blog

Bitglass Podcasts

Bitcast Cyber Security Series is an interactive audio-only podcast series that goes “in-depth” into important enterprise security technology and business issues that matter to today’s IT and security leaders.

Bitcast Bitglass + CrowdStrike: Re-Thinking Advanced Threat Protection

By Bitglass | July 15, 2020 at 9:37 AM

 

bitcast-logo

Bitcast Cyber Security Series is an interactive podcast series that goes in-depth into important IT security issues that matter to today’s business and technology leaders. 

In this episode we interview Chris Kachigian, Senior Director, Global Architecture at Crowdstrike and Jeff Minor, OEM Sales Manager at Crowdstrike as well as Ben Rice Vice-President of Business Development at Bitglass. We cover a recent partnership announcement between Bitglass and CrowdStrike to provide Agentless Advanced Threat Protection in the Cloud to the large enterprise and the very latest developments in threat protection technology.

About this episode:

Bitcast Cyber Security Series | Episode 2

Duration: 25 min

Host:  Jonathan Andresen

Guests:  Benjamin Rice, at Bitglass, Inc., Chris Kachigian & Jeff Minor, at CrowdStrike

Audio Transcription 

Jonathan Andresen:

All right. Thanks, everyone. Welcome to Bitcast Cybersecurity Series. Today, we're talking about Bitglass and CrowdStrike, rethinking advanced threat protection. My name is Jonathan Andresen, I'm Senior Director of Marketing and Products at Bitglass. I'm joined today by Ben Rice from Bitglass, and Jeff Minor and Chris Kachigian again from CrowdStrike. For those that you don't know, CrowdStrike's an endpoint protection company that leads in that space. Today's podcast will really cover a recent partnership announced between Bitglass and CrowdStrike to provide solutions for agentless advanced threat protection in the cloud. So with that being said, welcome, gentlemen. How are you doing today?

Ben Rice:

Good.

Jonathan Andresen:

I'm good, yeah.

Jeff Minor:

Absolutely fantastic.

Jonathan Andresen:

Excellent. Well, before we begin, I always like to ask folks how they're dealing with lockdown. Are they getting cabin fever yet? Are you baking sourdough bread? Have you started cutting your own hair or hunting your own food? Some people are going through those things today. How about you, Ben?

Ben Rice:

Yeah, all those. I do butcher my own hair now. I feel bad for my barber because I'm actually getting decent at it. I'm 49, so I don't have extremely long hair. But yeah, we normally go on a lot of trips in the summer. And so right now, I'm starting to feel the sting of camping in the backyard as not as fun as camping at a last national park. So, I'm definitely getting a little stir crazy, but I love having activities like this to keep me busy during the day.

Jonathan Andresen:

Absolutely. Absolutely. How about you guys at CrowdStrike? How about you, Jeff?

Jeff Minor:

Yeah, I think I've become a lot more aware of how great my lawn looks or how bad my lawn looks compared to my neighbors. I didn't use to care about that.

Jonathan Andresen:

Those things matter.

Jeff Minor:

Yeah. Those things, just in the broad scheme of things, that shouldn't matter, but it does now. And then to leverage on what Ben said, we are going to be going on a camping trip. We're rafting campings next week, so we're pretty expecting that.

Jonathan Andresen:

There you go.

Ben Rice:

Where are you going?

Jeff Minor:

We're going to be Middle Fork of the Salmon River in Idaho.

Ben Rice:

Awesome.

Jonathan Andresen:

Excellent. A chance to learn some hunting skills while you're on it.

Jeff Minor:

Thanks.

Jonathan Andresen:

Exactly. And you, Chris, how are you surviving during the lockdown?

Chris Kachigian:

Well, going actually pretty well. My wife is getting very good at cutting my hair. We got the pretty much the high tight fade down pat, so it's good after a couple of months now. It's interesting, I'm not going stir crazy at all. I actually had a newborn son just before the lockdown happened, so he's about four and a half months old now. So, it's actually been great being able to stay at home, help my wife out and actually just be able to be around our son, and sees young and growing up. So, it's been cool learning how to change diapers at rapid fire speed, let me tell you.

Ben Rice:

Congratulations. That's awesome.

