Cyberattacks are entering a new phase in which identities are the weapon of choice and the cloud is the new battleground. Attackers are turning speed, stealth and weaponized AI into a devastating advantage. The weaponization of AI for everything from social engineering to ransomware attacks launched with Living-off-the-land (LoTL) techniques that rely on Powershell, PsExec, Windows Management Interface (WMI) and other common tools is rapidly accelerating.
The threatscape is moving faster than many organizations can keep up with, made all the more challenging by internal complexities and multiple sources of threat data.
All these challenges call for a faster-responding, preemptive cybersecurity deterrence and resilience strategy.
CrowdStrike strengthens its cyber fighting arsenal
CrowdStrike knows those challenges well, as the company has defended its customers throughout a series of challenging, turbulent years of attacks. Keynotes and presentations at CrowdStrike Fal.Con 2023 brought those challenges into sharp focus with leaders defining a strong vision for how generative AI can strip away complexity and foster IT and security collaboration to improve response times. Nation-state attacks are on the rise, as are faster-moving social engineering, deepfake, vishing and pretexting attacks.
Known for the depth of its AI, machine learning (ML) and DevOps expertise, CrowdStrike often relies on Fal.Con as a launch event for their latest generation products and services. To that point, twelve new announcements are being made at this week’s Fal.Con.
These announcements include CrowdStrikes’ acquisition of Bionic and several launches and updates including: Charlotte AI Investigator, Collaborative Incident Command Center, Falcon Data Protection, Falcon Exposure Management, Falcon for IT and FalconFoundry, a new no-code application development platform.
Additional announcements include FalconCloud Protection, FalconFlex Licensing and the Raptor Release for the next-generation Falcon platform. CrowdStrike also introduced extended detection and response (XDR) for All and XDR Incident Workbench, which features an improved investigation interface and workflows.
Complexity kills, speed is the cure
One of the core themes of Fal.Con 2023 is how adversaries concentrate on compromising complex cloud configurations. CrowdStrike reports that cloud exploitation by adversaries increased 95% year-over-year. The more complex a cloud configuration, the greater the chances they’re misconfigured and the harder it is to find the error even after a breach.
“The speed at which these threat actors operate is unparalleled — the ability to leverage social engineering, the ability to get in, the ability to move out laterally in many cases,” CrowdStrike president, CEO and cofounder George Kurtz told VentureBeat. “I think they know the network better than the system administrators know the network.”
CrowdStrike says that 62% of all interactive intrusions they observed in the last 12 months began with identity-based attacks. In Q2 alone, CrowdStrike observed increased momentum of attacks with tactics, techniques and procedures (TTPs) similar to recent high-profile attacks on critical infrastructure organizations. Integral to CrowdStrikes’ strategy is the use of AI to gain greater insights from all available telemetry sources — including human observations — to better detect and respond to identity-based attacks.
CrowdStrike is setting a fast pace in the generative AI cybersecurity race
Kurtz emphasized that CrowdStrike has always been an AI-native company and that they intend to keep strengthening that as a core part of their DNA. The highlight of his keynote was a series of demonstrations of Charlotte AI Investigator, a new gen AI assistant. Charlotte AI brings the power of conversational AI to the Falcon platform to accelerate threat detection, investigation and response through natural language interactions. Charlotte AI generates a large language model (LLM)-powered incident summary to help security analysts save time analyzing breaches.
As part of the development process, Kurtz visited customers and spent half a day in their Security Operations Centers (SOCs) to see first-hand what analysts are dealing with. Based on Kurtz’s research, Charlotte AI was designed to significantly reduce the time required for security analysts to investigate and respond to threats. Kurtz mentioned that the tool is powered by massive datasets and human-validated threat intelligence.
Charlotte AI will be released to all CrowdStrike Falcon customers over the next year, with initial upgrades starting in late September 2023 on the Raptor platform.
CrowdStrike’s chief product officer Raj Rajamani pointed out that Charlotte AI helps make security analysts “two or three times more productive” by automating repetitive tasks. Rajamani told VentureBeat that CrowdStrike has invested heavily in its graph database architecture to fuel Charlotte’s capabilities across endpoints, cloud and identities.
Bionic strengthens CrowdStrike’s cloud security portfolio
Cloud exploitation attacks are growing 95% year-over-year as attackers constantly work to improve their tradecraft and breach cloud misconfigurations. It’s one of the fastest-growing threat surfaces CrowdStrike tracks in its annual global threat reports.
To help address this problem, CrowdStrike acquired Bionic for its application security and posture management as it looks to strengthen its cloud workload protection strategy while driving new revenue from cloud security.
During the latest CrowdStrike earnings call, Kurtz said that net new annual recurring revenue (ARR) growth for Falcon Cloud Security accelerated to 70% quarter over quarter. He added that the cloud security market opportunity is massive and growing rapidly, with the potential to reach $18 billion in calendar year 2026.
CrowdStrike continues to see strong momentum on the cloud, and acquiring Bionic delivers a complete view of all activity while protecting what’s running in the cloud. The acquisition also helps strengthen CloudStrikes’ ability to sell consolidated cloud-native security on a unified platform.
What’s unique about Bionic is its ability to analyze cloud apps and infrastructure without needing source code access or instrumentation. Kurtz mentioned during his Fal.Con keynote how essential Bionic is to CrowdStrike’s platform strategy: It can provide real-time visibility into risks and misconfigurations. It is also known for its ability to provide app-level protections focused on cloud architectures, making it a strong fit for CrowdStrikes’ customer base of cloud-first organizations.
CrowdStrike’s strategy of selling platform consolidation is working
Based on this week’s announcements at Fal.Con 2023, it’s evident that CrowdStrikes’ strategy of providing customers a path to consolidating their tech stacks is working.
By consolidating tools onto Falcon, organizations improve their security outcomes and productivity while reducing costs and complexity. VentureBeat spoke with CrowdStrike customers who said they successfully reduced the number of multiple agents on endpoints while gaining greater visibility across their IT infrastructure. While many competing vendors — including Palo Alto Networks — are attempting this strategy, CrowdStrike’s approach is differentiated by its commitment to keeping it platform open down to the chipset and silicon level.
CrowdStrike’s strategy of having an open, extensible ecosystem that can adapt and flex to the unique needs of its customers is one of the factors driving its success. A proof point is from its latest earnings call, when the company reported subscription customers with five or more, six or more, and seven or more modules increased to 63%, 41%, and 24% of subscription customers, respectively.
“In Q2, we closed over 80% more deals involving eight or more modules than a year ago as customers increasingly look to CrowdStrike to consolidate their security stack,” Kurtz said on the earnings call.
CrowdStrike exceeded guidance in Q2’24 with 37% revenue growth and delivered a record 21% non-GAAP operating margin. The company expects to sustain this profitability in the future, exiting Q4 within their target model.
The post CrowdStrike defines a strong vision for generative AI at Fal.Con 2023 appeared first on Venture Beat.