TechBytes with Michael Sentonas, CTO at CrowdStrike
Hi Mike, COVID is a wrecker. How has it impacted your business?
70% of CrowdStrike’s workforce is remote during normal times so we are not skipping a beat. We were purpose-built to be remote-first from the beginning, over eight years ago, so all systems and tools are in place to support remote work running smoothly at scale.
However, that’s definitely not been the case with every business. As organizations have been forced to have employees work remotely in order to avoid spreading COVID-19, significant cybersecurity challenges have been introduced. Many businesses have to resort to having employees use personal devices that often don’t have the right security controls and can introduce serious risks to the corporate network. This is why we launched two special offerings — Burst licensing and Falcon for Home — to seamlessly enable organizations to remotely deploy, manage and protect their workloads at scale, irrespective of where their employees are located.
How do you cope with it?
To help organizations cope with these new and unexpected developments, CrowdStrike has introduced a pair of new programs to help organizations effectively and efficiently deal with the sudden burst in remote workers and avoid any unnecessary business interruptions.
For corporate-owned devices, CrowdStrike is now offering a Burst Licensing promotion that is designed to ensure that CrowdStrike’s customers are able to remain nimble and rapidly deploy new systems for remote workers as needed, without the risk of becoming hindered by their existing license structure.
For employee-owned devices, CrowdStrike is introducing Falcon for Home, allowing organizations to provide their employees with a low-cost option for securing their personal Windows devices, without impacting performance.
By and large, CrowdStrike recommends adopting a strong defensive posture by ensuring strong endpoint protection, a security plan for BYOD policies, cyber hygiene such as multi-factor authentication solutions, and by providing security awareness for employees working from home.
From a cybersecurity standpoint, how are start-ups and emerging SMBs being affected during this time? How can they continue to secure themselves from COVID-19 threats?
It’s clear that the COVID-19 crisis will be with us for a while and the impact will be felt for many years. We observed lures being used by threat actors as early as January, and we’ve since seen an increase in the number of adversaries leveraging the public’s fear to carry out attacks. Small businesses own many assets that are of great interest to cybercriminals, including money, intellectual property (IP), customer data and access. All businesses must remain aware of potential cyber threats they face during this transition to alternative business continuity plans. A proactive approach to cybersecurity will greatly improve the overall maturity and resiliency of an organization.
CrowdStrike recommends organizations implement a strong defensive posture through security policies that support a remote workforce and enhance the organization’s ability to detect and respond to threats. Our recommendation is to follow the 1-10-60 rule whereby organizations should detect intrusions in under a minute, investigate in ten minutes, and remediate in less than an hour. Adherence to this rule goes a long way in mitigating the damage of potential intrusions.
Crisis management and incident response plans must also be executable through remote policies already in place. These, along with an increase in the use of nimble Cloud technology, regularly configuring and patching devices, and continued security awareness training are critical strategies during COVID-19. Training and testing are essential pieces of a response strategy as employees are often the front lines of defense and key in thwarting cyberattacks.
eCriminals and nation-states are using Coronavirus as a bait to lure visitors. What kind of threats are these?
Threat actors are always most active when there is a large news story to leverage as bait. In the case of COVID-19, threat actors are looking to seize the opportunity to capture the attention of a global audience. By using lures connected to the pandemic, they are capitalizing on the public’s fear and hunger for information to launch their attacks. CrowdStrike has seen an increase of COVID-19 themed scams and financially motivated attacks as the disease has continued to spread.
Primarily, CrowdStrike has observed threat actors using social engineering tactics such as phishing, email scams, vishing, and even disinformation campaigns from nation-state actors. Targeting follows fear or greed. Everyone is scared of COVID-19 and will likely take more risks than usual to get access to information – and threat actors are exploiting this desperation.
Which organizations are manifesting the online threats around Coronavirus? How does CrowdStrike prepare businesses to fight these rogue forces?
CrowdStrike Intelligence has observed spear-phishing campaigns from China and DPRK in multiple languages, using multiple attachment types and differing breadth and depths of COVID-19 information. We have also observed eCriminal groups using COVID-19 lures to launch ransomware attacks, and utilizing such tactics as scam emails impersonating the World Health Organization requesting Bitcoin donations to the COVID-19 Solidarity Response Fund—the name of a legitimate fund created by the WHO.
