As the cost and complexity of deploying and maintaining on-premises security continues to rise, many endpoint security providers have embraced the cloud as the ideal way to deliver their solutions. Yet, incorporating cloud services into legacy architectures limits their ability to fully engage the tremendous power the cloud offers.
CrowdStrike Falcon recognized the value of cloud-delivery from the beginning, developing architecture built from the ground up to take full advantage of the cloud. CrowdStrike’s cloud-powered endpoint security not only ensures rapid deployment and infinite scalability, it increases your security posture by enabling real-time advanced threat protection across even the largest, distributed enterprises.
In this CrowdCast, Jackie Castelli, Sr. Product Manager will discuss:
•The advantages of endpoint protection purpose-built for the cloud – why it allows you to take full advantage of the cloud’s power
•The common concerns organizations face when evaluating cloud-based endpoint security - can privacy and control be assured?
•Real-world examples demonstrating the unique advantages offered by CrowdStrike Falcon’s innovative cloud-powered platform
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Cloud-Enabled: The Future of Endpoint Security
1. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
CLOUD-ENABLED: THE FUTURE
OF ENDPOINT
JACKIE CASTELLI, SR PRODUCT MANAGER
2. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
1 CrowdStrike Intro
2 Why Cloud Is The Future of Endpoint Security
3 Cloud Concerns
4 How CrowdStrike Does It
4. Cloud Delivered Endpoint Protection
MANAGED
HUNTING
ENDPOINT DETECTION
AND RESPONSE
NEXT-GEN
ANTIVIRUS
CrowdStrike is the only security technology provider to unify next-gen AV and EDR into a
single agent, backed by 24/7 proactive threat hunting – all delivered in via the cloud
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
5. WHY THE CLOUD IS THE FUTURE OF ENDPOINT SECURITY
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
Better Performance And Better Protection
6. “SIMPLY PUT, CLOUD COMPUTING IS A
BETTER WAY TO RUN YOUR BUSINESS.”
Marc Benioff, Founder, CEO and Chairman of Salesforce
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
7. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
THE CLOUD PROVIDES BETTER PERFORMANCE
Eliminates Deployment
Burden
Lightweight Agent
8. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
ELIMINATES
DEPLOYMENT
BURDEN
Faster and simpler deployment with the Cloud
§ No on premise hardware
§ Faster deployment
§ Eliminates complexity
§ SaaS scalability
9. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
LIGHTWEIGHT AGENT
Lighten the agent with the Cloud
§ Lighten the agent by dividing the work
between endpoint and the Cloud
§ Work in the Cloud when needed
§ Work on the sensor when needed
10. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
THE CLOUD PROVIDES BETTER PROTECTION
Protection Everywhere Intelligence Sharing Obscured from Attackers
11. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
PROTECTION
EVERYWHERE
Protection on and off the corporate network
§ On premise architectures are outdated
and insufficient to protect today’s
endpoints
14. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
INTELLIGENCE
SHARING
Every New Attack Feeds Into New Defenses For All
§ Learn from new attacks
§ Share that intelligence in real-time
§ Eliminate silos
15. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
OBSCURED FROM
ATTACKERS
Eliminate operational burden with the Cloud
§ Well funded adversaries reverse
engineer security solutions they can
buy
§ Looking for vulnerabilities and ways to
bypass those solutions
§ Cloud solutions escapes attacker
scrutiny
16. CONCERNS ABOUT THE CLOUD
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
My data…...
17. THERE
ARE STILL A
LOT OF
CONCERNS
WITH THE
CLOUD
WHAT ARE PEOPLE
CONCERNED
ABOUT?
Factors Driving
Security Concerns
Regarding Customer
Data Residing in the
Public Cloud
Data Ownership 56%
51%
51%
47%
47%
46%
44%
42%
3%
Location of data
Shared Technology/multi-tenancy
Virtual Exploits
Lack of Strong access controls
Insecure interfaces APIs
Shadow IT (i.e., individual
business units deploying unsactioned
cloud workloads
Distributed denial of service (DDoS)
Attack affecting performance/uptime
Other
18. WHAT DATA
DO YOU HAVE
EXACTLY?
§ Event meta data – we do not need .exe
§ Examples: process start/stop times, network
connection activity, etc. as well as more
sensitive meta data such as filenames,
command line parameters
§ We do not want your personally identifiable
information (PII) & it’s unlikely we have it
§ Storing more data than needed is counter-
productive: it increases risk & it adds more
cost for us
19. •
When data is deleted it
follows NIST 800-88
for secure deletion of
sensitive data
•
Data handling
decisions are informed
by actual customer
usage– we listen & see
what people need &
make the best
decision possible
•
By default, we
retain most
data for 90 days in
the Falcon UI
•
The most detailed,
raw data is kept on
hand for 30 days
•
We archive data
for 1 year in case it
is needed & we
perform data
extractions by
request
HOW LONG DO YOU
KEEP OUR DATA?
