"Faster Hosting with FREE SSDs, Pre-Installed WordPress + Free Web Builder, 24/7 US Based Support"
Unlimited Bandwidth, Storage and Email, $150 Ad Credits with Bing, Yahoo, and Amazon, 20x Faster Hosting
#AceManagedSecurityServices and #CrowdStrike security architect came together for a live webinar and discussed the best cybersecurity practices for 2023’s ominous threat landscape.
Watch the enriching discussion on what’s happening within #CyberSecurity and how that impacts your organization’s security posture – international adversary groups, multi-vector attack tactics, and #Ransomware -as-a-service groups combine with an ever-widening cybersecurity skills gap and expensive in-house SOCs. How’s your team planning to overcome these challenges?
Listen to ACE MSS security experts engage with Greg Lowe from CrowdStrike for tips on leveraging new-age managed solutions for cost-effective, accurate, and flexible solutions.
Click here to know more about ACE Managed Security Services:
Find us on Social Media:
Facebook:
Linkedin:
Twitter:
Instagram:
Hello and welcome everyone thank you so Much for joining us for today's webinar My name is Mohit call and I bring around Eight years of experience at Ace managed Security Services I'm glad you've all taken time out of Your busy day to join us today we will Be discussing solutions for one of the Greatest threats businesses are facing These days Cyber attacks First let me introduce my co-speakers I Am joined by Greg Lowe from cloud strike The leading endpoint security platform OEM in today's market Greg himself has a valuable experience Of over a decade in the cyber security Industry and is here to share the Giant's leaves crowdstrike technology Has made an endpoint protection Also joining Greg and I will be Ace's Very own people Chan and Deepak hits the Network and security teams at Ace he's a Certified ethical hacker our in-house Expert for all aspects related to cyber Security and he'll be answering your Questions on best practices for cyber Security optimization Uh let's discuss today's agenda we will Start this webinar by talking about the Current state of the security landscape After taking a deep dive into the cyber Security threats and challenges Organizations faced in 2023
I'll introduce you to A's managed Security Services that we extend to any Scale and size of organization and then Demonstrate how we address these problem Areas with a security framework and a Real world case study of a BPO At that point Greg will take over and share insights On crowdstrike's endpoint protection Capabilities uh we'll end this with a Short q a round but you don't have to Save your questions till the end please Type them on the chat window and we'll Address them during the Q a round Obviously by the end of our time today I Hope you feel more comfortable and Confident about cyber security risk Mitigation and adopting multi-layer Solutions that we'll be discussing So without any further delay let's get Started So what does the current cyber security Landscape look like I would say that uh a threat landscape Becomes more dangerous and expensive Every year in terms of cyber security And 2023 is no different According to your research by cyber Security Ventures the average cost of a Data breach hit a staggering 4.35 Million dollars globally it's a huge Amount this amount is exorbitant for Small businesses and compounding that Issue is the fact that small businesses
Account for 43 percent of cyber attacks Imagine according this is clearly According to your research by a company Small business trends and these two Trends show that smes are a significant Target and stand to suffer major Financial and reputational damage when Being hit So what kind of cyber security Challenges are we potentially looking at From the basics of it I would say the Lack of cyber security awareness I believe many individuals and Organizations do not understand the Importance of cyber security and are not Taking the necessary steps to protect Themselves from cyber threats Knowing that there are so many cyber Threats lurking around and as we move Forward into the new year we must be Aware that the increasing threats posed By International adversary groups are Very common these groups are often Sponsored by a foreign government they Use increasingly sophisticated Multi-vector attacks to Target our Critical infrastructure and steal Sensitive information you must have Heard about these things happen in Common in the news lately These groups do have certain names but They keep on evolving and changing their Names as they carry out attack so it's Very important to stay updated on their
Daily activities Some recent examples of these groups are The ones who targeted Brazil's Ministry Of Health and with their Samsung Ubisoft Microsoft along with Uber they also Target so many multiple companies smes And government organizations and we Really get to hear about that Now as we discussed multi-vector attacks What are those Any Cyber attack that uses multiple Methods or vectors to Target a single Victim or an organization is a Multi-vector attacks to make it simpler This can include a combination of Techniques such as fishing malware and Exploiting vulnerabilities in software And Hardware This is a very common tactic used by Cyber criminals and are likely to Continue happening in the future too Such attacks are complex and can be Difficult to detect and defend against Obviously so it's important for Organizations to have a robust cyber Security strategy in place Taking a quick example of the recent Uber hack And in that case multiple vectors use Like compromise credentials Um MFA fetty social engineering and Third-party vendor compromise were Involved So how did this even happen to such a
