CybersecAsia: In what ways have cloud and AI been a game changer in beefing up cybersecurity?
Sentonas: The traditional approach to cybersecurity is no longer working: Most traditional security vendors built on database technology are fundamentally slow, and this is why it is necessary to move beyond database technology, which is poor at correlating disconnected data.
Speed and scale are contingent in any effective cybersecurity solution. Stopping threats based on behavior is only possible through native cloud. Employing a cloud native platform gives us a fundamental competitive advantage as we capture data once, reuse it and monetize it many times over. It is rapidly deployable, easy to use, and unlocks the power of crowdsourced data.
Artificial Intelligence (AI) is also able to add a significant advantage to enterprise security, being able to identify security anomalies far more quickly than any human team can, and also on a real time, always-on basis. AI can provide capabilities that go beyond the mere identification of known threats, allowing IT teams to determine a file’s maliciousness without requiring prior knowledge of the file, relying instead on an analysis of its innate properties. With sufficient quality data available, AI techniques can easily outperform traditional signature-based or indicator-of-compromise (IOC)-based prevention approaches.
As an example, CrowdStrike’s AI-enabled Falcon delivers and unifies next-generation antivirus, endpoint detection and response (EDR), managed threat hunting, IT hygiene, vulnerability management, and threat intelligence — all delivered via a single lightweight agent. As the only vendor that was fully cloud-native from day one, Falcon’s architecture allows us to operate at scale, something that others continue to strive to emulate.
CybersecAsia: Are cybercriminals now being employed to plant fake news and steer social media for political motives, and does CrowdStrike plan to keep such nefarious activities in check? How can services such as CrowdStrike help media agencies and even corporate employees involved in content development to toe the line?
Backgrounder: Singapore has a new law, Protection from Online Falsehoods and Manipulation Act (POFMA) that specifically mentions “various measures to … prevent the misuse of online accounts and bots (i.e. computer programs that run automated tasks).”
Sentonas: State actors around the world are increasingly turning to disinformation campaigns to manipulate public opinion, leveraging social media platforms on a broad scale. A study conducted by the University of Oxford uncovered evidence of organized social media manipulation campaigns in 70 countries, representing a steady increase over the past two years.
Malicious falsehoods could hurt the public interest, damaging national security, foreign relations, public peace, health, safety and finances. According to CrowdStrike’s Global Threat Report, industries at the top of the target list for malware-free intrusions include media, technology and academia. In fact, we have been seeing notable shifts in 2018 versus 2017: The media industry has jumped to the top of the charts, with approximately 80% malware-free attacks, versus approximately 64% in 2017.
In view of new regulations such as POFMA in Singapore, media agencies and content developers alike need to up their cybersecurity game to prevent manipulation campaigns, including the proliferation of fake accounts impersonating influential people with actors’ intent of steering public opinion on various issues. The continuous evolution of trolls and bots pose challenges in pinpointing behavioural change, given varying levels of sophistication, including well-constructed personas with rich fake histories.
CrowdStrike continues to help enterprises, including media agencies and content developers, lending its expertise through the delivery of contextual and behavioural analyses in real time via machine learning and artificial intelligence, to effectively detect and prevent attacks that conventional “defence-in-depth” technologies cannot address.
CybersecAsia: How are state-sponsored attack vectors handled without diplomatic spats with CrowdStrike caught in the crossfire?
Sentonas: CrowdStrike’s mission is to stop breaches and our focus is simply customer success, that means preventing breaches for every customer no matter the type or where the threat actor is from. We have to be concerned about every cyberattack launched against any government or business, and we need to be concerned about intelligence gathering irrespective of the target.
CybersecAsia: When the US government launches cyberattacks, this is done under the guise of defending its interests and even world interests—but when other governments do it, the US calls it blackhat cybercrime: What is the ethical stand of CrowdStrike in remaining neutral to all clientele?
Sentonas: CrowdStrike works with governments on the local, state and federal level; however it is important to highlight that cybersecurity is a non-partisan issue. One major source of threat intelligence for CrowdStrike is from the deployment of our Falcon sensor which today is deployed in 176 countries. We do not sell our technology in some countries, and as a result, we may not see some adversary activity in locations where we are not deployed.
CybersecAsia: How do CrowdStrike’s competitors also profess transparency and neutrality in their operations?
Sentonas: As an industry, we need more openness and we need to demystify cybersecurity practices. Our focus is clear, and that is to protect and stop breaches for our customers spanning the globe including both governments and businesses from large organizations to small businesses. The cybersecurity market is a huge global industry and it is better for every organization to comment (Editors’ note: this refers to corporate transparency) on how they run their business.