Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cloud-Enabled: The Future of Endpoint Security

1,872 views

Published on

As the cost and complexity of deploying and maintaining on-premises security continues to rise, many endpoint security providers have embraced the cloud as the ideal way to deliver their solutions. Yet, incorporating cloud services into legacy architectures limits their ability to fully engage the tremendous power the cloud offers.

CrowdStrike Falcon recognized the value of cloud-delivery from the beginning, developing architecture built from the ground up to take full advantage of the cloud. CrowdStrike’s cloud-powered endpoint security not only ensures rapid deployment and infinite scalability, it increases your security posture by enabling real-time advanced threat protection across even the largest, distributed enterprises.

In this CrowdCast, Jackie Castelli, Sr. Product Manager will discuss:

•The advantages of endpoint protection purpose-built for the cloud – why it allows you to take full advantage of the cloud’s power
•The common concerns organizations face when evaluating cloud-based endpoint security - can privacy and control be assured?
•Real-world examples demonstrating the unique advantages offered by CrowdStrike Falcon’s innovative cloud-powered platform

Published in: Technology
  • ⇒ www.WritePaper.info ⇐ is a good website if you’re looking to get your essay written for you. You can also request things like research papers or dissertations. It’s really convenient and helpful.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • by filling out a short survey? ➣➣➣ https://t.cn/A6ybK3XL
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Unlock Her Legs - How to Turn a Girl On In 10 Minutes or Less... ♣♣♣ http://ishbv.com/unlockher/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Earn a 6-Figure Side-Income Online... Signup for the free training HERE ♥♥♥ https://tinyurl.com/y3ylrovq
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Legitimate jobs paying $40/h Tap into the booming online job, industry and start working now! ▲▲▲ http://scamcb.com/ezpayjobs/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Cloud-Enabled: The Future of Endpoint Security

