Sophisticated attacks go undetected with traditional security solutions: CrowdStrike

Speaking at IDG Security Day & CSO 100 Awards 2018, Ramanand Kambli and Satbir Singh from CrowdStrike highlighted how attacks are getting sophisticated, and how enterprises can address all security challenges with their cloud-based offering. 

According to a study by Ponemon Institute, 77 percent of successful attacks use fileless techniques. The study tells that fileless attacks are ten times more likely to succeed when compared to other techniques using malicious file-based attacks. The evolution of malicious attacks which do not contain any malware code is a big threat to enterprises, both in India and at the global level. At IDG Security Day & CSO100 Awards, CrowdStrike's Regional Director, India & SAARC, Ramanand Kambli spoke about the this changing nature of cyber-attacks and how his company aims to address advanced security challenges.

Watch Ramanand Kambli and Satbir Singh address India's top-notch security heads at the IDG Security Day & CSO100 Awards. Prefer to read the edited excerpts? Read on.

"We believe that it's not going to be the signatures alone that can help prevent malware attacks. There is a whole intelligence system that we have developed which profiles the attackers, the various type of techniques they use, their geographies, etc. All that intelligence combines back into one sensor which then integrates back at the enterprise level product," stated Kambli. 

77 percent of successful attacks use fileless techniques. Fileless attacks are ten times more likely to succeed than malicious file-based attacks.

–Ponemon Institute

Citing Verizon Data Breach Investigations Report (DBIR), Kambli said that the nature of malware is changing. Only 40 percent of today's attacks contain malware and the sophisticated attacks have all been non-malware. Sponsored and organized by nation states, such attacks can impact billions of devices without any knowledge of its users. "A small firmware company which puts in firmware on mobile devices in India could have a Chinese actor sitting with it, trying to plan some attack because once it succeeds, it impacts millions of devices. The door is always open," said Kambli.

"When you look at a basic AV, it looks into the various files and tell which are good and which are bad. In the breaches that have happened in the last 2 years, the majority did not contain any malware. What our agent does is that it not only detects and remediates such events, it also tells you the severity of the attack, its objective from the attacker's perspective and the technique used,"  said Satbir Singh, Technology Lead for CrowdStrike India & SAARC.

The cloud-based agent from CrowdStrike gathers data from all resources in a network and analyzes it using machine learning capabilities. Once the network telemetry data is analyzed on the cloud, it identifies and remediates vulnerabilities on its own.

Only 40 percent of today's attacks contain malware and the sophisticated attacks have all been non-malware.

–Verizon Data Breach Investigations Report (DBIR)

Kambli stated that organizations today do not need to waste money on multiple agents when they can use the Falcon agent from CrowdStrike for managing multiple security-related activities in real time. "The problem is that everytime you need a security solution, there is an agent that goes with it. You may at look at HIPS, AVs, whitelisting, forensics, etc. What we are trying to do is deploy a single agent, which is only 25 MB, for all end points in a network, be it a desktops, laptop or a server. The agent uses machine learning and AI for automated detection and there is no need to manually update the signatures."

CrowdStrike is a repository of 540 TB of intelligence related to malware. According to Kambli, whenever there is an identified security threat, all related information such as its geography, industry, IP, objective of the attack, etc. are recorded and shared with the users. CrowdStrike's global threat intelligence keeps updating its repository to identify adversaries in real time, no matter where they are located. "We have our own threat hunting service, which is called Falcon Overwatch under which we analyze the telemetry and proactively tell the users about security threats. When an incident is detected, there is no need to send the log and try to get a signature from the existing vendors," said Kambli. 

Expanding on the details of the Falcon agent, Satbir Singh explained that with help from a single management console and sensor, all the security functions can be managed. "The management console will give the users all the capabilities from the Incident Response (IR) perspective to do forensics and respond real-time. Similarly, IT hygiene and threat intelligence can be managed with the same console," stated Singh, addressing India's top security heads at the event.