CrowdStrike - Experts & Thought Leaders

Wipro Limited, a pioneering AI-powered technology services and consulting company, announced an expanded partnership with CrowdStrike to launch Wipro CyberShieldSM MDR, an AI-powered unified managed security service (MSS) that simplifies and strengthens enterprise security operations. CyberShield MDR delivers industry-pioneering capabilities through a modern SOC that provides enhanced visibility, AI-driven automation, and greater efficiency. Security operations across endpoints Organisations now face an overwhelming volume of alerts from siloed security tools that fail to stop adversaries. Fragmented security operations across endpoints, cloud workloads, identity, and data drive complexity, increase costs, and create operational blind spots. Wipro CyberShield MDR, powered by CrowdStrike Falcon® Next-Gen SIEM, addresses these challenges by enhancing threat visibility, simplifying operations, and strengthening resilience against evolving threats. Real-time threat intelligence and AI-powered automation Wipro’s cybersecurity experts will manage and host the services from eight CDCs strategically located around the globe Falcon Next-Gen SIEM combines the native Falcon platform and third-party data with real-time threat intelligence and AI-powered automation to supercharge threat detection and response across the enterprise.  Leveraging Falcon Next-Gen SIEM and Wipro's global ecosystem – along with Wipro Ventures’ portfolio companies Simbian and Tuskira – CyberShield MDR delivers intelligent defense, proactive breach protection, continuous detection, and rapid response to keep organisations resilient and future-ready against AI-driven threats. Wipro’s cybersecurity experts will manage and host the services from eight Cyber Defence Centres (CDCs) strategically located around the globe. CrowdStrike’s AI-native product suites "Wipro’s CyberShield platform, powered by CrowdStrike’s AI-native product suites and strengthened by our security ecosystem, will help enterprises contain threats swiftly and ensure continuity of digital operations," said Tony Buffomante, Senior Vice President & Global Head – Cybersecurity & Risk Services, Wipro Limited.  "This integrated platform approach enables AI automated workflows, prevents lateral threat movement, and eliminates potential security gaps that fragmented solutions often miss." Wipro’s ecosystem of partners “The Falcon platform supercharges Wipro’s CyberShield Managed Security Services to deliver real-time attack detection, faster response and outcomes that stop breaches,” said Daniel Bernard, Chief Business Officer, CrowdStrike. “Together, we’re simplifying operations across Wipro’s ecosystem of partners — reducing costs, accelerating time-to-value and giving customers the confidence to stay ahead of today’s adversaries.” Wipro CyberShieldSM MDR unified MSS will be launched at CrowdStrike Fal.Con 2025.

As cyber threats evolve, securing network access points from attack has become an increasingly difficult task. CrowdStrike reported a boom in initial access attacks observed in 2024, accounting for 52% of observed vulnerabilities and highlighting their appeal as a top target for cyber actors. With breakout times also dropping, IT teams now have even less time to react before serious damage is done.  New standard for proactive protection Endpoints have expanded past purely traditional devices like laptops and smartphones to include IoT devices, remote work setups and more, but with more devices in the network comes larger attack surfaces to exploit. Businesses must ensure they retain a comprehensive overview of their network, including device management and safeguarding capabilities.  “AI holds the key to maintaining visibility over your systems”, says Mark Appleton, Chief Customer Officer for ALSO Cloud UK. “It’s become the new standard for proactive protection.” Traditional security monitoring methods Endpoints have expanded past purely traditional devices like laptops and smartphones Appleton added: “Traditional security monitoring methods are struggling to keep up. Effective cybersecurity is not just about stopping attacks; businesses need the capabilities to understand patterns, anticipate threats and react quickly and efficiently. AI brings a level of visibility and processing power to galvanise your security teams to meet these new threats head-on.” “Endpoint vulnerabilities are increasingly becoming the target of choice for cybercriminals. When devices go without updates or remain unmanaged for long periods, they quickly become outdated, unpatched and susceptible to exploitation. Once reintegrated again, these devices can even become the infected host, spreading viruses to other parts of the network, quickly compromising your entire system." Leveraging AI-generated attacks Appleton added: “Due to AI-boosted attacks, the bar of entry for cyber threat actors is lower than ever, leveraging AI-generated attacks for continuous assault on systems."  "While attackers will exploit your known network vulnerabilities to infiltrate, network security blind spots remain a constant challenge. Additional visibility over your networks has become a necessity, as you can’t afford to have supervision over every part without massive business." Expertise still matters Appleton stresses that AI tools are key to overcoming modern security challenges Appleton stresses that AI tools are key to overcoming modern security challenges, but stresses that SME pioneers and IT operators need to turn to expert guidance to ensure they have the best for their business.  Appleton added: “Whilst AI has boosted the quantity of attacks, this doesn’t mean the sophistication has increased significantly. But there is no doubt that AI has become a game-changer when it comes to securing your network through data analysis and device management visibility capabilities." Top of ongoing cybersecurity threat trends Appleton added: "Through AI-boosted security tools, IT operators gain an advantage where traditional endpoint security methods have fallen short, particularly in real-time threat detection to analyse patterns and detect anomalies." “From initial vulnerability assessments and strategic patching to advanced threat intelligence visibility and integration, businesses need a layered security blueprint that works alongside their business needs. Compromising your operational growth to shore up security vulnerabilities is not the answer, nor one that business pioneers can afford to do when staying relevant in their sectors." "Thus, a security solution that works alongside your business scaling is needed, which means one that can track, and safeguard onboarded endpoint devices, and keep on top of ongoing cybersecurity threat trends.” Example with cyber hygiene Appleton concludes: “MSPs also have a responsibility to minimise ongoing risks by enforcing cyber hygiene practices across not just their clients but their own employees as well. This means providing ongoing training, or even zero-trust access principles, to minimise employee human risk error. Threats won’t wait for your business to be ready, and cybersecurity is a constantly – and, thanks to AI, rapidly – evolving landscape." “As your business scales, you need the reassurance of the best-in-service cybersecurity options and experts protecting your network. Endpoint detection and response, backed by AI-boosted visibility, must be at the heart of your security strategy." "Partnering with the right platform gives access to the training needed to keep on top of cyber threats, and ensuring access to the best endpoint safeguarding and visibility tools.”

Cybersecurity pioneer Rubrik announced Nicole Perlroth, bestselling cybersecurity author and former New York Times lead cybersecurity reporter, has been appointed as Chief Cyber Raconteur. In her advisory role, Perlroth will help strengthen Rubrik’s leadership in the cyber resilience market and drive the company’s reporting on cyber threats. Rubrik Zero Labs reports Perlroth aims to transform broad cybersecurity and cyber resilience topics into easily accessible Perlroth aims to transform broad cybersecurity and cyber resilience topics into easily accessible and understood stories for the general public - from individuals to businesses with her award-winning storytelling. From podcasts to Rubrik Zero Labs reports, Perlroth’s appointment demonstrates Rubrik’s commitment to drive important conversations about the future of cybersecurity, cyber resilience, and the technologies that power and protect the world.  How cyber attacks happen “Nicole is one of the most-informed experts on cyber threats and we are honoured to welcome her to our team," said Bipul Sinha, Rubrik CEO, Chairman and Co-founder. “Her reputation as an expert and storyteller in cybersecurity speaks for itself. We share an urgency and commitment to document when, why, and how cyber attacks happen, and how our industry must work together to be digitally resilient to them.”   How China grew into a major player in the cyber world Nine-part series that unpacks the high-stakes world of digital espionage and sabotage Also now, Rubrik and Perlroth launch a new podcast series - To Catch a Thief: China’s Rise to Cyber Supremacy - about how China grew into a major player in the cyber world. The podcast, hosted by Perlroth, tracks the Chinese hacking threat as it evolved from trade secret theft, to mass surveillance, to a far more alarming phase: embedding in U.S. government agencies, power grids, transportation hubs, and water systems.  