Large organization if what most of us Must be actually thinking it's primarily Because One of the reason being understaffed Socs or One of the biggest challenges Organizations face in understanding of Security operations centers or socs as I've mentioned These teams are responsible for Detecting and responding to cyber Threats but many organizations simply do Not have enough personal to properly Staff their socks There's a cyber security skills Gap and It refers to the shortage of skilled Professionals with the knowledge and Experience necessary to effectively Defend against cyber threats This shortage of talent makes it really Difficult for organizations to staff Their stocks adequately and it leads to An increased risk of security breaches As you can understand According to a study Global cyber Security Workforce Gap has increased to Almost 26.2 percent compared to 2021 With more than 3.4 million workers Needed to secure assets effectively It has also been observed that the Skills Gap is particularly acute in Certain areas such as incident response And threat hunting which is very Important to understand some studies
Suggest that the Gap is even more Receiver in smaller companies Then comes the cost of maintaining an In-house stock so if even some business Or organization wants to maintain their Security operations center in-house it Can be profitably high in terms of cost For many organizations and this is a Very serious problem as it means that Many companies are not able to properly Defend themselves against disciple Threats Organizations must invest in expensive Security Technologies and tools As hire and train a team of qualified Security Professionals Additionally the constantly evolving Nature of cyber threats requires Organizations to continually update and Upgrade their security measures further Dividing up costs let me tell you that The average cost of maintaining an In-house Security operation Center can Vary widely depending on factors such as The size of the organization the scope Of its security needs and the level of Expertise required by its staff According to Deloitte and the study that They did the average cost of an in-house Stock is somewhere around 3.5 million Dollars per year Now we are seeing more and more Industries rapidly digitalize their Operations and this has bound to happen
So the digitalization is actually making It easier for the attackers to find Vulnerabilities and launch successful Attacks So these are the challenges that we are Facing currently in the coming year Now I know that we've been really Discussing the problems and challenges For a while so let's talk about positive And let's be a little more optimistic This time with the right security Approach no cyber security issue is too Big to tackle and at Ace we shape our Security framework to match your needs The eighth is a specialized cyber Security solution provider that offers Services like fully managed endpoint Security it protects your devices your Servers everything including network Security Cloud security security Information and even management system Will come to that and solve other Service as we discussed with an Experienced team of CSUB professionals We are here to assess your Organization's security posture and Recommend remediation solutions to Improve its cyber security posture I would also like to add here that Ace Has been working with numerous Businesses to strengthen their existing Security posture already Ace has been Able to identify gaps in their current Infrastructure and network that can
Potentially pose a threat and Accordingly we provided each individual Each business each organization with the Required remediation plans and solutions So what does ace managed Security Service actually bring on the table or In other words what is the power of a Managed Security Services Ace provides a bundled package of Multiple fully managed Security Services That range from managed EDR using Cloud Strike falcon We provide managed email protection Manage Siem as we mentioned it's an Artificial intelligence powered machine Learning based software along with DNS Filtering which is fully managed This also includes round-the-clock Monitoring without any additional Staffing so businesses do not need to Train anyone they do not need to hire Anyone individually to maintain and to Give support eighth managed Security Services will provide 24 7 threat Detection capabilities to keep your data And your assets everything that any Hardware that you use to and will make Them secure even if you are connected to The internet and all this throughout the Year Asus monitored Security Services will Get you a dedicated sock as a service Again something that could have cost a 3.5 million dollars a year on average
