Tahawultech.com spoke to Rawad Sarieddine, Senior Director at Crowdstrike, to find out how its new metric is empowering enterprises with an ability to detect real-time threats.
Crowdstrike has recently launched a new real-time threat monitoring metric called CrowdScore. How will this new industry innovation empower CXO’s to make better-informed decisions in relation to security?
CrowdScore is a simple metric that enables CxOs to instantly see the real-time threat level their organizations are facing, allowing them to quickly mobilize resources to respond.
We all know that speed of detection, investigation and response are essential for effective security. CrowdStrike research on breakout time shows that security teams should strive to detect threats on average in 1 minute, understand them in 10 minutes and contain them in 60 minutes to be effective at stopping breaches. Traditionally, organizations have struggled to meet these metrics due to lack of resources and prioritization of an ever-growing number of alerts.
CrowdScore changes the game by solving both problems. So CxOs now can ensure that they are instantly made aware of incidents in their environment that demand activation of crisis management plans. It also empowers security operations teams to move away from tactical alert resolution to strategic incident management.
In the past year, CrowdStrike Falcon has enhanced its platform, and in March, launched Falcon for mobile. Can you tell us more about the Falcom for mobile?
Falcon for Mobile is built on the award-winning CrowdStrike Falcon platform, allowing you to secure your mobile devices via a single solution that also protects workstations, servers, cloud workloads and containers. Mobile devices have completely changed the way employees work — providing instant access to business-critical applications anytime and anywhere.
However, mobility is a challenge for security teams as they strive to secure the data stored or remotely accessed by enterprise mobile applications. At the same time, we know Mobile threats are real and relying on underlying mobile platform safeguards is not enough. Mobile device management (MDM) solutions have been available for years, but they don’t address core security concerns — that’s why a new perspective is necessary.
CrowdStrike was positioned as a leader in the Gartner Magic Quadrant for endpoint protection platform. In your expert opinion, what ultimately differentiates CrowdStrike from its competitors?
CrowdStrike is the pioneer of cloud-delivered endpoint protection. CrowdStrike Falcon has revolutionized endpoint security by being the first and only solution to unify next-generation antivirus, endpoint detection and response (EDR), and a 24/7 threat hunting service — all delivered via a single lightweight agent.
Using its purpose-built cloud-native architecture, CrowdStrike collects and analyses more than
30 billion endpoint events per day from millions of sensors deployed across 176 countries.
The unique benefits of this unified and lightweight approach include immediate time-to-value, better performance, reduced cost and complexity, and better protection that goes beyond detecting malware to stop breaches before they occur. These capabilities are based on a unique combination of prevention technologies such as machine learning, Indicators of Attack (IOA), exploit blocking, unparalleled real-time visibility and 24×7 managed hunting to discover and track even the stealthiest attackers before they do damage.
The sophistication of cyberattacks is increasing. However, is a lack of visibility the biggest barrier preventing businesses from implementing a watertight security structure?
Visibility is an essential element in next-generation endpoint protection. While legacy endpoint security products were limited to either blocking or allowing an activity, next-generation endpoint protection products add the ability to record activity on the endpoint and store it in a database for future search and investigation.
CrowdStrike delivers superior visibility as a result of its unique architecture. The Falcon sensor does more than just record and store events. It puts events in context and links related events together to paint an accurate picture of the state of the machine. Events recorded by the Falcon sensor are streamed to the cloud and stored in a graph database. This approach ensures that data is accessible even if some systems are offline at the time of the search. It also ensures reliability, speed, and scalability.
This allows Falcon Endpoint Protection to provide deep visibility 21 across your entire environment in five seconds or less.
Do you think the emergence of disruptive new technologies such as AI and predictive analytics could be the solution to security issues for enterprises?
CrowdStrike uses the power of crowdsourced data to deliver cloud-scale artificial intelligence (AI) for real-time visibility across the enterprise, even at the firmware level and regardless of whether users are on or off the network. We are also proud of the unique “brains” behind the Falcon platform — the CrowdStrike Threat Graph® — a massive graph database that uses deep-link analytics to correlate over two trillion endpoint-related events per week, in real-time, from across the globe to immediately empower and protect all customers.