To Catch a Thief is a first of its kind: a deeply-reported, nine-part series that unpacks the high-stakes world of digital espionage and sabotage, and sheds light on many stories of Chinese cyberespionage that have remained untold.  Intelligence and cybersecurity experts "I’ve spent more than the last two years reporting for To Catch a Thief, to bring together my firsthand experience witnessing state-sponsored attacks with insights from pioneering intelligence and cybersecurity experts,” said Perlroth. "Listeners will go behind the headlines to understand who’s orchestrating these attacks, how they're executed, and why they matter to all of us. My hope is that we can collectively learn from this story of espionage, IP-theft, geopolitics, and shifting power dynamics to finally do what is necessary to anticipate and root out infiltrations of American businesses– and urgently, our infrastructure.” Expert voices, untold stories To Catch a Thief charts the rise of China’s state-sponsored hackers, from their beginnings as “the most polite, mediocre hackers in cyberspace” to the “apex predator” that now haunts America’s critical infrastructure. It examines the implications of China’s advancements–Volt, Salt, and Silk Typhoons--with an eye on how to navigate state-sponsored cybersecurity risks. The podcast features interviews with top intelligence and cybersecurity experts, including: Kevin Mandia, former CEO of Mandiant, now part of Google, now Ballistic Venture  Dmitri Alperovitch, co-founder and former CTO of CrowdStrike, now Silverado Policy Accelerator Jen Easterly, former Director of CISA, the US Cybersecurity and Infrastructure Security Agency (2021-2025) Heather Adkins, founding member of the Google Security Team  Nate Fick, First U.S. Ambassador of Cyberspace and Digital Policy  Andrew Scott, Associate Director for China Operations at CISA Rob Joyce, former NSA cybersecurity director  Jim Lewis (Center for Strategic and International Studies), an expert in U.S.-sino relations. The nation’s pioneering cyber threat intelligence analysts: John Hultquist (Mandiant, Google), and Steve Stone (Sentinel One, formerly Rubrik) David Barboza, Pulitzer Prize Winner, Former New York Times Shanghai Bureau Chief Senior China advisors at the National Security Council & the Pentagon Top U.S. military officials leading cyberwarfare planning in the Asia-Pacific region To Catch a Thief is available on all major podcast platforms.

A larger proportion of cyberattacks in the first half of 2019 can be attributed to electronic criminals (eCrime adversaries) compared to state-sponsored or unidentified attacks. CrowdStrike, a cybersecurity company that provides the CrowdStrike Falcon endpoint protection platform, observes that 61% of targeted cybersecurity campaigns in the first half of 2019 were sourced from eCrime adversaries, compared to 39% from other sources. Technology was the top vertical market targeted by cyber-attacks in the first half of the year CrowdStrike Falcon Overwatch platform The eCrime portion more than doubled since 2018, reflecting an escalation of criminal players in search of more and larger payouts. The trend is among the information presented in CrowdStrike’s Overwatch 2019 Mid-Year Report: Observations from the Front Lines of Threat Hunting. Falcon OverWatch is the CrowdStrike-managed threat hunting service built on the CrowdStrike Falcon platform. Technology was the top vertical market targeted by cyber-attacks in the first half of the year, followed by telecommunications and non-governmental organisations (including think tanks). Other targets (in decreasing order) were retail, financial, manufacturing, transportation and logistics, gaming, entertainment and engineering. Hospitality disappeared from the list so far this year, although Crowdstrike expects an increase in intrusions aimed at the hospitality industry to put it back in the top 10 by the end of the year. Intrusion adversaries In terms of intrusion adversaries, the top players so far in 2019 are Spiders (eCrime) and Pandas (China). Regarding initial access techniques, the most common remain, in order of prevalence, valid accounts, spear-phishing and exploitation of public-facing applications. 