You're not have to spend even a fraction Of that amount all of this is curated in A manner where Ace has focused on Keeping the service extremely flexible And cost efficient based on how someone Would want to use it using Asus managed Security Services businesses will start Leveraging AI or ml capabilities in Their operations and this is something That everyone needs to focus on Aces minor Security Services would help Businesses achieve Required industry compliances accessible So any Organization no matter from which Domain from which industry and if you Are looking to achieve any compliance Asus Security Services will provide you With the required Audits and reports to Achieve those compliances Now at this moment I would call upon Debug to speak further uh on the Services offered by Ace Good morning good afternoon everybody my Name is Deepak I've been working with This for last you know eight years I Have a vast variety of experience Starting from technology you know it Sector to the networking to the security And now working with a lot of customers Helping them achieve their ID security Compliances So today uh Mohit already gave a lot of Good you know explanation about these Services that we offer
What we are doing here I'm just gonna Brief you based on Dennis cyber security Framework that we provide you on 24 7 Mana Security Services and we would help You by observing data feeds across your Enterprise uh we will help you to detect And respond to the security threats and The incidents So we'll go to the next slide and we'll Talk about you know the very good Question that everybody says that I Already have got a lot of security Products why we need services from you Guys so according to the next cyber Security framework it's basically a set Of Guidelines that helps you to deal with The cyber security threats and it says That you first have to identify what all Assets you're going to protect and then You Put a lot of investment in securing Security tools like you buy antiviruses You buy you know firewalls web Contentful green tools you buy a Password management tool and you do a Lot of security awareness training there Are a lot of controls that you put in Place Then you also plan for the recovery so Let's say something happens to your Organization you know you you plan for Your backups and Recovery you plan for Your bcpr you also buy your cyber
Security insurances that would help you To cope up with these cyber security Incidents but what we really miss is the Data can respond so that's basically the Stock that more has been speaking about Throughout this session that it's it's Very you know challenging for any Organization to set up a dedicated soft Team because of the skills that that it Requires you know the cost of Maintaining a stock then the tools Technologies everything is very Complicated for small organizations or Mid-sized organizations so what we Normally believe in if if you know you You put you identify the asset then you Make the investment to buy the Technologies that you want to use to Protect your assets you basically miss Out on detection and respond Capabilities and we mostly believe on or Rely on employee self-reporting or maybe You know USB receive an outside Notification kind of a bug Bounty that You have received that someone has Discovered some sort of bugs in your Infrastructure or you may have some Physical security alarm that goes up Whenever there's an incident and the Response is basically Our IT team that Deals with the incident that happens but Item doesn't know everything about Security so what they normally know is Just you know deal with your righty
Assets And you may have some emergency response Like you know third parties that you Have hired to deal with such incidents Now these are really great gaps when we Talk about you know cyber security Framework that even though you have made A lot of investment in procuring the Security products if you don't have you Know detection and this phone capability That is a huge gap in your cyber Security preparation Now if I go to the next slide I will Explain you how we help you to fill that Gap So what we bring in is we bring in a 24 7 threat detection capability to your Current security posture despite Whatever products you have you Definitely need some sort of skill set To configure these products properly so That these products are able to protect You from the Cyber threats you would Also require the skill set to keep Improving it because putting a product Is not a one-time activity it definitely Requires you know going back and forth Checking the configurations keep on Fine-tuning it you know putting a lot of Hardening uh on your assets and the and The fine-tune the policies of the tools And the technologies that they have Invested in to protect yourself from the Cyber security threats then in the
