
Cloud-based Security: Future of the Industry?


Dmitri Alperovitch, Co Founder CTO, CrowdStrike, Dmitri Alperovitch is the Co-Founder and CTO of CrowdStrike Inc., leading its Intelligence, Technology and CrowdStrike Labs teams. Prior to founding C... More >>
“Having a cloud-based architecture will allow organizations to instantly crowdsource adversary tradecraft intelligence in real-time and co-relate it with historical data”
The argument he makes is a very important one and actually applies to any on-premise security technology. And, the most prolific attacks today are often bankrolled by nation-states seeking to gain intelligence for commercial or political interests, or by well-funded criminal groups. With the resources that an intelligence agency can devote to setting up cutout entities to conduct covert purchases or even interdict equipment during shipping, you simply have to assume that any openly available software or hardware-based security technology can be acquired by a sophisticated adversary. Then, once the product is procured by an adversary or intelligence organization, one must assume that they have deployed the equipment in their labs and that significant resources have been expended on breaking it. With simple reverse-engineering processes, adversaries are able to find every way possible to bypass the technologies–without getting caught or, often times, without leaving a trace. Because of this, every single on-premise technology is set to fail in the face of advanced and well-resourced attackers. If an adversary has unlimited time and resources to find a vulnerability, they will. And, they’ll probably find the best way in.
When it comes down to it, there are only two real options for responding to cyber threats in today’s landscape.
The first option is to try to build your own security tools (and not share them with anyone, of course) and hope that an adversary has not been able to acquire your custom-built solution from your network. This is the option that Alex advocates but unfortunately, few organizations have the resources and capabilities of large organizations such as Yahoo or Facebook to have their own security technology engineering teams. It’s simply not a realistic option for the vast majority of companies out there due to the heavy time investment, expense, and talent scarcity.
The alternative option is to leverage a cloud-based security technology which can record every execution event in real-time and transmit it to the cloud where an adversary can’t easily destroy it without getting caught. This way, as we now have to assume, if a hacker manages to procure a copy of the software utilized in the cloud implementation, they cannot realistically test it offline in their lab. In fact, if they run tests on cloud-based security technology, they will immediately reveal all of their tradecraft–enabling the organization to trigger immediate investigation, protect any vulnerability they may have discovered and prepare accordingly. At the same time if the hacker chooses to disconnect the software completely from the cloud, they won’t know how their attack will truly perform in the real world where you have to deal with the reality of a cloud connection. (Terminating the connection as a first step of an attack is also problematic as the effects of that are also observable in the cloud and can trigger immediate investigation and action).
Ultimately, what organizations need in the face of the diminishing effectiveness of anti-virus technologies is the ability to learn and adapt from every attack an adversary attempts against the technology–no matter the infiltration method. Having a cloud-based architecture will allow organizations to instantly crowd source adversary tradecraft intelligence in real-time and co-relate it with historical data.
Today’s threat landscape is dynamic and sophisticated. Attack techniques are ever changing–becoming faster, stealthier and more successful against traditional security methods. The lesson that companies across the globe can glean is the need to change the way they approach security. Turning to the cloud drives the advantage back to the defender.
ON THE DECK
Featured Vendors
THETA432: Performance, Precision, Efficiency, Visibility - The Key to Incident Response and Answer to the Talent Shortage
EveryCloud Technologies: Delivering Powerful Email Filtering Services" title="Graham O'Reilly, CEO & Co-Founder" style="float:left; margin-right:10px; margin-bottom:20px;" width="60px" height="50px">
EveryCloud Technologies: Delivering Powerful Email Filtering Services
Onepath: A Responsive Info-Security Management Framework – the easier way to dramatically improve your overall info-security posture
Covenant Security Solutions, Inc.: Revolutionary Solutions to Mitigate Security and Compliance Risks
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
Tech Continues To Transform The Broker’s Universe
How Digital Innovation Is Transforming Real Estate
Significance Of Flexible Leadership In Real Estate Business
Innovating The Single-Family Leasing Industry To Simplify The Home
How Technology Fuels The Future Of Work
Digital Transformation & Innovation