2009 is proving to be an active year with a significant increase in eCrime and the inter-relationships occurring across different groups as they strengthen their organisations, forge alliances and expand their footprint. Need for a proactive security posture Basic hygiene form the foundation for a strong cybersecurity program Many of the techniques used by eCrime actors are easily defensible through strong security products and a proactive security posture, says CrowdStrike, which recommends the following measures to help maintain strong defense in 2019: Be attentive to basic hygiene such as user awareness, asset and vulnerability management, and secure configurations, which form the foundation for a strong cybersecurity program. User awareness programs can combat the continued threat of phishing and related social engineering techniques. Asset management and software inventory ensures that an organisation understands it footprint and exposure. Vulnerability and patch management can verify that known vulnerabilities and insecure configurations are identified, prioritised and remediated. Multifactor authentication (MFA) should be established for all users because today's attackers are adept at accessing and using valid credentials. A robust privilege access management process will limit the damage adversaries can do if they get in and reduce the likelihood of later movement. Implementing password protection prevents disabling or uninstalling endpoint protection that provides critical prevention and visibility for defenders. Countering sophisticated cyber attacks As sophisticated attacks continue to evolve, enterprises face more than a "malware problem" As sophisticated attacks continue to evolve, enterprises face more than a "malware problem." Defenders should look for early warning signs that an attack may be underway, such as code execution, persistence, stealth, command control and lateral movement within a network. Contextual and behavioral analysis, when delivered in real time via machine learning and artificial intelligence, effectively detects and prevents attacks that conventional "defense-in-depth" technologies cannot address. "1-10-60 rule" in combating advanced cyber threats CrowdStrike recommends that organisations pursue a "1-10-60 rule" in order to effectively combat sophisticated cyberthreats. That is, they should seek to detect intrusions in under one minute; to perform a full investigation in under 10 minutes, and to eradicate the adversary from the environment in under 60 minutes. A source at CrowdStrike said "Meeting this challenge requires investment in deep visibility, as well as automated analysis and remediation tools across the enterprise, reducing friction and enabling responders to understand threats and take fast, decisive action."

We live in an information and data-led world, and cybersecurity must remain top-of-mind for any organisation looking to both protect business operation critical assets. Businesses without proper cyber measures allow themselves to be at risk from a huge list of threats - from cybercriminals conducting targeted spear-phishing campaigns - like the 2018 Moscow World Cup vacation rental scam, to nation-state actors looking to collect intelligence for decision makers - no organisation is safe from innovative cyber threats. Security solutions enterprises Organisations can then set the groundwork necessary to stop malicious activity and keep their business’ data safe The evolving threat space means organisations need to ensure they have the most innovative prevention and detection frameworks in order to withstand adversaries using complex and persistent threats. When implementing new security solutions enterprises must start by assuming that there is already a bad actor within their IT environment. With this mindset, organisations can then set the groundwork necessary to stop malicious activity and keep their business’ data safe. As there is no one silver bullet that truly stops all cyberattacks, organisations must adopt a multipronged approach to be widely adopted to stop adversaries. This must include tracking, analysing and pinpointing the motivation of cyber actors to stay one step ahead through global intelligence gathering and proactive threat hunting. In addition, deploying new technologies leveraging the power of the cloud give a holistic view of the continuously evolving threat landscape and thereby secure data more efficiently. Traditional security approach In today’s landscape, the propagation of advanced exploits and easily accessible tools has led to the blurring of tactics between statecraft and tradecraft. Traditional security approaches are no longer viable when it comes to dealing with the latest trends in complex threats. To make defending against these threats even more complicated, adversaries are constantly adapting their tactics, techniques and procedures (TTPs), making use of the best intelligence and tools. CrowdStrike’s latest Global Threat Report tracked the speed of the most notable adversaries including Russian, Chinese, North Korean and Iranian groups. As the adversaries’ TTPs evolve into sophisticated attack vectors defenders need to recognise we are amidst an extreme cyber arms race, where any of the above can become the next creator of a devastating attack. Russian efficiency is particularly high; they can spread through an enterprise network in 18 minutes 48 seconds on average, following the initial cyber-intrusion. Sophisticated cyber weapons Actors tend to use a simple trial and