Detection capability we will integrate All your you know tools that you have Already procured and we'll find out what Is the gap if we think that the current Tool set is not capable enough to find The threats or deal with the modern Threads we definitely highlight that Gap And we would be able to introduce some New tools that can definitely help you Deal with the modern threats And how we do it we have a complete soft Team you know one of more than 150 People looking into the logs that we are Collecting from various customers and They look for the logs like you know if There is a normal user login there's a Excessive field login attempts if Someone is you know escalating the Privileges or or we do Behavior Analysis We do perfect intelligence honeypots Machine learnings so these are the Detection capabilities that you bring in And then from the response perspective If there is an incident or an alarm that We detected in your environment we bring In a com 24 7 stock analysis we do P1 P2 Alerting we do you know process Termination that is a active response That we quickly provide we do you know Remedy we provide you a remediation step So we deal with your I.T team provide You how to deal with that incident what Steps they can take you know how they Investigate it how they fix it and we
Also help you with the threat hunting Security reporting and the compliance Reporting then obviously you would Review your recovery process is that What you already have in place and if Everything is good enough then they Cover we go as long but if you think That they recover needs Improvement we Make suggestions But we can go to the next slide So this is how we do it uh we call it Defense in action so these are the Necessary things that one should have in Their stack whenever they are preparing For any cyber security uh preparation The first thing is a good anti-malgar Solution so traditional antiviruses are Now outdated you need a solution that Has the EDR capabilities that can deal With the modern threats attacks like Finalized attacks or attacks that are You know off the land kind of X living Off the lands then we bring in the email Security because that's a very essential Component most of the threads that you Get into your environment these are Actually penetrating through the emails So if you talk about ransomware you talk About credential compromise you talk About any any kind of attack in most of The cases we have found that the email Is the you know medium where the attack Is trying to penetrate into your Organization so you definitely have to
Get some smart intelligent email Security solution that can help you Differentiate between our legitimate Email and imitative at email and this Solution should have capability of URL Difference you know sandboxing it can Actually go through your attachments and Make sure the everything is clean Then comes the vulnerability assessment Where we look into the vulnerabilities That are like bearing your environment Using the various tools if you have you Know web server we do a web server Scanning if you have a uh if you have Services that running on public basic Services mostly we do that scanning and We look into what endpoints you have and What type of package patches that you Have already installed over what type of Patches that we are missing and we Basically create a vulnerability Assessment report that help you to deal With a zero day threats so maybe you Know you're missing a patch that can be Exploited even if it bypasses various Mechanisms that we put in place if your System is not passed then obviously Someone can easily exploit it so it's a Step where you also have to make sure That you do not have any active Volatility That is not passed within your Environment then comes our Sim tool Where we collect all the logs from the
Tools and technology that I have spoken About and we also collect logs from Various different sources you have if You have a firewall we collect locks From your firewall you have servers we Collect lots of your servers from your Endpoints and we do an analysis based on The data that we collected there is Anomaly that we detect we notify you About it and help you with the Remediation plan and that is done by our 24 7 software so that is what we call Difference in action where various tools Help you protect the environment these Are the essential part then you know More depending upon the requirement we Do an assessment and recommend more Technologies that you may require That was lovely and uh moving on so let Us on similar grounds uh let us talk About a real world example So sometime back we were approached by a BPO and they were facing a lot of Challenges it was a growing organization Uh this BPO was specialized in hiring Remote employees for its clients it used To Cater to healthcare industry in the United States and uh it's it was a Global operator headquartered in the U.S And having staff in Philippines so while Their operations were gaining rapid Momentum in the post-covered hiring Climate
