Weekly Update

CrowdStrike uses big data techniques to fight cybercrime

Current security technologies and practices are broken and cyber criminals are making hay. It’s time to move away from the whack-a-mole model of fighting cybercrime and towards a collaborative, proactive strike approach, according to newly funded security startup, CloudStrike.

The active defense or strike back approach is not new, but it’s gaining traction as more and more corporations are being hacked. It was used by intelligence agencies first, but is making its way into enterprises as they realize anti-virus and perimeter defense systems are outdated and useless against modern attacks.

Still in stealth mode, CrowdStrike said its new product uses big data technologies to address targeted attacks using a defensive approach that could expose adversaries before companies are infiltrated. It wasn’t ready to spill the beans on the details of its technology yet.

CrowdStrike is led by George Kurtz, the former CEO of Foundstone and CTO of McAfee as well as Dmitri Alperovitch who was vice president of threat research at McAfee. The company has received $26 million in Series A investment from Warburg Pincus.

Alperovitch said organizations must train themselves to think proactively. Most are focused on playing defense – and defense by nature tends to be a response driven approach. Something bad happens and we do something about it – if we are there in time. Meanwhile, proactively looking at security requires intelligence – using intelligence to understand not only where the adversary is today but where he has been and what his objectives are. Understanding the adversaries intent will allow companies to determine where the enemy wants to be, and they can use this information in creative ways, the company claims.

To this end CrowdStrike focuses on incorporating intelligence collection and analysis into its work. The more intelligence we have, the better positioned we will be to defend against adversaries, goes the thinking.

Right now the company is mostly a services and consulting business, advising enterprises on how to develop strike back techniques. It also recently released CrowdRE, an open source project that aims to make it easier for developers to reverse engineer complex applications by working collaboratively with other users.

Developers had mixed reactions to CrowdRE. Most seemed to think that associating their identity alongside a commit of some possibly patented code that they reverse engineered might be grounds for a lawsuit.

It’s a fair point. CrowdStrike’s active defense approach and CrowdRE project appear to encourage illegal practices. But I suspect these approaches will quickly become commonplace and legitimate as U.S. businesses are permitted do everything in their power to protect their intellectual property, and revenue, from criminals.

Question of the week

Is the strike back approach to security legal?