With CrowdStrike, customers benefit from superior protection, better performance, reduced complexity and immediate time-to-value delivered by the cloud-native Falcon platform
“Through the CrowdStrike Elevate Partner Program, partners can further enhance their security offerings and tools to better detect, investigate and respond to security threats, faster and more efficiently.”
Nitin Varma, Managing Director, India & SAARC, CrowdStrike India
Please give a brief overview of your company and the services/solutions you offer.
CrowdStrike is a global cybersecurity leader that has redefined modern security with one of the world’s most advanced cloud-native platforms for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data. Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities – all through a single, lightweight agent which in turn helps our customers simplify and consolidate security layers in their respective organisations
With CrowdStrike, customers benefit from superior protection, better performance, reduced complexity and immediate time-to-value delivered by the cloud-native Falcon platform. Our products and services cover:
- Endpoints: including Falcon XDR, Falcon Prevent, Falcon Insight
- Cloud: including Falcon Horizon, Falcon CWP
- Identity: including Falcon Identity, CrowdStrike Zero Trust
- Managed Services: including Falcon Complete, Falcon OverWatch
- Threat Intelligence: including Falcon X
- SecOps and ITOps: including Falcon Discover, Falcon Spotlight, Falcon FileVantage
- Observability and Log Management with our Humio products
What are the major market or security trends you foresee in 2022?
According to Gartner estimates, worldwide IT spending is projected to grow to $4.5 trillion in 2022, which is a 5.5% increase from 2021, and also said to be the highest YOY growth in the last decade. With rapid digital acceleration and an increased appetite for cloud adoption and redefinition of the work model as a result of ushering in a new hybrid work culture, the last few years have been transformative years for the technology industry. Earlier this year our CTO, Mike Sentonas called out some of the trends we’re watching with interest in 2022, these include:
- Ransomware double extortion gives rise to “extortion economy”: This past year, we saw the rise of the double extortion ransomware model, in which threat actors will demand one ransom for the return of the data and an additional ransom on top to prevent the data from being leaked or sold. However, in 2022, we expect to see the extortion/exfiltration side of ransomware achieve even higher levels of sophistication, possibly with a shift away from encryption to a sole focus on extortion.
- Contain your containers: In recent years, we’ve seen an explosion in containers and container-based solutions. Naturally, with the exponential rise in containers, we’ve seen a similar uptick in container-targeted threats. However, security for this innovative technology hasn’t quite caught on yet, as we continue to see them being deployed without proper security measures. With that, the rapid speed of deployment that containers offer will become a double-edged sword. The lack of vulnerability checks and misconfiguration checks, along with disparate teams involved in container deployments all contribute to a lack of security across the board. Attack surfaces are ever changing, and the threats to container deployments are increasing exponentially. Therefore, we will see containers become a potential attack vector for organizations who don’t recognize security as a key component of container deployment.
- Adversaries set sights on supply chains: As recent high-profile attacks have shown this past year, supply chains are very much on adversaries’ radar as a low-hanging attack vector. According to the 2021 CrowdStrike Global Security Attitudes Survey, more than 3 out of every 4 respondents (77%) have suffered a supply chain attack to date, and 84% of respondents are fearful of supply chain becoming one of the biggest cybersecurity threats in the next three years. While supply chain attacks are not necessarily new themselves, the recent rise in these types of attacks has essentially brought the genie out of the bottle. Frankly put, supply chains are vulnerable, and adversaries are actively researching ways to take advantage of this. In 2022, we likely haven’t nearly yet seen the end of these attacks, and the implications for each one are significant for not only the victims but the victims’ customers and partners up and down the chain.
- China ramps up cyber activity against APJ region: Geopolitical tensions continue to sour to an all-time worst between China and other APJ countries, and these tensions have spilled heavily over to the cyber world. China-based threat actors have remained consistently active, targeting healthcare, defense and other industries in APJ countries to support their 14th Five-Year Plan, Belt and Road Initiative (BRI), Made In China 2025, and other economic strategies.
- Zero-day vulnerabilities cause “patch panic”: 2021 was an especially challenging year for customer trust in legacy vendors. This past year, we’ve seen vulnerability after vulnerability exposed, resulting in devastating attacks with no signs of stopping in 2022. For example, 63% of 2021 CrowdStrike Global Security Attitude Survey respondents admitted their organization is losing trust in Microsoft due to increasing attacks on trusted supply chain vendors. Zero-day vulnerabilities in particular will continue to drive legacy vendor security teams into “patch panic” mode as they frantically try to react and respond to these threats. This will inevitably drive a larger wedge between legacy vendors and their customers, as the latter will look elsewhere for solutions that can keep them on the front foot in proactively defending against the latest threats.
Are you planning any major expansion in terms of investments, or business footprints this year?
Over the next 12 months we’re looking to continue our impressive growth in India across all business sizes with a particular focus on the financial services industry, telecommunications and technology, healthcare and pharmaceuticals, manufacturing and the public sector. We’ll see a lot of opportunities around endpoint security, cloud security, identity and threat intelligence. As a partner first organisation, our partner ecosystem will continue to grow delivering significant value to those organisations we work with now and in the future.
Please give an overview of endpoint security – how it works, its benefits and humans role in endpoint security?