The demand for the workers working Remotely was also increasing So while they were rapidly scaling their Operations across the U.S market and Expanding their remote team there were a Lot of challenges specifically in terms Of security on you know how would they Scale up how would they actually be able To monitor what their staff who is Working remotely could be from a Different country as well based on the Budget of the client how will they Ensure that they are able to Pro cater to the industry that they're You know servicing to so their Challenges were didn't have any cyber Security expertise and they were needing Specialized Talent they had an extensive Attack surface they had too many too Many unsecured remote employees and a Virtual desktop they wanted to implement And enforce internet usage policies you Know that when you have remote employees You don't want them to and when you're Dealing with critical data you don't Want them to open any malicious website You don't want them to go to a social Media website or anything that the Organization doesn't prefer to you they Were also having HIPAA compliance Mandates because they were Dealing with the healthcare clients and Their existing employees also reported Frequent Windows crashes and issues with
Viruses so although they had an Itt They really didn't have the cyber Security expertise To work with that Now when they approached Ace we provided Them with a solution according to our Security framework that the book spoke About in the last minute We provided them with a comprehensive Solution based on detection and Response Security framework that we have In our umbrella we provided them with The ace managed Siem it provides them an In-depth Network visibility it collects All the logs from all the security Assets from their firewalls everything That they had and it also helped them Achieve HIPAA compliance with the all The audit and reports that it provides For internet enforcement we provided Them with a managed DNS filtering it's Uh we could specify its internet usage Policies web browsing filters and Anti-facing safeguards ensuring that Employees even remotely cannot open the Websites which can harm or which can Sabotage the critical data that they are Dealing with and most importantly we Also provided them with a fully managed Crowdstrike Falcon inside EDR to give Them comprehensive endpoint visibility It's an automated third response and Secure remote work So Ace is flexible pricing and
Pay-as-you-go model also help the Customers in ensuring cost efficiency For the BPU As they have an expanding team our Solutions were flexible and easily Scalable as they're hiring more people Very they are easily able to scale up And add more endpoints more devices and Without any drastically increasing costs Now Ace doesn't really believe in the Fitted and forget it approach Ace Security Experts provides Step-by-step post-deployment support The ace team shares the detailed monthly Reports at the start of every month as Deepak has already mentioned that the Siem tool will generate all the logs we Will create a report out of it and we Send these reports to the customer every Month the monthly report summarizes Security events and actions in the Previous month along with the plan of Action which is super important a One-on-one session is scheduled between A Security Experts and the customer's Internal team to discuss the report A security analyst personally verify Every P1 and P2 alert The ace team shares complete information On response actions already taken and Remediation plans for malicious Detections So just like the upper business case Endpoint protection endpoint meaning
Your devices your laptops your computers Your desktop is a primary concern for Organizations today we're all trying to Make our working flexible agile and Break down geographical boundaries But unfortunately hackers know that one Of the best ways to breed a network is By targeting vulnerable endpoints So based on the question asked in the Poll what if I tell you that you don't Have to choose between these features I'm about to introduce you guys to the Leading EDR solution in today's market One with all these essential features And much more I introduce to you Crowdstrike Falcon EDR this is an Industry-leading EDR crowd site Falcon and it is Miles Ahead of its competition endpoint Direction response Are Made Easy with Crowdstrike purpose built in fully Native Cloud solution To speak on this further I would quickly Introduce you to Greg I have uh Greg I Will be happy to pass over uh the Microphone to you now and I know we're All eager for his insights on the Ultimate endpoint protection solution And learn from his experience Greg over To you Hi thanks thanks for the intro mahit and Thank you to everyone for joining us Today Um as mahit said my name is Greg Lowe
And I'm a Solutions architect at Crowdstrike and uh today I just want to Tell you a little bit of the fee key Features that distinguish crowdstrike as A leader in the Next Generation Antivirus and the endpoint detection Response industry and presumably why Ace Chose to trust us as their security Vendor so Uh crowdstrike pioneered Cloud delivered Endpoint protection and is continuing to Revolutionize the security Market with New Innovations every day our unique Combination of Technology intelligence And expertise comes together in a Comprehensive platform for endpoint Security Falcon platform is the industry's first True security Cloud so by leveraging our Platform the lightweight agent to Collect data once and use it many times We can solve a variety of security Problems while eliminating costs Eliminating complexity And we're able to deliver various Modules on this Falcon platform divided Into three General categories So at our core we have endpoint security That combines endpoint protection Leveraging Cloud scale Ai and deep link Analytics to deliver Best in Class ETR Next-gen antivirus device control and Firewall management That protection extends not only to
