When it comes to IT security, there are a lot of marketing pitches out there offering bullish assessments of certain technologies, and, of course, the particular products being pitched. Really, there’s nothing wrong with marketers doing their jobs, and it’s especially useful when this information leads to learning about emerging technologies and innovative products with a great deal of potential. But it’s also nice to get some security straight talk.
Frankly, so much noise concerning security products and innovation can be a liability because it’s just more information to process. There’s a real need for a clear-eyed, big-picture assessment of the current IT security landscape. This includes providing a sense of the big threats and what can be done to mitigate them both on the macro and micro level.
On this episode of IT Visionaries, Jim Alkove, the Chief Trust Officer at Salesforce, and George Kurtz, the President/CEO and co-founder of CrowdStrike, offer a straightforward analysis of current security risks and solutions. They also discuss promising technologies and companies that are providing value in the security space. Enjoy the episode!
Main Takeaways
- Current Threats and Strategic Solutions: Big threats to businesses are coming from state actors performing espionage. Additionally, criminals have begun to use state sponsored attack techniques in order to hold companies’ data hostage. On a macro level, governments need to come together to agree that these sort of state sponsored attacks are unacceptable. Companies can also shore up their endpoints and maintain basic security protocols to reduce threats regardless of where they come from.
- Cloud Use: Although there are some legacy companies still slow to change to the cloud out of concerns that they may disrupt their old systems, there is a certain inevitability in companies moving to the cloud. Even more importantly, cloud-backed companies, that have put time in the space, will have greater opportunities as more companies move to the cloud,
- Technologies Making Security Easier: A.I. can help with anomaly detection, access management, and by reducing the quantity of human talent required. Though some marketing may suggest otherwise, A.I. and automation that is proactive to reduce threats is still in a more aspirational phase.
Article Notes
When it comes to IT security, there are a lot of marketing pitches out there offering bullish assessments of certain technologies, and, of course, the particular products being pitched. Really, there’s nothing wrong with marketers doing their jobs, and it’s especially useful when this information leads to learning about emerging technologies and innovative products with a great deal of potential. But it’s also nice to get some security straight talk.
Frankly, so much noise concerning security products and innovation can be a liability because it’s just more information to process. There’s a real need for a clear-eyed, big-picture assessment of the current IT security landscape. This includes providing a sense of the big threats and what can be done to mitigate them both on the macro and micro level.
On a recent episode of IT Visionaries, Jim Alkove, the Chief Trust Officer at Salesforce, and George Kurtz, the President/CEO and co-founder of CrowdStrike, offered a straightforward analysis of current security risks and solutions. They also discussed promising technologies and companies that are providing value in the security space.
Alkove and Kurtz both weighed in about the security threats that they find concerning.
“The really troubling trend that we’re seeing is that commercial entities are now being used as part of attacks in the nation state espionage game,” Alkove said. “This is where I think we need to re-establish cyber norms among governments around the world. There needs to be things that are off limits and this, to me, is one of them. With the most recent supply chain attacks that you see, I think that’s the really troubling trend.”
Kurtz explained how CrowdStrike categorizes bad actors.
“Just to kind of break it down, to make it a little bit easier to digest, we look at these adversaries and we take an adversary view at CrowdStrike into three buckets,” Kurtz said. “The first one being nation state, the second one being e-crime, and the third being hacktivism. And if we look at the nation state activities, [they are] incredibly sophisticated… And what Jim is referring to is supply chain attacks where a nation state has the time, they have the money, they have the inclination to wait a few years to be able to get into a company, to be patient, to get into source code, to let it build, to wait another year just so nobody realizes there was a change, and then execute something like the SUNBURST activity that we saw late last year.”
What concerns Kurtz more recently is that typical criminals are now using strategies often associated with espionage from nation states.
“But now this has really moved to big game hunting where you want to get into a company and you want to be able to deploy your malware everywhere,” Kurtz said. “But before you do that, you’re actually going to steal the data and you’re going to put the data aside. And when you encrypt that computer or computers or network, you’re basically going to say, ‘Pay us the ransom,’ right? And if you say, ‘Hey, no problem. We’ve got backups. Go away.’ They basically just take your data and move it to a dumpsite. And they extort you to not dump your data. So it’s a bit of a Hobson’s choice right now. And the adversaries have really taken a page out of the sophistication playbook of the nation state actors.”
Kurtz explained that it’s about knowing the adversaries, tracking their activity, and then protecting systems.
“We track over 150 different adversary groups, nation state and e-crime actors, and we understand how they operate and what they target,” Kurtz said. “And on a daily basis, we receive about a trillion signals. These are events that we get from all these endpoints and workloads per day… We have a pretty good idea of what’s happening. So when we look at these attacks, a lot of it is getting into a company, exploiting a vulnerability, or exploiting a weakness in a human; getting a password, getting onto a system and then fanning out or laterally moving across the network, and then implementing the ransomware, as an example, [as] we were talking about ransomware. So, for us, obviously, it’s what we do. Endpoint visibility and protection is really important because it’s the last person standing.”
Alkove made the point that taking simple steps to close security holes is essential.
“Most of the vulnerabilities being used in ransomware and other things actually have been disclosed and around for a while,” Alkove said. “They’re not a lot of zero-days being used in ransomware. Things like multi-factor authentication; multi-factor authentication has been a good idea for a really long time. It’s really great to see the world really stepping up its game relative to multi-factor authentication. We’ve asked all of our customers to turn on multi-factor authentication at Salesforce by the end of January of 2022. So those kinds of things; that basic cybersecurity hygiene is really, really important.”
Although Kurtz and Alkove believe in the security value in using artificial intelligence automation to bolster security, they offer a reasonable assessment of the current state of affairs concerning these technologies.
“And you hear these marketing terms that get thrown around autonomous,” Kurtz said. “Think about it, we barely have Tesla and I love Tesla. It can barely drive itself straight on the highway, and I’m a huge fan of it. And that’s not a derogatory comment, but it’s not like a Level 5 driving in terms of autonomous. And we’re not there at all in the IT space. We’re still in the early innings. So when I hear these things, it’s kind of like, that’s a lot of marketing, but the reality is you got to have some people that really understand. You can automate a lot of it, but at the end of the day I’m still driving the Tesla going like, ‘Hey, we should like stop at the light. And we should go.’ And I think that’s where we are as an industry. So I’m hoping it advances, but that’s my view.”
Alkove suggested that using A.I. and automation to reduce human error should be the primary focus today
“There’s work that we can do in automating; using A.I. to automate a lot of simple operational tasks that humans do today,” Alkove said. “All of those will take a lot of costs and a lot of mistakes out of the situation. The vast majority of security incidents today are actually caused by accidental human mistakes. If we can take those mistakes out of the system, we’re going to dramatically improve the security posture of the world without getting to a world where things are completely autonomous. Yes, the great autonomous future, I think, all of us would like to continue to drive in that direction, but let’s remember that there are some big wins that we can make with A.I. If you look at NLP and search, and there’s lots of things where A.I. has given us a ton of machine vision [and] where A.I. has given us a ton of benefit in the world today. And I think in security, we have opportunities like that. And I think that’s where we should be focused. The grand pitch is a good pitch, but ultimately, I’ll take a base hit when it comes to A.I. right now.”
To hear more straight talk from two thoughtful security leaders, check out the full episode of IT Visionaries!
IT Visionaries is brought to you by the Salesforce Platform – the #1 cloud platform for digital transformation of every experience. Build connected experiences, empower every employee, and deliver continuous innovation – with the customer at the center of everything you do. Learn more at salesforce.com/platform