CrowdStrike Outlines Its Vision for AI-Driven Security at Fal.Con 2023

CrowdStrike welcomed over 4,500 cybersecurity professionals to its annual Fal.Con23 user conference last week in Las Vegas. President Mike Sentonas delivered an inspirational keynote outlining CrowdStrike’s bold vision for leveraging artificial intelligence and cloud-native technology to make security teams significantly faster, smarter, and more proactive against increasingly sophisticated and relentless threats.

The Need for Speed: Winning the Modern Security “Formula 1”

A pervasive theme throughout Sentonas’ keynote was the imperative for greater speed in security operations. He likened today’s escalating cyber threat landscape to an intense Formula 1 race, where shaving mere tenths of a second off response times can mean the difference between a catastrophic breach or successfully defending critical systems.

With attacks growing more automated and adversaries compressing breach timelines through techniques like island hopping, response velocity has become the single most important metric in security. Sentonas revealed sobering incident data from CrowdStrike investigations showing the fastest observed attacker breakout time plummeting from 118 minutes in 2018 to just 7 minutes last year — an alarming 92% decrease.

To have any hope of keeping pace with these trends, Sentonas argued that security teams desperately need unified visibility across their environment, automated enforcement of policies and controls, and intelligent assistance from AI to convert alerts into actions immediately at machine speed. In his view, only cloud-native software architectures built from the ground up specifically for speed, scale, and simplicity can meet the demands of modern security threat racing.

Taming Complexity for More Effective Security

A significant pain point Sentonas highlighted is how overwhelming complexity has come to cripple security operations for many organizations. He explained how decades of accumulating layers of siloed, disjointed point security products have led to hopelessly fragmented environments plagued by major visibility gaps, policy misalignment, and repetitive manual workflows.

In contrast, he positioned CrowdStrike’s core fundamentals as the antidote - embedding a single intelligent lightweight cloud agent across endpoints to ingest and analyze all security telemetry. This provides a unified dataset feeding the Falcon platform where security orchestration, automation, and response are driven by AI to instantly activate and enforce protections across the enterprise.

This cohesive approach eliminates the need for security teams to attempt to manually correlate across dozens of console dashboards or piece together context for threats. Sentonas described how CrowdStrike’s architecture and data model aims to conquer complexity by enhancing rather than contributing to enterprise security stack sprawl.

Augmenting Overburdened Analysts With AI Assistance

Sentonas also previewed major improvements coming to CrowdStrike’s security assistant Charlotte AI as part of their upcoming Raptor cloud release. He demonstrated how Charlotte will provide enhanced interactive investigation and remediation support to analysts through intuitive natural language conversations.

Use cases he showcased included Charlotte generating on-demand incident summaries for unfamiliar threats to accelerate research and response. Charlotte also helps automatically prioritize the most critical threats for analyst focus using advanced data visualization and vulnerability insights.

Sentonas explained this allows analysts to dedicate their scarce time to high-value creative and strategic tasks only humans can perform rather than wasting hours on repetitive low-level activities like manual log analysis. By seamlessly fusing AI augmentation with human expertise, CrowdStrike aims to make security operations more efficient, effective, and rewarding.

Holistic Cloud Security Tailored to Dynamic Workloads

With cloud adoption massively accelerating, Sentonas announced a major step in CrowdStrike’s expanding cloud security portfolio - the acquisition of cloud posture management innovator Bionic. He touted that Bionic will provide unified visibility into identity, configuration, and workload risks across multi-cloud environments encompassing AWS, Azure, and Google Cloud.

Sentonas outlined how Bionic will integrate with Falcon Horizon and Falcon’s runtime protection to deliver comprehensive and consistent coverage of the entire cloud attack surface. He also called out the shared vision between the companies to deliver cohesive cloud security entirely through an integrated graph data model enriched with AI to reveal risks and automate response.

Democratizing Custom Defense Innovation With No-Code

Sentonas concluded his keynote by showcasing CrowdStrike’s newly announced no-code security automation builder, Falcon Foundry, which is now available to customers. He demoed using Foundry’s intuitive visual editor running in the cloud to easily create custom security applications addressing unique use cases directly on the Falcon platform in minutes.

Capabilities he highlighted included building customized alerts and indicators, automating SOAR workflows, designing tailored intelligence dashboards, and streamlining response integrations with IT and business systems using Foundry’s library of 300+ out-of-the-box actions and APIs requiring no coding expertise.

By democratizing custom defense development, Sentonas explained, Foundry will empower security teams to become more self-sufficient while accelerating response through unique apps purpose-built for their organization and integrated data. He encouraged attendees to “get creative” with Foundry to maximize their CrowdStrike investment.

Winning the Modern Cyber “Formula 1 Grand Prix”

In closing, Sentonas reiterated that winning today’s rapidly escalating cyber threat race requires adopting security technology designed for speed, seamless unification, and frictionless use through consumer-grade design.

He summarized how CrowdStrike aims to provide managed threat hunting, real-time analytics, enforcement automation, workflow integration, and AI assistance capabilities for modern defenders to finally surpass the adversary.

With a robust graph data foundation, cloud-scale architecture, and a sharp focus on user experience, Sentonas conveyed CrowdStrike’s long-standing mission is to propel security operations into the future where technology works collaboratively with human ingenuity to defeat attacks.

Innovating for the Future of Security

Following Sentonas, CrowdStrike CTO Elia Zaitsev took the stage to provide additional insights into the company’s ambitious vision for the future of cybersecurity. He explained how this technology roadmap has been directly shaped by collecting candid feedback from customers through 500 interviews and 3,700 surveys over the past year.

Zaitsev highlighted several key new capabilities launching over the next 6–12 months:

• Falcon Identity Threat Protection: With stolen credentials being a primary attack vector, Zaitsev argued identity is the new security perimeter. He outlined this new module offering visibility into compromised credentials and automated response to identity threats across cloud and on-premises environments.
• Enhanced Data Lake: To accelerate threat analysis, CrowdStrike is enhancing its cloud-based data lake architecture using machine learning to allow security teams to efficiently query massive amounts of data.
• Visualization Upgrades: Zaitsev revealed new interactive graph data visualizations are coming to CrowdStrike’s console, leveraging AI to highlight connections between events at a glance for faster threat understanding.
• Active Asset Discovery: Many organizations still struggle to discover all assets across cloud, on-premise, remote sites, and OT environments. Zaitsev introduced a new active scanning module, allowing select Falcon agents to identify and inventory surrounding unmanaged devices.
• Smarter Threat Intelligence: Zaitsev argued global threat intelligence today is not actionable enough for security teams. He demoed an “evolutionary cyber defense” system tailoring intel to organizations based on industry, geography, and other unique attributes, then automating enforcement.

Customer-Driven Innovation

A consistent message was CrowdStrike’s commitment to continuous customer-driven innovation. All the capabilities Zaitsev previewed were inspired directly by end-user feedback and designed to simplify security operations.

By eliminating data and workflow silos through its cloud-native platform, Zaitsev summarized how CrowdStrike aims to arm defenders with unified visibility, AI assistance, and automated response to defeat breach attempts at machine speed. Much work remains, but the vision is ambitious - using technology to tilt the playing field back in defense’s favor.