20. HOW DO YOU
KEEP MY DATA
SEPARATE
FROM OTHERS?
§ We designed Falcon to be multi-tenant
§ All data is tagged with unique, but
anonymous “Customer ID” & “Agent ID”
values
§ Customer ID is mapped in a separate
provisioning system to the customer name; it is
not stored anywhere in actual event data
§ Sensor to cloud comms are via an SSL-
encrypted tunnel that is pinned to our PKI
certificate to guard against MITM attacks or
injection of untrusted CAs on the device
21. HOW DO YOU
KEEP MY DATA
SEPARATE
FROM OTHERS?
§ Cloud data is protected on a VPN requiring
2FA & with strict data privacy & access
control
§ All data access within the system is managed
through constrained APIs that require a
customer-specific token to access only that
customer's data
§ Data at rest is encrypted
§ Our analysis engines act on the raw event
data, so they only leverage the anonymized
CID and AID values for clustering of results
24. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
TRUE BIG DATA SCALE
§ 30 billion events a day
§ 2 Petabytes of data
25. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
WHAT WE DO IN THE
CROWDSTRIKE
CLOUD
§ DEPLOY
§ STORE
§ ANALYSE
§ SHARE
§ LEARN
§ HUNT
26. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
BENEFITS OF THE CROWDSTRIKE CLOUD
Better performance – Better protection
Intelligence sharing and
Community immunity
Unrivaled visibility Managed Hunting
Lightweight sensor Immediate time to value
27. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
What needs the cloud is in the cloud. What needs to be on the sensor is on the sensor
LIGHTWEIGHT SENSOR
§ MACHINE LEARNING
§ INDICATORS OF ATTACK
PREVENTION
§ EXPLOIT BLOCKING
§ CUSTOM HASH BLOCKING
§ CONTINUOUS MONITORING
§ MACHINE LEARNING
§ THREAT INTELLIGENCE
§ MANAGED HUNTING
§ THREAT GRAPH
ENDPOINT PROTECTION
CLOUD PROTECTION
§ No more daily signature updates
§ Small footprint
20MB on disk
§ No impact sensor
§ No reboots
28. IMMEDIATE TIME TO VALUE DEMO
Sensor Deployment
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
29. 1 - DISCOVER ATTACK PATTERN
ATTACK PATTERN
2 - ATTACK PATTERN SENT TO CLOUD
3 - ATTACK PATTERNS CONFIRMED
MATCH! ORG #1
ORG #2
ORG #3
MATCH!
MATCH!
COMMUNITY IMMUNITY
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
31. WE SEE NEARLY 2 INTRUSIONS/MAJOR
INCIDENTS EVERY HOUR…
24 hours a day, 7 days a week!
MANAGED HUNTING
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
32. Retail Customer
THE TRUE VALUE OF THE CLOUD
PROBLEM
SOLUTION
RESULTS
Active incident with multiple criminal and
nation-state adversaries
Existing AV, FW, IPS and IOC scanning failed
(AV, FWs, IPS, IOC scanning - all failed to
prevent the breach)
100+ countries, $50M in costs – adversary
persisted
No visibility into endpoint activities
Inability to find customized malware
Insufficient resources & expertise (Hunters)
2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
33. Retail Customer
THE FULL VALUE OF THE CLOUD
PROBLEM
SOLUTION
RESULTS
Deployed Falcon Host sensors in under 10
seconds per host with no reboot
Falcon identified dozens of breaches
50+ compromised systems & stolen
credentials
Falcon Intelligence attributed the attacks to
nation-state and criminal groups
Falcon Overwatch provided 24/7 coverage and
crucial notifications, preventing further
compromises
CrowdStrike Services took over the
remediation process and investigation to
remove the adversaries2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
34. Retail Customer
THE FULL VALUE OF THE CLOUD
PROBLEM
SOLUTION
RESULTS
Prevented further breaches, massive reputation
damage and regulatory headaches
Saved million of dollars in IR and legal costs
Frictionless deployment— Immediately Time to
Value
Identified adversary activity and malware
missed by other solutions and forensics teams
Dramatically reduced response & remediation
time & costs
No hardware to purchase or additional resources
to maintain & manage, saving time and money
Provided Tier 1 Hunting, freeing up valuable SOC
resources 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
35. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
CLOUD ENABLED ENDPOINT PROTECTION
§ Goes beyond deployment
§ Uses the full power of the cloud to provide better performance and better
protection
§ Crowdstrike solutions are Cloud enabled by design
36. Questions?
Please submit all questions in the Q&A chat right
below the presentation slides
Contact Us
Website: crowdstrike.com
Email: crowdcasts@crowdstrike.com
Twitter: @CrowdStrike