CrowdStrike is helping businesses secure their employees against such threat activity with its Cloud-native Falcon platform that delivers next-generation AV, endpoint detection and response (EDR), managed threat hunting, IT hygiene, threat intelligence, and vulnerability management all via a lightweight agent.
Falcon requires no hardware and is easily deployed and managed remotely. We are also offering customers the special Burst licensing and Falcon for Home programs I mentioned earlier to help them quickly adapt and secure their newly remote workforces and the personal devices that employees may be using as they work from home.
How are you coordinating work management with your CHRO/ Peoples Officer and respective Team Leaders in response to COVID-19?
First and foremost, is the safety of our employees. Our leadership has taken the necessary precautions to make sure that during this unprecedented experience our employees are able to successfully work from home. We have also been sure to communicate any updates on a timely basis to our global workforce.
Fortunately, CrowdStrike was built from its start in 2011 to be a remote-friendly company, so this has made the transition much easier. Our corporate leaders are well versed in managing a distributed workforce and our teams are well equipped with the necessary tools to guarantee fluid communications and seamless project management. As a Native-Cloud company ourselves, we have embraced Cloud applications to meet the needs of our global workforce.
Hear it from the Pro – How do you leverage Marketing tools and technologies to deliver Event Experiences?
As the pandemic escalated and security teams began grappling with rapidly evolving requirements, we felt it was important to quickly provide guidance and recommendations based on our experience. Therefore, we’ve ramped up our webcasts and blogs – with subject matter experts hosting weekly sessions on topics such as securing remote workers, COVID-19 threat intelligence briefings, how to best navigate data protection requirements, remote incident response and more. The Marketing team has compiled all of our new content in a new resource hub dedicated to these topics.
In addition to content, webcasts, and blogs, our field and event marketing teams have supported a rapid shift to virtual roundtables and events, giving our customers, partners and prospects on-demand experiences that are comparable to live events. They are leveraging executives like myself who are more available than ever to support them, based on all of our canceled travel. We hope that these efforts provide some help to organizations in this time of uncertainty.
Sixth sense: The Future of Event Marketing – Your take on the reengineering of Customer relationships models based on AI, CDPs, Voice, bots and numerous other tech applications!
Customer relationships are of the utmost importance at CrowdStrike. While we utilize many tools as part of our customer program, no program is equal to that of the 100 Customers in 100 Days that our CEO, George Kurtz, started right after our IPO last June and includes meetings with customers to demonstrate our dedication to their success.
He completed the first 100 Customers in 100 Days in late summer and is embarking on a second round now, which will be virtual.
What are your thoughts and experiences with GDPR, CCPA, and other data privacy regulations? How do consumer data privacy laws affect your business?
The CrowdStrike Falcon platform is designed to be a data protection compliance asset by empowering customers to stop breaches with state-of-the-art technologies while incorporating transparency, proportionality, portability, and data minimization principles to meet GDPR and CCPA standards.
Mike Sentonas is the Chief Technology Officer at CrowdStrike. Previously, he served as Vice President, Technology Strategy at CrowdStrike. With over 20 years’ experience in cybersecurity, Mike’s most recent roles prior to joining CrowdStrike were Chief Technology Officer – Security Connected and Chief Technology and Strategy Officer APAC, both at McAfee (formerly Intel Security). Mike is an active public speaker on security issues and provides advice to government and business communities on global and local cybersecurity threats.
He is highly sought after to provide insights into security issues and solutions by the media including television, technology trade publications, and technology-centric websites. Michael has spoken around the world at numerous sales conferences, customer and non-customer conferences and contributes to various government and industry associations’ initiatives on security. Michael holds a bachelor’s degree in computer science from Edith Cowan University, Western Australia and has an Australian Government security clearance.
CrowdStrike is the leader in cloud-delivered next-generation endpoint protection. CrowdStrike has revolutionized endpoint protection by being the first and only company to unify next-generation antivirus (AV), endpoint detection and response (EDR), and a 24/7 managed hunting service — all delivered via a single lightweight agent.
Many of the world’s largest organizations already put their trust in CrowdStrike, including three of the 10 largest global companies by revenue, five of the 10 largest financial institutions, three of the top 10 health care providers, and three of the top 10 energy companies.