Endpoint security, or endpoint protection, is the cybersecurity approach to defending endpoints – such as desktops, laptops, and mobile devices – from malicious activity. According to Gartner, an endpoint protection platform (EPP) is a solution used to “prevent file-based malware attacks, detect malicious activity, and provide the investigation and remediation capabilities needed to respond to dynamic security incidents and alerts.”
An endpoint is any device that connects to the corporate network from outside its firewall such as a laptop, tablet, mobile phone or any sort of IoT device. An endpoint security strategy is essential because every remote endpoint can be the entry point for an attack, and the number of endpoints is only increasing with the rapid pandemic-related shift to remote work.
Endpoint protection solutions offer a centralized management console from which administrators can connect to their enterprise network to monitor, protect, investigate and respond to incidents. This is accomplished by leveraging either an on-premise, hybrid, or cloud approach.
What are the major challenges to endpoint security? Can you detail some common threats in existing workload protection systems?
Protecting against endpoint attacks is challenging because endpoints exist where humans and machines intersect. Businesses struggle to protect their systems without interfering with the legitimate activities of their employees. And while technological solutions can be highly effective, the chances of an employee succumbing to a social engineering attack can be mitigated but never entirely prevented.
Essentially, with the rise of remote working, security teams were faced with the prospect of having to manage an increasing number of endpoints as employees were put in a position where they had to use their own devices for work. Many of these didn’t have the same level of security rigor required. This gave rise to opportunities for adversaries to be able to exploit security vulnerabilities. Identity and credentials theft proved attractive avenues into a network for eCriminals and nation state actors. This coupled with under-resourced and overworked security teams created a situation of significant concern and risk for organisations, all fuelled via the endpoint.
According to the CrowdStrike 2022 Global Threat report:
Nation-State and Criminal Groups Continue to Expand
- Financially motivated eCrime activity continues to dominate the interactive intrusion attempts tracked by CrowdStrike OverWatch. Intrusions attributed to eCrime accounted for nearly half (49%) of all observed activity.
- Iran-based adversaries adopt the use of ransomware as well as “lock-and-leak” disruptive information operations – using ransomware to encrypt target networks and subsequently leak victim information via actor-controlled personas or entities.
- In 2021, China-nexus actors emerged as the leader in vulnerability exploitation and shifted tactics to increasingly targeting internet-facing devices and services like Microsoft Exchange. CrowdStrike Intelligence confirmed China-nexus actor exploitation of 12 vulnerabilities published in 2021.
- Russia-nexus adversary COZY BEAR expands its targeting of IT to cloud service providers in order to exploit trusted relationships and gain access to additional targets through lateral movement. Additionally, FANCY BEAR increases the use of credential-harvesting tactics, including both large-scale scanning techniques and victim-tailored phishing websites.
- The Democratic People’s Republic of Korea (DPRK) targeted cryptocurrency-related entities in an effort to maintain illicit revenue generation during economic disruptions caused by the COVID-19 pandemic.
- eCrime actors — including affiliates of DOPPEL SPIDER and WIZARD SPIDER — adopted Log4Shell as an access vector to enable ransomware operations. State-nexus actors, including NEMESIS KITTEN (Iran) and AQUATIC PANDA (China), were also affiliated with probable Log4Shell exploitation before the end of 2021.
Adversary Tradecraft Becomes More Sophisticated
The report also highlighted the startling growth and impact of targeted ransomware, disruptive operations and an uptick in cloud-related attacks in 2021. Globally:
- CrowdStrike Intelligence observed an 82% increase in ransomware-related data leaks in 2021, with 2,686 attacks as of December 31, 2021, compared to 1,474 in 2020.
- CrowdStrike’s observed 2,721 Big Game Hunting incidents last year.
- CrowdStrike Intelligence saw on average over 50 targeted ransomware events per week.
- Observed ransomware-related demands averaged $6.1 million per ransom, up 36% from 2020.
- Adversaries are increasingly exploiting stolen user credentials and identity to bypass legacy security solutions – of all detections indexed in the fourth quarter of 2021, 62% were malware-free.
What business opportunities does end-to-end security solutions offer to the channel partners?
Stopping breaches is an ever-evolving fight, and a collaborative and coordinated approach is key. The CrowdStrike Falcon platform was built from the ground up to be open and extensible so that CrowdStrike partners can easily expand their solutions in real time. Through the CrowdStrike Elevate Partner Program, partners can further enhance their security offerings and tools to better detect, investigate and respond to security threats, faster and more efficiently. We provide partners with a unique opportunity to bring valuable and innovative security solutions and services to end users.
The CrowdStrike Elevate Partner Program was developed to help partners to grow their own next-generation endpoint protection business. The combination of our partners unique security expertise and CrowdStrike’s differentiated technology and unique partner program maximises growth and mutually increases revenues.
What’s your geographical spread? Any major expansion in the pipeline this year?
CrowdStrike has multiple offices across the globe. We focus on key markets in the Americas, Europe, Middle East, Africa, Asia Pacific and Japan. Our solutions are deployed in over 170 countries globally.
In terms of expansion, Burt Podbere, CrowdStrike’s Chief Financial Officer was quoted in the most recent earnings announcement as saying: “The robust top-line growth and exceptional leverage we generated this year demonstrates the efficiency in our model and enables us to step-up investments in new technologies and international geographies. Our durable platform model and powerful innovation engine have translated into a truly differentiated offering in the market and strong momentum heading into fiscal year 2023. As we continue to capitalize on our unique market position, we firmly believe CrowdStrike’s best days are ahead.”