Chris Kachigian:

Thank you. Appreciate it.

Jonathan Andresen:

Well, that's a crash course right there. Excellent.

Chris Kachigian:

Yes, it is.

Jonathan Andresen:

Excellent. Well, let's get back to the matter at hand here in the new partnership between Bitglass and CrowdStrike. Maybe, Ben, we'll start with you. How did this new partnership between the two companies come about and what does it involve, if you can explain?

Ben Rice:

Yeah. Like Jeff, I've been working in the security industry for more than a decade, maybe two decades. As part of that, you go to RSA. You have colleagues that you worked with in the past and you keep up on things. And so, one thing that has become clear to people in the industry over the last five years has just been an amazing rise of CrowdStrike. Part of that is the threat environment. So, what we, as people in the security industry, face as opponents has changed dramatically. If you know anything about CrowdStrike, part of the way that they came to prominence is through being involved with this very delicate business of protecting organizations against attacks from nation states and really well-funded adversaries. It's turned out over time that looking at past patterns of malware as a way to detect new malware isn't as effective when you're going up against an adversary that can fund an entire development team or perhaps some of the best developers of malware in the world. And so, they can craft what we call zero-day threat, which are threats that no security software has ever seen.

Ben Rice:

CrowdStrike has become expert at that. And so as part of the Bitglass offering, we also do threat protection for information that goes in and out of cloud services. And so, we rely on an engine or a technology of sorts in our cloud to help us detect those. What we want to offer to our customers always is real-time threat protection. And so, it became a must for me once I got hired at Bitglass last April to get a partnership with CrowdStrike and to get this fantastic technology into our cloud service. It was a little bit of a personal mission, but it worked out great. I think we were a little bit on the cutting edge here with CrowdStrike as we're one of their first customers to deploy their technology this way. So, we're super excited about it.

Jonathan Andresen:

Excellent. Excellent. That's really interesting. Jeff, how do you approach this partnership? From your perspective over at CrowdStrike, how do you think about the technology and the partnership between the two companies?

Jeff Minor:

Well, Ben stole some of the thunder there, but that's all right. I'll expand on what he said. The endpoint success that we've had, he's right, has been based on our focus on the adversaries. Our endpoints are cloud. We have a cloud-based platform and our endpoints are powered through the threat graph that we have in the cloud. But when those endpoints go offline for whatever reason, the internet goes down or they're on a plane or something, they can't connect, those endpoints still need to be protected. So in our agent, we have basically an ML engine, a machine learning type automated engine that looks at files. It knows, from previous experience and the exposure that we've had to threats and adversaries, what the behaviors look like and what the code looks like that drives those behaviors. So, we can train that model to detect files when they're encountered without being detonated. That's a static file analysis. So, we've now taken that engine that exists in our endpoint and made it available for licensing for use cases like the Bitglass CASB.

Jeff Minor:

We're really excited to have this partnership. It's been great working with all the Bitglass folks and we're excited about getting this thing kicked off.

Jonathan Andresen:

So really extending it to cloud-based applications, not just the endpoint. Ben, how does this integration work between the two platforms? How does it work at this?

Ben Rice:

What Bitglass offers are cloud services. We're not huge on having to deploy software. Although in cases we do, we generally rely on companies like CrowdStrike to be the security that's on an endpoint. And so, one of the things we focused on is the full SaaS experience, even for a security application. Meaning, Bitglass is the one updating the software. Bitglass is the one making sure the software is always running and reliable and up to date. We're the ones patching the software. And so similarly, even with the deployment of CrowdStrike, we fully package that within our cloud. When the customer never gets that come from CrowdStrike, we take care of that.

Ben Rice:

The significance of that is not just the ease of use. It's that if you're a Bitglass customer and you've got the CrowdStrike agent as part of your Bitglass deployment, that means that any user that comes to the cloud service attempting to upload something or download something will have file looked at by CrowdStrike. CrowdStrike will determine whether it's okay for it to be stored in Box or Dropbox, for example. It will determine whether or not you can download this file to grandma's computer.