error technique where they test the organisation's network So, reacting to threats in real-time is a priority. Bad actors are extremely vigilant and committed to breaking down an organisation’s defences, and speed is essential to finding the threats before they spread. Actors tend to use a simple trial and error technique where they test the organisation's network, arm themselves with more sophisticated cyber weapons, and attack again until they find a vulnerability. This has highlighted the need for tools that provide teams with full visibility over the entire technology stack in real-time in order to meet these threats head-on. Traditional solutions are scan-based, which means they don’t scale well and can’t give the security teams context around suspicious activity happening on the network. They lack full visibility when a comprehensive approach is needed. Businesses without proper cyber measures allow themselves to be at risk from a huge list of threats - like the 2018 Moscow World Cup vacation rental scam Malicious behaviour Through leveraging the power of the cloud and crowdsourcing data from multiple use cases, security teams can tap into a wealth of intelligence collated from across a vast community. This also includes incorporating threat graph data. Threat graphs log and map out each activity and how they relate to one another, helping organisations to stay ahead of threats and gain visibility into unknowns. Threat graph data in conjunction with incorporating proactive threat hunting into your security stack creates a formidable 360-degree security package. Managed threat hunting teams are security specialists working behind the scenes facing some of the most sophisticated cyber adversaries through hands on keyboard activity. Threat hunters perform quickly to pinpoint anomalies or malicious behaviour on your network and can prioritise threats for SOC teams for faster remediation. In-depth knowledge Security teams need to beat the clock and condense their responseIt is key for security teams to have an in-depth knowledge of the threat climate and key trends being deployed by adversaries. The TTPs used by adversaries leave are vital clues on how organisations can best defend themselves from real-life threats. Intrusion ‘breakout time’ is a key metric tracked at CrowdStrike. This is the time it takes for an intruder to begin moving laterally outside of the initial breach and head to other parts of the network to do damage. Last year, the global average was four hours and 37 minutes. Security teams need to beat the clock and condense their response and ejection of attackers before real damage is done. Next-generation solutions When managing an incident clients need to be put at ease by investigations moving quickly and efficiently to source the root of the issue. Teams need to offer insight and suggest a strategy. This can be achieved by following the simple rule of 1-10-60, where organisations should detect malicious intrusions in under a minute, understand the context and scope of the intrusion in ten minutes, and initiate remediation activities in less than an hour. The most efficient security teams working for modern organisations try to adhere to this rule. As the threat landscape continues to evolve in both complexity and scale, adequate budget and resources behind security teams and solutions will be determining factors as how quickly a business can respond to a cyberattack. To avoid becoming headline news, businesses need to arm themselves with next-generation solutions. Behavioural analytics The solution can then know when to remove an adversary before a breakout occurs Behavioural analytics and machine learning capabilities identify known and unknown threats by analysing unusual behaviour within the network. These have the ability to provide an essential first line of defence, giving security teams a clear overview of their environment. With this at hand, the solution can then know when to remove an adversary before a breakout occurs. Attackers hide in the shadows of a network’s environment, making the vast volume and variety of threats organisations face difficult to track manually. The automation of responses and detection in real-time is a lifeline that organisation cannot live without as adversaries enhance and alter their strategies. Adversaries continue to develop new ways to disrupt organisations, with cybersecurity industry attempting to keep pace, developing new and innovative products to help organisations protect themselves. These technologies empower security teams, automating processes and equipping security teams with the knowledge to respond quickly. Organisations can set themselves up for success by integrating the 1-10-60 rule into their security measures, giving them an effective strategy against the most malicious adversaries.