CrowdStrike - Experts & Thought Leaders

Cybersecurity pioneer Rubrik announced Nicole Perlroth, bestselling cybersecurity author and former New York Times lead cybersecurity reporter, has been appointed as Chief Cyber Raconteur. In her advisory role, Perlroth will help strengthen Rubrik’s leadership in the cyber resilience market and drive the company’s reporting on cyber threats. Rubrik Zero Labs reports Perlroth aims to transform broad cybersecurity and cyber resilience topics into easily accessible Perlroth aims to transform broad cybersecurity and cyber resilience topics into easily accessible and understood stories for the general public - from individuals to businesses with her award-winning storytelling. From podcasts to Rubrik Zero Labs reports, Perlroth’s appointment demonstrates Rubrik’s commitment to drive important conversations about the future of cybersecurity, cyber resilience, and the technologies that power and protect the world.  How cyber attacks happen “Nicole is one of the most-informed experts on cyber threats and we are honoured to welcome her to our team," said Bipul Sinha, Rubrik CEO, Chairman and Co-founder. “Her reputation as an expert and storyteller in cybersecurity speaks for itself. We share an urgency and commitment to document when, why, and how cyber attacks happen, and how our industry must work together to be digitally resilient to them.”   How China grew into a major player in the cyber world Nine-part series that unpacks the high-stakes world of digital espionage and sabotage Also now, Rubrik and Perlroth launch a new podcast series - To Catch a Thief: China’s Rise to Cyber Supremacy - about how China grew into a major player in the cyber world. The podcast, hosted by Perlroth, tracks the Chinese hacking threat as it evolved from trade secret theft, to mass surveillance, to a far more alarming phase: embedding in U.S. government agencies, power grids, transportation hubs, and water systems.  To Catch a Thief is a first of its kind: a deeply-reported, nine-part series that unpacks the high-stakes world of digital espionage and sabotage, and sheds light on many stories of Chinese cyberespionage that have remained untold.  Intelligence and cybersecurity experts "I’ve spent more than the last two years reporting for To Catch a Thief, to bring together my firsthand experience witnessing state-sponsored attacks with insights from pioneering intelligence and cybersecurity experts,” said Perlroth. "Listeners will go behind the headlines to understand who’s orchestrating these attacks, how they're executed, and why they matter to all of us. My hope is that we can collectively learn from this story of espionage, IP-theft, geopolitics, and shifting power dynamics to finally do what is necessary to anticipate and root out infiltrations of American businesses– and urgently, our infrastructure.” Expert voices, untold stories To Catch a Thief charts the rise of China’s state-sponsored hackers, from their beginnings as “the most polite, mediocre hackers in cyberspace” to the “apex predator” that now haunts America’s critical infrastructure. It examines the implications of China’s advancements–Volt, Salt, and Silk Typhoons--with an eye on how to navigate state-sponsored cybersecurity risks. The podcast features interviews with top intelligence and cybersecurity experts, including: Kevin Mandia, former CEO of Mandiant, now part of Google, now Ballistic Venture  Dmitri Alperovitch, co-founder and former CTO of CrowdStrike, now Silverado Policy Accelerator Jen Easterly, former Director of CISA, the US Cybersecurity and Infrastructure Security Agency (2021-2025) Heather Adkins, founding member of the Google Security Team  Nate Fick, First U.S. Ambassador of Cyberspace and Digital Policy  Andrew Scott, Associate Director for China Operations at CISA Rob Joyce, former NSA cybersecurity director  Jim Lewis (Center for Strategic and International Studies), an expert in U.S.-sino relations. The nation’s pioneering cyber threat intelligence analysts: John Hultquist (Mandiant, Google), and Steve Stone (Sentinel One, formerly Rubrik) David Barboza, Pulitzer Prize Winner, Former New York Times Shanghai Bureau Chief Senior China advisors at the National Security Council & the Pentagon Top U.S. military officials leading cyberwarfare planning in the Asia-Pacific region To Catch a Thief is available on all major podcast platforms.