Ben Rice:

So, the key of having it deployed in Bitglass Cloud means that we can actually scan for viruses and malware and bad attachments on a device that doesn't have the CrowdStrike agent. It doesn't have a CrowdStrike endpoint. It may not have any endpoint and it may be a mobile device that's basically not capable of having a fully functional endpoint technology. So bottom line, easy way to deploy CrowdStrike, only way to get network-based CrowdStrike on the way to an unmanaged endpoint essentially.

Jonathan Andresen:

Interesting. Obviously, threats are always present and they're changing over time. That brings me to the 2020 Global Threat Report‎ that CrowdStrike recently released. Jeff, from your perspective, what really matters to enterprises today? What's changed over the past year in terms of the threat environment? Our remote workers and BYOD users are more at risk now. What kind of things are you seeing from your perspective on the threat landscape?

Jeff Minor:

Well, thanks. I'm glad you mentioned that because our Global Threat Report‎ does have quite a bit of info on this. One thing that's clear from that report is that there's never been a better time to be in cybersecurity or certainly to be in considering how your enterprise is secured. Just to expand on something that Ben said about the direction of data going down to an endpoint that's unsecured, by virtue of this integration with Bitglass, we also have the ability to protect data from being written into unsecured workloads as well in the cloud. So, you look at the CASB as the in-between. It's the communication medium that files are going to be transiting. So either way, going through their proxy, the files will be looked at. We've done a lot of work with hyperconverged infrastructure and we know that not all workloads are secure.

Jeff Minor:

I think about a year ago, AWS reported that something like less than 5% of the workloads or, sorry, the S3 buckets were protected. There were some exploits written for that. That's all been tightened up obviously on AWS side, but there are going to be situations where the storage services aren't secured the way they should. You don't want to be writing malware and paying for storage of malware. So, we're just looking at that as another element of the value out there with Bitglass. But, the stakes are high and the ransomware epidemic has come about, I think, to matching or expanding as fast as the work from home has. Certainly, the attack surface has grown exponentially and the bad actors are having a heyday. So, it's probably more important than ever that we get data protected. Certainly, corporate data protection is our main value add that we want to bring to the market, whether it's through our direct enterprise or through our partner relationships like with Bitglass.

Jeff Minor:

The whole work from home thing has made it more important for entities that haven't necessarily focused on security before that they do now. So, budget constraint institutions, like our schools and some of our other public entities, haven't done a great job at securing their endpoints. But if the data flowing in and out of them can be secured, then that's another measure of security that would be beneficial. The threat actor report also uncovered numerous tactics. These are called the TTPs, Tactics, Techniques, and Procedures, that state affiliated actors are employing to accomplish their goals. Of concern is the widening variety of goals that we've observed. The usual espionage and surveillance, well, they're now selling disruption and discord among individuals, institutions, even whole countries, in pursuit of economic gains. We've got to worry about our elections coming up to make sure they're not tampered with.

Jonathan Andresen:

Yeah, that's interesting because the threat environment is always changing and it always seems that hackers are sometimes one step ahead. Given the scenario today with the pandemic going on, what stands out for CrowdStrike as being unique in the market? When CrowdStrike looks at this threat environment, what's unique about CrowdStrike's ability to stop threats and stop even the zero-day threats, for example?

Jeff Minor:

Well, I'm going to let Chris talk a little bit on this one.

Chris Kachigian:

Sure thing. I appreciate the ability of the input. I think just coming from the background of actually being an operator before actually coming over here from the software sales side, what I was going to say is the evolution of the tactics and stuff at TTPs that are being employed, stuff that we used to see years ago that were being done by, say, nation-state adversaries are now being picked up by script kiddies, et cetera. Right? So, the overall complexity is ever increasing as well as, I hate to say, the ferocity or the impact. Because even back to Jeff's point previously, with the increase of ransomware, it's not just the amount of the prevalence that's coming out. It's also they're asking for more money.

Chris Kachigian:

Think about in that perspective, you could actually lose your entire billion-operated business if they ask for too much, but they don't lock it. So, it's always good prevented. Now that said, with regards to detection, I think CrowdStrike's in a unique position because we have millions and millions of employees. We learn how things are being done by our adversaries. Every single one's a sensor platform for us. Just the ability to literally, just practically build platforms that can look at not just tactics, techniques, behaviors, indicators, and apply that in a machine learning model that can automate a lot of this stuff and not have to rely on, say, the sacred database as another lapse to do these things, we can do protections while we're connected to the cloud or not, which is a big advantage for folks that are using CrowdStrike-based technology.

