The zero-trust concept boosts protection by deploying least-privilege access at endpoints, eliminating assumed trust.
By deploying a substantial library centered on indicators of attack, CrowdStrike Inc. boosts threat hunting across the cloud. This becomes a reality through a zero-trust narrative that makes anomalies or anomalous behavior visible, according to Geoff Swaine (pictured), global vice president of cloud and tech ecosystems and program strategy at CrowdStrike.
“By looking at the holistic attack, the whole process of it, and having that sort of fingerprint of what that may look like and combining that with our knowledge of bad actors, our intelligence in the field, we’ve got a very good view on what may happen there,” he stated. “So we have a zero-trust narrative that talks about how it works with Okta and also Zscaler.”
Swaine spoke with theCUBE industry analyst Dave Vellante at AWS re:Inforce, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the AWS-CrowdStrike partnership and how CrowdStrike utilizes the zero-trust concept to propel threat detection. (* Disclosure below.)
Endpoints are crown jewels
Indicators of attack play an instrumental role in showing what is happening within cloud environments, which enhances enterprise protection. Furthermore, endpoints are rich in information, according to Swaine.
“Indicators of attack are looking at the potential for attack and whether that specific piece of telemetry in conjunction with others makes the attack more likely,” he said. “I still think that the visibility that you see from the endpoint is where the crown jewels are; still, it’s where the data is, and that’s why CrowdStrike is a unique proposition in that space.”
By incorporating more incremental products into the cloud space, CrowdStrike seeks to render more visibility for optimal protection, according to Swaine. As a result, threat hunting is taken a notch higher.
“One, that’s very much focused on adding better visibility inside containers in our CNAPP product, and another area around how we do our threat hunting across the cloud,” he noted. “So we have a team of threat hunters, global best practice engineers who hunt right across our customers’ environments. So that’s been included in our OverWatch threat hunting.”
Since Amazon Web Services Inc. is naturally inclined toward innovation, Swaine believes this plays a pivotal role in increasing productivity. Moreover, the AWS ecosystem encourages more collaboration.
“AWS has a fantastic role, especially through the Marketplace — the ability to coordinate our transactions and help us work together from a transactional basis and help the customer procure the right solutions,” he said.
Through the Cloud Security Alliance, CrowdStrike is working with other players to ensure that zero trust is standardized. The company’s partnership with Okta is also propelled by zero trust.
“We have an alliance through the Cloud Security Alliance where we’re working to build practitioner guides, build a community of value across the different products to bring zero trust into some standardization — reference architectures and some standardized training that brings all of our products together for the user,” Swaine stated.
With the cloud becoming more prominent, the CISO’s role will continue to advance. This is because the volume of threats is anticipated to surge, Swaine added.
“The CISO needs to evolve to being directly responsible to the board; this is something that we’ve all said for many years,” he explained. “So the CISO’s role is now not just on what products and how to use them to best defend, but also what products and services are available.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the AWS re:Inforce event:
(* Disclosure: This is an unsponsored editorial segment. However, theCUBE is a paid media partner for AWS re:Inforce. Amazon Web Services Inc. and other sponsors of theCUBE’s event coverage have no editorial control over content on theCUBE or SiliconANGLE.)