Zimperium, a pioneer in mobile security, announced that it is enhancing detection and response capabilities of security teams by integrating with the industry-pioneering CrowdStrike Falcon® cybersecurity platform. This new integration, now available on the CrowdStrike Marketplace, enables seamless sharing of mobile threat intelligence from Zimperium’s Mobile Threat Defense platform to CrowdStrike Falcon® Next-Gen SIEM. Zimperium's 2024 Threat Report According to Zimperium's 2024 Global Mobile Threat Report, 82% of phishing sites targeted mobile devices and unique malware samples increased by 13% year-over-year. As a pioneer of mobile security, Zimperium offers a comprehensive approach to securing the entire mobile ecosystem, from applications to endpoints, within a single platform. Zimperium’s robust mobile threat Zimperium’s robust mobile threat and risk forensics with CrowdStrike’s AI-driven detection Integrating Zimperium’s robust mobile threat and risk forensics with CrowdStrike’s AI-driven detection and response, all mapped to the MITRE ATT&CK framework, equips security teams to proactively address mobile security gaps, reduce incident response times, and improve mobile endpoint security management. Together, they deliver enhanced visibility across mobile endpoints and with Falcon Next-Gen SIEM, security teams can seamlessly ingest data from any security or IT source, which is enriched with Falcon platform data, threat intelligence, AI and workflow automation, providing rapid detection and response across enterprise environments. Advanced detection strategies “We are excited to partner with CrowdStrike to deliver enhanced visibility and greater flexibility for our customers and partners,” said David Natker, VP, Global Partners and Alliances at Zimperium. “As mobile threats become increasingly sophisticated, enterprises need advanced detection strategies to safeguard sensitive data and prevent mobile attacks. This integration equips SOC teams with the tools to seamlessly monitor and respond to mobile threats, enhancing visibility and delivering unified mobile security across their environments.”

Drata, the pioneering Trust Management platform, announced it has entered into a definitive agreement to acquire SafeBase, the pioneering Trust Centre solution for the enterprise. The acquisition is intended to integrate both companies’ shared vision of being the go-to “trust layer” between companies—driving seamless, transparent relationships with the most comprehensive Trust Management Platform. The acquisition is expected to close later this month. Cloud and AI dependency Maintaining client trust via serial compliance requires a scalable and adaptable approach The surge in market demand for a full stack Trust Management platform is fuelled by a perfect storm of increasing Cloud and AI dependency, stricter regulatory requirements like DORA, ISO 42001, and the EU AI Act, high profile breaches, and rising security risks. Maintaining customer trust through continuous compliance requires a scalable and adaptable approach to effectively address these challenges. Drata’s acquisition of SafeBase Drata’s acquisition of SafeBase is expected to significantly enhance its ability to streamline security reviews and strengthen vendor risk management, all through AI-driven automation. Together, Drata and SafeBase will create a seamless ecosystem of trust, governance, risk, and compliance (GRC).  Since SafeBase's founding in 2020 by CEO Al Yang and CTO Adar Arnon, over 1,000 organisations like OpenAI, Twilio, Crowdstrike, Hubspot, LinkedIn, T-Mobile, and one-third of the Cloud 100 have used its Trust Centres to drive approximately $15 billion in security-enabled revenue.  Inbound security questionnaires Drata’s meteoric growth in the past four years has also empowered thousands of organisations With SafeBase, organisations can build trust through transparency and reduce time spent on inbound security questionnaires by up to 98%. Drata’s meteoric growth in the past four years has also empowered thousands of organisations to radically transform compliance automation, vendor risk management, and modern GRC. Innovations in automation and AI “As a pioneer of the Trust Centre category, SafeBase has always been committed to addressing and solving our customers’ needs through unmatched innovations in automation and AI,” said Al Yang, Co-Founder and CEO of SafeBase. “Joining Drata marks another milestone in that commitment, where two customer-obsessed companies with aligned missions and cultures work together to redefine what’s possible in Trust Management. This union cements our position as the pioneering solution for the enterprise.” Compliance and vendor risk management “Trust is now a competitive advantage that rests on a combination of speed and tangible proof, so there’s never been a more important time for organizations to prioritise compliance and vendor risk management, while eliminating the pain points within their GRC program,” said Adam Markowitz, Drata Co-Founder and CEO. “Together with SafeBase, we are empowering customers to continuously ensure and proactively communicate security, compliance and trust—with unrivalled market advantage.”