Jonathan Andresen:

Interesting. It's often heard like a lot of companies have some sort of threat protection environment, but a lot of it can be a little bit outdated or traditional approaches with signatures. So, what should enterprises look for if they are going to upgrade in today's environment to a more modern threat protection approach? Is behavior-based ATP important for cloud versus traditional types of threat protection, like sandboxing and signatures? What would you advise as major feedback to enterprises?

Chris Kachigian:

You want me to take this one first, Jeff, or you want to handle this one?

Jeff Minor:

Go ahead, Chris.

Chris Kachigian:

All right. Sounds good. In general, I would say people need to take a step back and evaluate all the vectors, all the risks, and do a legitimate threat assessment. Now that said, since we are in the endpoint protection space, I'll just say this from a generic perspective. Generally speaking, shifting to technologies that are next gen based where we, in general from a industry, are not just relying upon signature databases but can also take into a fact the behaviors and apply again the ML and AI at scale, I think, is going to be huge. Right? That's why you see just the expansion and the prevalence still increasing for all.

Chris Kachigian:

Also, to look beyond not just the endpoint, but also like you were saying before, the communication paths, the other technologies. As we're going more towards cloud native and even headless with regard to stuff that can run cloud side, the cloud infrastructure you're running on the communication paths as well as the data, the objects and the stuff contained with all those pieces also become a massive importance to the organization because that's we're going to protect all your intellectual property, your data. Keeping that stuff safe also helps increase customer trust, right? So, all those things play into account. That's a very big defense in depth or others will call it defense in breadth methodology. Right?

Jonathan Andresen:

Interesting. Sounds like it's very complex approach, but it's done in the background and using machine learning and other tactics. Ben, if I could turn to you for a second, how easy is the new joint solution to deploy, to install and manage? From a customer perspective, what would they need to know?

Ben Rice:

A lot less than you think. Once they get signed up with Bitglass, a person at the company typically, at least one, will be named the administrator of the Bitglass account, so like a typical SaaS application. And then, that person would be responsible for configuring with our quick start guides, something that can take hours, depending on how many applications you deploy and how many users you're onboarding. But once that process is taken care of, if they've subscribed to the CrowdStrike offering, then they don't have to do anything else. And so, that's the magic of it is they can set a policy that says, for example, any device, so that means even a device that we don't have any software on, that tries to upload or download a file from OneDrive will have that file or will have those files scanned for malware by CrowdStrike.

Ben Rice:

And so, nothing further needs to happen on the side of the user. Nothing further needs to happen on the part of IT. This is just automatically effectuated. The reason is we are in our best deployments in between the user and the application. What that mean is we get to see the request and we get to decide what the response is. So, we get to listen to CrowdStrike. We get to be advised by the best on whether this file is safe or not. This all happens at the speed of not quite the speed of light, but in a fashion that's so fast that the user doesn't know what's happening. It just looks like the file's being downloaded or not. Typically, your file will begin downloading and it'll look as if everything's okay. If it's not, an error message or a virus found popup will pop up and let the user know that the file has been blocked, maybe it's matched to policy, whatever the reason is.

Jonathan Andresen:

Interesting. For enterprises that want to take advantage of that new solution, how do they go about buying it? Is the CrowdStrike technology available through Bitglass's price book? How should they go about taking the next steps?

Ben Rice:

Yeah. Each company sells its own offering. So if you want the CrowdStrike endpoint, you go directly to your CrowdStrike partner or a CrowdStrike sales representative that you might be working with. In the case of Bitglass plus CrowdStrike, you can get that from any Bitglass channel partner, any of our distributors or resellers around the world. It is part of the Bitglass price list. Everybody will know how to quote that. Like I said, once you turn everything on, you don't have to do anything else. There's nothing to install. There's nothing to update and everything just gets scanned automatically. It's as if it's a Bitglass product because it's entirely self-contained within our cloud service. And so, it's part of what you buy from Bitglass.