  1. 1. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. CLOUD-ENABLED: THE FUTURE OF ENDPOINT JACKIE CASTELLI, SR PRODUCT MANAGER
  2. 2. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. 1 CrowdStrike Intro 2 Why Cloud Is The Future of Endpoint Security 3 Cloud Concerns 4 How CrowdStrike Does It
  3. 3. A QUICK INTRODUCTION TO CROWDSTRIKE 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  4. 4. Cloud Delivered Endpoint Protection MANAGED HUNTING ENDPOINT DETECTION AND RESPONSE NEXT-GEN ANTIVIRUS CrowdStrike is the only security technology provider to unify next-gen AV and EDR into a single agent, backed by 24/7 proactive threat hunting – all delivered in via the cloud 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  5. 5. WHY THE CLOUD IS THE FUTURE OF ENDPOINT SECURITY 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Better Performance And Better Protection
  6. 6. “SIMPLY PUT, CLOUD COMPUTING IS A BETTER WAY TO RUN YOUR BUSINESS.” Marc Benioff, Founder, CEO and Chairman of Salesforce 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  7. 7. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. THE CLOUD PROVIDES BETTER PERFORMANCE Eliminates Deployment Burden Lightweight Agent
  8. 8. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. ELIMINATES DEPLOYMENT BURDEN Faster and simpler deployment with the Cloud § No on premise hardware § Faster deployment § Eliminates complexity § SaaS scalability
  9. 9. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. LIGHTWEIGHT AGENT Lighten the agent with the Cloud § Lighten the agent by dividing the work between endpoint and the Cloud § Work in the Cloud when needed § Work on the sensor when needed
  10. 10. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. THE CLOUD PROVIDES BETTER PROTECTION Protection Everywhere Intelligence Sharing Obscured from Attackers
  11. 11. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. PROTECTION EVERYWHERE Protection on and off the corporate network § On premise architectures are outdated and insufficient to protect today’s endpoints
  12. 12. OLD ENTERPRISE ARCHITECTURE O N P R E M I S E S E C U R I T Y
  13. 13. MODERN ENTERPRISE ARCHITECTURE CLOUD SECURITY Mobile Worker Public Cloud Private Cloud Remote Worker Branch Office
  14. 14. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. INTELLIGENCE SHARING Every New Attack Feeds Into New Defenses For All § Learn from new attacks § Share that intelligence in real-time § Eliminate silos
  15. 15. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. OBSCURED FROM ATTACKERS Eliminate operational burden with the Cloud § Well funded adversaries reverse engineer security solutions they can buy § Looking for vulnerabilities and ways to bypass those solutions § Cloud solutions escapes attacker scrutiny
  16. 16. CONCERNS ABOUT THE CLOUD 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. My data…...
  17. 17. THERE ARE STILL A LOT OF CONCERNS WITH THE CLOUD WHAT ARE PEOPLE CONCERNED ABOUT? Factors Driving Security Concerns Regarding Customer Data Residing in the Public Cloud Data Ownership 56% 51% 51% 47% 47% 46% 44% 42% 3% Location of data Shared Technology/multi-tenancy Virtual Exploits Lack of Strong access controls Insecure interfaces APIs Shadow IT (i.e., individual business units deploying unsactioned cloud workloads Distributed denial of service (DDoS) Attack affecting performance/uptime Other
  18. 18. WHAT DATA DO YOU HAVE EXACTLY? § Event meta data – we do not need .exe § Examples: process start/stop times, network connection activity, etc. as well as more sensitive meta data such as filenames, command line parameters § We do not want your personally identifiable information (PII) & it’s unlikely we have it § Storing more data than needed is counter- productive: it increases risk & it adds more cost for us
  19. 19. • When data is deleted it follows NIST 800-88 for secure deletion of sensitive data • Data handling decisions are informed by actual customer usage– we listen & see what people need & make the best decision possible • By default, we retain most data for 90 days in the Falcon UI • The most detailed, raw data is kept on hand for 30 days • We archive data for 1 year in case it is needed & we perform data extractions by request HOW LONG DO YOU KEEP OUR DATA?
  20. 20. HOW DO YOU KEEP MY DATA SEPARATE FROM OTHERS? § We designed Falcon to be multi-tenant § All data is tagged with unique, but anonymous “Customer ID” & “Agent ID” values § Customer ID is mapped in a separate provisioning system to the customer name; it is not stored anywhere in actual event data § Sensor to cloud comms are via an SSL- encrypted tunnel that is pinned to our PKI certificate to guard against MITM attacks or injection of untrusted CAs on the device
  21. 21. HOW DO YOU KEEP MY DATA SEPARATE FROM OTHERS? § Cloud data is protected on a VPN requiring 2FA & with strict data privacy & access control § All data access within the system is managed through constrained APIs that require a customer-specific token to access only that customer's data § Data at rest is encrypted § Our analysis engines act on the raw event data, so they only leverage the anonymized CID and AID values for clustering of results
  22. 22. THE CROWDSTRIKE CLOUD 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  23. 23. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  24. 24. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. TRUE BIG DATA SCALE § 30 billion events a day § 2 Petabytes of data
  25. 25. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. WHAT WE DO IN THE CROWDSTRIKE CLOUD § DEPLOY § STORE § ANALYSE § SHARE § LEARN § HUNT
  26. 26. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. BENEFITS OF THE CROWDSTRIKE CLOUD Better performance – Better protection Intelligence sharing and Community immunity Unrivaled visibility Managed Hunting Lightweight sensor Immediate time to value
  27. 27. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. What needs the cloud is in the cloud. What needs to be on the sensor is on the sensor LIGHTWEIGHT SENSOR § MACHINE LEARNING § INDICATORS OF ATTACK PREVENTION § EXPLOIT BLOCKING § CUSTOM HASH BLOCKING § CONTINUOUS MONITORING § MACHINE LEARNING § THREAT INTELLIGENCE § MANAGED HUNTING § THREAT GRAPH ENDPOINT PROTECTION CLOUD PROTECTION § No more daily signature updates § Small footprint 20MB on disk § No impact sensor § No reboots
  28. 28. IMMEDIATE TIME TO VALUE DEMO Sensor Deployment 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  29. 29. 1 - DISCOVER ATTACK PATTERN ATTACK PATTERN 2 - ATTACK PATTERN SENT TO CLOUD 3 - ATTACK PATTERNS CONFIRMED MATCH! ORG #1 ORG #2 ORG #3 MATCH! MATCH! COMMUNITY IMMUNITY 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  30. 30. UNRIVALED VISIBILITY DEMO Hunting for attackers 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  31. 31. WE SEE NEARLY 2 INTRUSIONS/MAJOR INCIDENTS EVERY HOUR… 24 hours a day, 7 days a week! MANAGED HUNTING 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  32. 32. Retail Customer THE TRUE VALUE OF THE CLOUD PROBLEM SOLUTION RESULTS Active incident with multiple criminal and nation-state adversaries Existing AV, FW, IPS and IOC scanning failed (AV, FWs, IPS, IOC scanning - all failed to prevent the breach) 100+ countries, $50M in costs – adversary persisted No visibility into endpoint activities Inability to find customized malware Insufficient resources & expertise (Hunters) 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  33. 33. Retail Customer THE FULL VALUE OF THE CLOUD PROBLEM SOLUTION RESULTS Deployed Falcon Host sensors in under 10 seconds per host with no reboot Falcon identified dozens of breaches 50+ compromised systems & stolen credentials Falcon Intelligence attributed the attacks to nation-state and criminal groups Falcon Overwatch provided 24/7 coverage and crucial notifications, preventing further compromises CrowdStrike Services took over the remediation process and investigation to remove the adversaries2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  34. 34. Retail Customer THE FULL VALUE OF THE CLOUD PROBLEM SOLUTION RESULTS Prevented further breaches, massive reputation damage and regulatory headaches Saved million of dollars in IR and legal costs Frictionless deployment— Immediately Time to Value Identified adversary activity and malware missed by other solutions and forensics teams Dramatically reduced response & remediation time & costs No hardware to purchase or additional resources to maintain & manage, saving time and money Provided Tier 1 Hunting, freeing up valuable SOC resources 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  35. 35. 2017 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. CLOUD ENABLED ENDPOINT PROTECTION § Goes beyond deployment § Uses the full power of the cloud to provide better performance and better protection § Crowdstrike solutions are Cloud enabled by design
  36. 36. Questions? Please submit all questions in the Q&A chat right below the presentation slides Contact Us Website: crowdstrike.com Email: crowdcasts@crowdstrike.com Twitter: @CrowdStrike

×