A larger proportion of cyberattacks in the first half of 2019 can be attributed to electronic criminals (eCrime adversaries) compared to state-sponsored or unidentified attacks. CrowdStrike, a cybersecurity company that provides the CrowdStrike Falcon endpoint protection platform, observes that 61% of targeted cybersecurity campaigns in the first half of 2019 were sourced from eCrime adversaries, compared to 39% from other sources. Technology was the top vertical market targeted by cyber-attacks in the first half of the year CrowdStrike Falcon Overwatch platform The eCrime portion more than doubled since 2018, reflecting an escalation of criminal players in search of more and larger payouts. The trend is among the information presented in CrowdStrike’s Overwatch 2019 Mid-Year Report: Observations from the Front Lines of Threat Hunting. Falcon OverWatch is the CrowdStrike-managed threat hunting service built on the CrowdStrike Falcon platform. Technology was the top vertical market targeted by cyber-attacks in the first half of the year, followed by telecommunications and non-governmental organisations (including think tanks). Other targets (in decreasing order) were retail, financial, manufacturing, transportation and logistics, gaming, entertainment and engineering. Hospitality disappeared from the list so far this year, although Crowdstrike expects an increase in intrusions aimed at the hospitality industry to put it back in the top 10 by the end of the year. Intrusion adversaries In terms of intrusion adversaries, the top players so far in 2019 are Spiders (eCrime) and Pandas (China). Regarding initial access techniques, the most common remain, in order of prevalence, valid accounts, spear-phishing and exploitation of public-facing applications. 2009 is proving to be an active year with a significant increase in eCrime and the inter-relationships occurring across different groups as they strengthen their organisations, forge alliances and expand their footprint. Need for a proactive security posture Basic hygiene form the foundation for a strong cybersecurity program Many of the techniques used by eCrime actors are easily defensible through strong security products and a proactive security posture, says CrowdStrike, which recommends the following measures to help maintain strong defense in 2019: Be attentive to basic hygiene such as user awareness, asset and vulnerability management, and secure configurations, which form the foundation for a strong cybersecurity program. User awareness programs can combat the continued threat of phishing and related social engineering techniques. Asset management and software inventory ensures that an organisation understands it footprint and exposure. Vulnerability and patch management can verify that known vulnerabilities and insecure configurations are identified, prioritised and remediated. Multifactor authentication (MFA) should be established for all users because today's attackers are adept at accessing and using valid credentials. A robust privilege access management process will limit the damage adversaries can do if they get in and reduce the likelihood of later movement. Implementing password protection prevents disabling or uninstalling endpoint protection that provides critical prevention and visibility for defenders. Countering sophisticated cyber attacks As sophisticated attacks continue to evolve, enterprises face more than a "malware problem" As sophisticated attacks continue to evolve, enterprises face more than a "malware problem." Defenders should look for early warning signs that an attack may be underway, such as code execution, persistence, stealth, command control and lateral movement within a network. Contextual and behavioral analysis, when delivered in real time via machine learning and artificial intelligence, effectively detects and prevents attacks that conventional "defense-in-depth" technologies cannot address. "1-10-60 rule" in combating advanced cyber threats CrowdStrike recommends that organisations pursue a "1-10-60 rule" in order to effectively combat sophisticated cyberthreats. That is, they should seek to detect intrusions in under one minute; to perform a full investigation in under 10 minutes, and to eradicate the adversary from the environment in under 60 minutes. A source at CrowdStrike said "Meeting this challenge requires investment in deep visibility, as well as automated analysis and remediation tools across the enterprise, reducing friction and enabling responders to understand threats and take fast, decisive action."

