture isn't as simple as the tire pressure going down, because that could be a change of track temperature or change of weather — the car could be going slower — there are many different variables to tell whether you actually do have a puncture,” he explains. He also discusses how the data his team deals with is not confined exclusively to while racing events are happening. “If you think about pre- and post-event as well, we create many, many more times the amount of data. A single simulation, for example, can create around 45TB per week,” Harris says. He also emphasizes the importance of speed in harnessing the data, and protecting it against threats. “The faster we have that data, the faster we can make informed decisions. The business is all about data-driven decisions, whether that's at the track or in the factory,” Harris explains.

How CrowdStrike Ensures Comprehensive Security for Mercedes-AMG Petronas Motorsport

In the second half of the webcast, Turedi discusses how Falcon Complete helps protect Mercedes-AMG Petronas Motorsport by applying the critical components of speed to ensure comprehensive protection.

 

Some highlights from Turedi’s discussion include the following:
  • The importance of beating “breakout time” by meeting the CrowdStrike 1-10-60 challenge: That challenge calls for detecting an intrusion in one minute, investigating in 10 minutes, then containing and remediating the threat in one hour. “Breakout time is the time it takes for a threat actor, an adversary — be it a nation-state or criminal actor —

     

    to initially exploit a device in your environment, which could be any type of endpoint,” Turedi explains, from a laptop or desktop to a server or even a mobile device.
  • Why stopping lateral movement is critical: “The second a threat actor is able to start moving between multiple devices, no matter how great your team is, it becomes a complex situation that needs lots of people and a lot of time,” Turedi says. “It becomes quite problematic to correctly manage and mitigate.”
  • Why the CrowdStrike Threat GraphTM database is vital to ensuring protection: Threat Graph is a massive threat database — currently collecting and analyzing over 2.5 trillion security events per week. “This is detailed events information from tens of millions of sensors worldwide, collecting security event data and security threat information globally,” he says. “This information allows CrowdStrike to understand the global threat landscape at any given moment and understand new threats and identify them very quickly. Most importantly, it protects our customers from these threats and also allows us to understand how other threats may have evolved.”
  • How CrowdStrike uses artificial intelligence (AI) and machine learning (ML) to quickly identify unknown and never-before-seen malware: Detecting indicators of attack (IOAs) is an important way CrowdStrike’s Falcon platform helps organizations triage and prioritize security incidents, he explains. “Not only does it allow us to identify the types of malware trying to be malicious against your organization, it also allows us to quickly identify a non-malware threat or living-off-the-land techniques,” Turedi says.
In closing, Harris describes how his team has been able to operationalize the information they get from CrowdStrike. He explains that it happens in a couple of different ways, “One of the most impressive ones is the reports we get pre-event. We obviously go to 21 to 22 different countries during the year and you're never really quite sure what security measures you should or shouldn't take with your personal devices or your work ones. So, getting a one- or two-page report that actually goes to all the traveling members of the team … all the senior management and also everybody in IT and a few of the hubs … gives us real information and insight into what we should be thinking about with regards to what devices we should not take with us, what devices should be turned off when we're going through security, and other measures that we could take to make sure our data is secure.”

 

The second way they operationalize this information is via the Falcon Complete team. Harris says, “We rely very heavily on the team informing us of things that they’ve seen within the portal, and about things that are occurring on our network.”

Additional Resources:

Breaches Stop Here