Jonathan Andresen:

Hey, Jeff, so over to you, what advice would you give enterprises looking to establish a more secure remote working environment? It's a pretty big topic today for a lot of companies. What should they really consider from a threat perspective when they're considering BYOD or mixed-use deployments with managed and unmanaged devices? What general advice would you give them?

Jeff Minor:

Well, I think the best advice is to buy CrowdStrike. But obviously, the same don't-click-on-everything type advice goes. But certainly for organizations, no matter what the size or location, empowering employees to get going in the work from home environment is desired but it's no trivial matter. I know we're not alone in this, but there have been a couple other companies provide security that have made a work from home options free to the current customers. I know one of the initiatives that we have is, with our current customers, we were giving them access to X number of additional licenses to help their employees secure their employee-owned machines so they could work from home. That certainly is one aspect that we've done to try and help out with all the challenges that we're seeing.

Jeff Minor:

But again, even that isn't simple. As I mentioned before, as these companies move their employees to work from home out of physical offices, the attack surface grows exponentially. So, they may need to wrap the division fleets of new endpoints with course that are secured properly. There's going to be probably... I know there has been a big uptick in the number of workloads that have been spun up in the cloud to help buffer some of this new information and data flow that are coming in. So, I think it's important to be thinking about security as a defense in depth as Chris mentioned. But, we play a key role in these types of deployments, whether they're on the endpoints or up in the cloud. We have a lot of cloud services that we're securing. We also have a lot of endpoints. Chris, did you want to add anything to any of the top process?

Chris Kachigian:

You know what? I think you hit the major pieces on the nail on the head. I'll just say this, people in organizations just need to stay cognizant of the risks that could be introduced with this ever-growing change at a rapid pace with regard because of COVID or any other particular reason that's out there. As long as we've got platforms like CrowdStrike, like Bitglass, we can apply and actually solve some security risks and concerns. I think we'll be okay. But again, just be ever vigilant because it's a ever-changing dynamic environment this point.

Jonathan Andresen:

One last question for you all, do you see in today's environment, given the situation, the pandemic, just see companies making a more serious focus on remote working and securing and allowing BYOD in their environments? How do you think the approach towards remote working is changing the endpoint and the cloud's threat protection landscape? That'd be Chris.

Chris Kachigian:

Sure. I actually had a customer say to me earlier this week or late last week that they took their remote workforce strategy from three years down to one month because of the pandemic pieces. With that, people are doing this at rapid change. So I would just say this, that it looks like, as cliche as it may sound, IT transformations or digital transformations are happening at an accelerated pace. So just making sure that we've got security as a stakeholder in the process and what's being done at the times of decision making, I think you've just got to help make sure that it's done more smoothly and more securely as quickly as possible. But yeah, there's a massive shift that's happening and we're seeing it across the board for all of our customers right now.

Jonathan Andresen:

Interesting. Interesting. Excellent. Well, thanks, guys. I appreciate your time. I think we're running out of time at the moment. So, thanks again for today's chat. Really appreciate learning more about Bitglass and CrowdStrike, and the joint solution. For those of you listening, you can discover more about the joint solution if you go to bitglass.com, on our website, contact your Bitglass sales representative. Of course, you can always go to CrowdStrike website and learn more about their threat protection solutions there. We'll stay tuned and join us next time for the next Bitcast Cybersecurity Series. Thanks, gentlemen, and have a great day. Cheers.

Ben Rice:

Thank you.

Chris Kachigian:

Thank you.

Jeff Minor:

Thank you.

FOLLOW US

Resources to Support You Along the Way

duoLogo-web
Bitglass&DUO
Configuration Guide
The integration between Duo and Bitglass provides leading identity management and comprehensive cloud access security broker protections
Download
duoLogo-web
Bitglass&DUO
Integrated Soluition Brief
Bitglass’ Next-Gen CASB provides data protection policies for comprehensive visibility and control wherever data goes. Duo Security ensures secure authentication in the cloud for all users
Download
duoLogo-web
Bitglass Strengthens Security
for the Modern Workforce
Bitglass, the Next-Gen Cloud Security Company, today announced a deepened integration with Duo Security, leading MFA and Zero Trust solution provider
Learn More