Académique Documents
Professionnel Documents
Culture Documents
5 REASONS
ENDPOINT
SECURITY MUST
MOVE TO THE
CLOUD
WWW. CROW DSTRIKE. CO M 2 01 5 - 2 0 - C S
The radical shift in the scale and economics of
cybercrime calls for an equally radical change
in how IT protects user systems. Whether it is
from phishing attempts, drive-by-downloads, or
malware-free intrusion techniques, endpoints are
usually at the spear tip of assaults on enterprise
networks.
THEY TEST ATTACK they find all the ways they can bypass these technologies.
These adversaries are able to run dozens or hundreds of mock
STRATEGIES attacks in their labs without anyone knowing what they're doing.
From there, that information turns into a blueprint to execute
attacks in the real world.
Before we even get to the obvious Cloud benefits of
Fundamentally, every single on-premise technology will fail in
agility, elasticity and affordability, let's talk about the
response to that type of attack, because if someone has unlimited
elephant in the room. Today's attackers are working time and resources to find a vulnerability, chances are that they
with some seriously deep pockets. will ultimately find it.
The most prolific and effective attacks today are bankrolled The Cloud disrupts this attack model. With a Cloud security
either by nation-states seeking to gain information to fuel their solution the adversaries may be able to acquire the endpoint
commercial and political interests, or by well-funded and organized sensor software, but when they install it in the lab and run mock
criminal groups that have made an art of making money from attacks, the security provider can see every single attack. It's
cybercrime. In both cases, these adversaries are putting their possible, then, to observe the attackers' tactics before they're
money where their mouths are and investing in the future success ever launched in the wild. The first time they run an attack, it's
of their attacks. recorded, analyzed and shared with sensors on every defenders’
machine, preventing that attack from being used again.
In order to ensure they take the right tack, these attackers are
buying up traditional security system software, network boxes and In this way the Cloud model changes the fundamental
any other on-premises solutions they can get their hands on to offensive-defensive asymmetry and flips the advantage from
figure out how they tick. By recreating mock networks and the attackers to the defenders.
#2
this may improve the efficacy of reacting to known threats and
malware, it does not utilize the Cloud’s ability to support real-time,
behavioral analysis and response to address previously
EVERY ATTACK
unknown threats.
SENSITIVE CUSTOMER connection activity, etc.) and, to the extent possible, ignoring
potentially sensitive data residing on the endpoint.
The obvious answer was to create a new security architecture Recent data collected by CrowdStrike’s Incident Response Services
based entirely on the Cloud. team indicates that on average, adversaries targeting specific
organizations attempt to reinfect the networks within two days of
Moving to the Cloud provided CrowdStrike with a number of initial remediation. This underscores the requirement for continuous
distinct advantages over conventional on-premise defense prevention and protection against advanced persistent threats. This
architectures, including: level of integrated end-to-end, around-the-clock detection, prevention
and response -- delivered in real-time via a single unified platform
CONTINUOUS REAL-TIME DETECTION, PREVENTION AND RESPONSE. and “all-in-one” user interface -- is made possible by CrowdStrike
What enterprise organizations want is fast and unobstructed Falcon next-generation endpoint security platform, which was
visibility across all their endpoints, allowing them to continuously engineered specifically to take advantage of scalable Cloud-based
detect and prevent sophisticated attacks in real time and block architecture.
THE ABILITY TO SUSTAIN A MASSIVE THREAT GRAPH IN
THE CLOUD -- and conceal it from bad actors. The CrowdStrike
Cloud analyzes incoming real-time data on a massive scale,
crowdsourcing billions of endpoint events as they occur across
the global CrowdStrike community. This stream of real-time threat
information drives CrowdStrike’s organic Threat Graph, dynamically
scrutinizing event-based data to detect anomalous behavior based
on Indicators of Attack (IOAs). Unlike systems that rely solely on
Indicators of Compromise (IOCs), which appear only after a breach
has already occurred, IOAs are effective regardless of whether
malware is present. This allows customers to detect and prevent
attacks while they are still in progress, before data is exfiltrated.
By analyzing all this data at scale in its Threat Graph, CrowdStrike
keeps its threat intelligence and processes safe from the prying eyes
of potential attackers, unlike traditional on-premise architectures
which are easily obtained by adversaries
to exploit weaknesses.
CLOUD
security and IT teams wanted was to deploy another heavyweight
client to the endpoint. The new architecture allowed them to spread
ADVANTAGE the load between the client and the Cloud – with the Cloud taking
on the heavy lifting, as needed, in the background. The resulting
(CONT'D) endpoint client is both nimble and discreet -- and at the same time,
powerful enough to offer detection and prevention directly at the
endpoint level. This singular ability to provide customers with both
detection and prevention capabilities via an integrated Cloud
and sensor model is unique to CrowdStrike.
CrowdStrike’s sensor provides superior monitoring and reporting
capabilities, transmitting event-related data to the Cloud in real
time, and its clever design accomplishes all this without burdening
the endpoint or disrupting the end user. CrowdStrike's unique
lightweight sensor and Cloud architecture ensures complete and
detailed oversight of everything that is happening on the endpoints
in real time, and offers sustained vigilance over long periods of time.
In this way, the system instantly identifies threats that conventional
platforms can't see, and provides a complete and searchable
forensic record of endpoint events as they occur, at any point in
time. The lightweight sensor also is highly scalable, and when
needed, can be deployed to hundreds of thousands of endpoints in
a matter of hours, not days, weeks or months.
(CONT'D)
LEVERAGE THE ‘POWER OF THE CROWD’. Another unique value
of CrowdStrike bringing security to the Cloud is the `community
immunity’ that the model affords, where endpoints around the globe
are contributing to a shared knowledge base of real-time threat
information. This approach provides complete oversight
for all endpoints and in doing so, gives the attackers no
place to hide. And while aggregated threat intelligence
feeds into constant security refinements, CrowdStrike
never accesses or stores sensitive customer data. All of
this adds up to an intelligent and safe security Cloud,
correlating billions of events and petabytes of data in real
time without ever putting customer data at risk.
(CONT'D)
keep pace with changes within their business and with
the unpredictable threat landscape.
IN As organizations grow and become more distributed,
adding more endpoints across the enterprise, they
SUMMARY provide an increasingly broad attack surface for
sophisticated adversaries targeting their data and IT
infrastructure. The success of such attacks has been
well documented in recent years, showing the inherent
vulnerabilities in conventional on-premise, network-
and malware-centric defenses.
W W W.C R OW D S T R I K E .C O M | @ C R OW S T R I K E