George Kurtz, CEO and co-founder of CrowdStrike, highlighted a critical challenge during his RSA keynote earlier this week: the need for security operations to adapt and outpace adversaries.
Kurtz began by reiterating that his primary mission is to stop breaches. That mission, however, is increasingly challenging because adversaries are getting faster.
He emphasized the urgency with a startling statistic: the fastest “breakout time” recorded by CrowdStrike last year was a mere two minutes and seven seconds. This refers to the time it takes for an attacker to move laterally within a network after the initial breach. The fact underscores the daunting task defenders face as they race against time to detect and mitigate threats.
The Data Paradox And Legacy Systems
Kurtz identified the core of modern security challenges as a data problem. He stated, “It’s one of the reasons why I started CrowdStrike and why I created the architecture that we have.”
The sheer volume of data that security operations centers must sift through to detect threats is overwhelming, compounded by the inefficiencies of legacy Security Information and Event Management systems.
These systems, which were revolutionary in 2005, now struggle with the “data paradox” — the conflict between the desire to collect extensive data and the prohibitive costs and complexities associated with it. This situation often forces organizations to make decisions based on financial constraints rather than security imperatives, ultimately hindering their ability to respond to threats effectively.
He also stressed that legacy SIEM solutions are incapable of matching the speed of today’s adversaries and—most importantly—that even a finely tuned SIEM doesn’t actually stop a breach.
The Evolution Toward Next-Gen SIEM
Addressing these challenges requires a radical transformation in the way security data is managed and utilized.
Kurtz introduced the concept of Next-Gen SIEM. According to Kurtz, the Next-Gen SIEM integrates more closely with security platforms where SOC teams conduct most of their investigative work. This approach aims to resolve the data paradox by optimizing the way data is ingested, processed, and stored, thus reducing costs and enhancing efficiency.
The Fusion Of Data And AI Automation
A pivotal aspect of Next-Gen SIEM is its use of AI to automate tasks traditionally performed manually by SOC analysts, such as data normalization and analysis. This automation not only speeds up response times but also enhances the accuracy of threat detection and incident response.
By automating the ingestion and normalization of data, Next-Gen SIEM allows security teams to focus on higher-level strategies and threat mitigation rather than getting bogged down in data management.
Embracing The AI-Native SOC
Kurtz passionately outlined his vision for an AI-native SOC, which leverages machine learning and AI to transform security operations fundamentally.
Built on the Next-Gen SIEM concept, this advanced system is designed to predict and respond to threats in real time, offer predictive insights into potential attack paths, and automate response actions, thus significantly compressing event response times.
“It will drive an automated response, isolating a system, taking it offline, patching, remediating—those sorts of things,” declared Kurtz. “So the whole idea is, how do you compress and bend time in security? This is one of the key ways.”
Predictive Security And Adaptive Posture
The AI-native SOC goes beyond reactive security measures by incorporating predictive analytics to anticipate threats and suggest proactive security measures. Kurtz described how an AI-native SOC will expose predictive attack paths and enable SOC analysts to ask things like, “Based on this exposure, show me the attack path of the adversary. Show us how they’ll get in.”
This capability enables organizations to adapt their security posture based on dynamic threat assessments and real-time data analysis. It represents a shift from traditional, static security approaches to a more dynamic, adaptive framework that evolves as new threats emerge.
A Call To Action For Future-Ready Security
Kurtz’s keynote was a call to action for the industry to evolve and embrace AI-driven technologies.
The integration of AI into security operations is not merely an enhancement but a necessity to deal with the scale and sophistication of modern cyber threats. As we look toward the future, the success of our digital defenses will hinge on our ability to seamlessly integrate advanced technologies into our security infrastructure, ensuring that SOC teams can thwart even the most sophisticated attacks swiftly and effectively.
By advocating for an innovative approach that combines people, processes, data, and cutting-edge technology, Kurtz’s vision for an AI-native SOC sets a new standard in the quest to outsmart and outpace cyber adversaries, ensuring a more secure digital world.
Of course, it also doubles down on CrowdStrike’s primary mission to stop breaches.