We live in an information and data-led world, and cybersecurity must remain top-of-mind for any organisation looking to both protect business operation critical assets. Businesses without proper cyber measures allow themselves to be at risk from a huge list of threats - from cybercriminals conducting targeted spear-phishing campaigns - like the 2018 Moscow World Cup vacation rental scam, to nation-state actors looking to collect intelligence for decision makers - no organisation is safe from innovative cyber threats. Security solutions enterprises Organisations can then set the groundwork necessary to stop malicious activity and keep their business’ data safe The evolving threat space means organisations need to ensure they have the most innovative prevention and detection frameworks in order to withstand adversaries using complex and persistent threats. When implementing new security solutions enterprises must start by assuming that there is already a bad actor within their IT environment. With this mindset, organisations can then set the groundwork necessary to stop malicious activity and keep their business’ data safe. As there is no one silver bullet that truly stops all cyberattacks, organisations must adopt a multipronged approach to be widely adopted to stop adversaries. This must include tracking, analysing and pinpointing the motivation of cyber actors to stay one step ahead through global intelligence gathering and proactive threat hunting. In addition, deploying new technologies leveraging the power of the cloud give a holistic view of the continuously evolving threat landscape and thereby secure data more efficiently. Traditional security approach In today’s landscape, the propagation of advanced exploits and easily accessible tools has led to the blurring of tactics between statecraft and tradecraft. Traditional security approaches are no longer viable when it comes to dealing with the latest trends in complex threats. To make defending against these threats even more complicated, adversaries are constantly adapting their tactics, techniques and procedures (TTPs), making use of the best intelligence and tools. CrowdStrike’s latest Global Threat Report tracked the speed of the most notable adversaries including Russian, Chinese, North Korean and Iranian groups. As the adversaries’ TTPs evolve into sophisticated attack vectors defenders need to recognise we are amidst an extreme cyber arms race, where any of the above can become the next creator of a devastating attack. Russian efficiency is particularly high; they can spread through an enterprise network in 18 minutes 48 seconds on average, following the initial cyber-intrusion. Sophisticated cyber weapons Actors tend to use a simple trial and error technique where they test the organisation's network So, reacting to threats in real-time is a priority. Bad actors are extremely vigilant and committed to breaking down an organisation’s defences, and speed is essential to finding the threats before they spread. Actors tend to use a simple trial and error technique where they test the organisation's network, arm themselves with more sophisticated cyber weapons, and attack again until they find a vulnerability. This has highlighted the need for tools that provide teams with full visibility over the entire technology stack in real-time in order to meet these threats head-on. Traditional solutions are scan-based, which means they don’t scale well and can’t give the security teams context around suspicious activity happening on the network. They lack full visibility when a comprehensive approach is needed. Businesses without proper cyber measures allow themselves to be at risk from a huge list of threats - like the 2018 Moscow World Cup vacation rental scam Malicious behaviour Through leveraging the power of the cloud and crowdsourcing data from multiple use cases, security teams can tap into a wealth of intelligence collated from across a vast community. This also includes incorporating threat graph data. Threat graphs log and map out each activity and how they relate to one another, helping organisations to stay ahead of threats and gain visibility into unknowns. Threat graph data in conjunction with incorporating proactive threat hunting into your security stack creates a formidable 360-degree security package. Managed threat hunting teams are security specialists working behind the scenes facing some of the most sophisticated cyber adversaries through hands on keyboard activity. Threat hunters perform quickly to pinpoint anomalies or malicious behaviour on your network and can prioritise threats for SOC teams for faster remediation. In-depth knowledge Security teams need to beat the clock and condense their responseIt is key for security teams to have an in-depth knowledge of the threat climate and key trends being deployed by adversaries. The TTPs used by adversaries leave are vital clues on how organisations can best defend themselves from real-life threats. Intrusion ‘breakout time’ is a key metric tracked at CrowdStrike. This is the time it takes for an intruder to begin moving laterally outside of the initial breach and head to other parts of the network to do damage. Last year, the global average was four hours and 37 minutes. Security teams need to beat the clock and condense their response and ejection of attackers before real damage is done. Next-generation solutions When managing an incident clients need to be put at ease by investigations moving quickly and efficiently to source the root of the issue. Teams need to offer insight and suggest a strategy. This can be achieved by following the simple rule of 1-10-60, where organisations should detect malicious intrusions in under a minute, understand the context and scope of the intrusion in ten minutes, and initiate remediation activities in less than an hour. The most efficient security teams working for modern organisations try to adhere to this rule. As the threat landscape continues to evolve in both complexity and scale, adequate budget and resources behind security teams and solutions will be determining factors as how quickly a business can respond to a cyberattack. To avoid becoming headline news, businesses need to arm themselves with next-generation solutions. Behavioural analytics The solution can then know when to remove an adversary before a breakout occurs Behavioural analytics and machine learning capabilities identify known and unknown threats by analysing unusual behaviour within the network. These have the ability to provide an essential first line of defence, giving security teams a clear overview of their environment. With this at hand, the solution can then know when to remove an adversary before a breakout occurs. Attackers hide in the shadows of a network’s environment, making the vast volume and variety of threats organisations face difficult to track manually. The automation of responses and detection in real-time is a lifeline that organisation cannot live without as adversaries enhance and alter their strategies. Adversaries continue to develop new ways to disrupt organisations, with cybersecurity industry attempting to keep pace, developing new and innovative products to help organisations protect themselves. These technologies empower security teams, automating processes and equipping security teams with the knowledge to respond quickly. Organisations can set themselves up for success by integrating the 1-10-60 rule into their security measures, giving them an effective strategy against the most malicious adversaries.