On the watch: CrowdStrike on modernising endpoint security

CrowdStrike senior director Rawad Sarieddine delves into how the customer demands around endpoint security are evolving and how the firm’s cloud-native offerings can enable them achieve better visibility on their infrastructure.

Rawad Sarieddine, CrowdStrike

With the increasing number of endpoints and disappearing perimeters, how can organisations keep their environments cyber resilient?

The traditional network perimeter is dissolving as organisations adopt cloud technologies and today’s workforce become increasingly mobile. This is why, it is more critical than ever for customers to reevaluate their endpoint protection strategies and deploy modern prevention and visibility tools across all their workloads, whether on-premise or in the cloud. Organisations today also need to infuse threat intelligence into their security tools to become more aware, resilient and proactive in their security strategies.

What have been the most prevalent threats on endpoint devices over the past 12 months? And how does CrowdStrike help address these pain points?

Over the recent past, the threat surrounding endpoints have grown at an unprecedented pace as cyber-attackers evolve their methods. Today, almost every cyber threat globally is targeting endpoints and attackers have been evasive enough to move away from classic malware based attacks, into much stealthier techniques such as file-less attacks, exploits, and spear-phishing.

Our global expertise gives us a good understanding of today’s threat landscape and enables us to offer deep insights to our customers. Because of this, we have devised the concept of modern active endpoint detection and response (EDR), which leverages agent machine learning and cloud analytics to stop endpoint breaches. This method combines artificial intelligence (AI) with indicators of attack and threat hunting capabilities. Because of this, we are recognised today as a market leader in the endpoint protection space, by top analyst firms such as Gartner, Forrester and IDC.

How have customer demands around endpoint protection solutions evolved over the years?

Enterprises today have grown tired of bloated agents that hog machine resources and provide very little protection against modern threats. They have come to terms with the fact that they need to modernise their endpoint security strategies and replace legacy vendors. They look at CrowdStrike as a uniquely positioned ecosystem, which offers unmatched protection, detection and response capabilities, along with IT hygiene, vulnerability management, and world class threat intelligence.

How will AI and automation technologies transform the security industry? Do you see these technologies displacing traditional security roles in the next five years?

The cybersecurity landscape is heading towards immense growth as cloud-native vendors continue to invest in technologies such as AI and machine learning. This growth calls for new skills from cyber talents, as requirement move away from traditional L1 analyst to expertise in malware analysis, cloud workloads, APIs and scripting, as well as threat hunting.

Are traditional AV solutions becoming obsolete? What’s the main driver behind this?

Traditional AV vendors have reached a position where they either continue their legacy approach and keep losing market share, or sell out their business to larger non-cybersecurity companies. This is because many traditional software firms face challenges in adopting cloud-native, AI-powered technologies. Customers are increasingly adopting modern technologies like CrowdStrike, to get rid of the agent bloat that consumes endpoint resources without offering real protection. The main driver for displacement is that the legacy vendors’ bolt-on approach, which entails integrating multiple features and agents into a 20-year-old code across various consoles. Enterprises today are looking for new methods that leverages a unified lightweight agent that collects data once, utilises it for analytics, prevention and visibility.

How does Falcon OverWatch enable organisations to proactively address cyber threats?

Falcon Overwatch is a unique global service of a round-the-clock team of threat hunters. It constantly looks into millions of indicators with weak signals and silent detections, that are guaranteed to fly under the radar of endpoint protection and EDR solutions. Overwatch specialises in detecting advanced e-Crime and APT activity that leverages hands-on-keyboard and stolen credentials attacks that would otherwise be a nightmare to stop.

What can regional firms expect from you in the next 12 months?

We continue to outpace the endpoint security space in terms of innovation, and technology partnerships. Currently we are running 10 modules on our platform, including next gen AV, EDR, device control, IT hygiene, vulnerability management, threat intelligence and threat hunting. We continue to invest in the CrowdStrike Store, by announcing partnerships with vendors that offer email security, web security, OT security, NAC and UEBA among others. Over the course of this year you will be seeing multiple announcements in that space from CrowdStrike.

Previous ArticleNext Article


The free newsletter covering the top industry headlines