Traditional endpoints but also into Cloud security Providing the visibility that is needed To stop breaches on the cloud workloads Runtime protection for workloads and Containers and simple Cloud native Architecture that reduces complexity and Provides you with an immediate time to Value Next Falcon is able to deliver security And it operations capabilities Including it hygiene management and Vulnerability assessment So that is enriched by world-class Threat intelligence including malware Search sandbox analysis which are fully Integrated and automated delivering deep Context and predictive capabilities And then finally in addition to all of That our OverWatch threat hunting Service augments the ace team and their Customers with that 24×7 proactive Threat hunting and I noticed in the poll A lot of you said proactive threat Hunting is one of the most important Things and I wholeheartedly agree with You All of this is delivered through our Single lightweight Falcon agent and that Provides comprehensive endpoint security And visibility for all of your workloads Including workstation servers Cloud Workloads containers and even mobile Devices but we don't stop there our
Platform was built for nearly Limitless Extensibility allowing Ace to leverage That single agent and that single Platform to deliver a better security Outcome Go ahead and jump to the next slide for Me So Falcon Um crowdstrike Falcon does not rely on Just one technology to prevent attacks Instead it is using an array of Complementary and overlapping methods That provide the most comprehensive uh Offering for antivirus replacement in The industry and this allows Falcon to Protect against known and unknown Malware and malware free attacks protect Against xerote attacks eliminate Ransomware It does not require signature updates And it even allows for full protection When offline Which is very powerful So Falcon is utilizing machine learning To protect against those known and Unknown malware And the sensor takes a signature-less Approach which means that it does not Require constant updates to provide Protection and can free your resources For more important tasks But We also know that about half of the Attacks that we're seeing in the wild or
What we refer to as the threat landscape They Um were not performed utilizing malware And against those fireless attacks or Refer to as malware free attacks Falcon Utilizes exploit blocking and indicators Of attacks or ioas for short And both features protect Beyond malware Exploit blocking is self-explanatory but What makes us different is that we're Not just looking at the exploit we're Watching and blocking the technique that Is being used instead of the exploit Itself and that's how we can stop even Unknown or zero day exploits indicators Of attack are are the behavioral Analytics of Falcon Next slide So when it comes to responding to a Threat time is critical everyone knows That the longer a threat lingers in your Environment the more damage it can do Unfortunately all too often and Very commonly the only tool that Organizations have to respond Is re-imaging their machines and of Course nobody wants to do that this Process is not only slow but it also Introduces a great deal of downtime for The affected users and to optimize Responses by containing and remediating A threat with the lowest impact to those Users responders need the tools to to Act immediately and decisively when it's
Called for so through Falcon through Crowdstrike the Falcon agent is able to Provide that capability through what we Refer to as real-time response or RTR And this allows responders to take Necessary action You can do intelligent actions when a Threat is detected this can include Things like collecting additional Information such as samples of a Suspicious file or even reviewing Network activity He might even require isolating a hose From the network stopping a process from Doing something malicious or removing Persistence measures from a compromise Host These powerful real-time capabilities Are built into the lightweight Falcon Sensor and they Empower Ace to act very Quickly and greatly reduces the uh Involved overhead that's associated with Incident response Go ahead and go to the next slide So lastly is the OverWatch so proactive Threat hunting as I know is important And I know that all of you believe uh The same proactive threat hunting is one Of those tasks that benefits security Um More than almost anything else but most Organizations may not have the resources To fulfill it uh like uh like the bag And mojit said it is very expensive and
The Falcon OverWatch team was created to Fill that Gap Falcon OverWatch Proactively searches for threats on the Customer's behalf 24 7. so OverWatch is Going Beyond passive automated detection Offered by current security Technologies And is focused on detecting threats that Have bypassed other controls OverWatch Fines investigates and and can even Respond to smoking guns that point to Stealthy or sophisticated attacks that Would otherwise go undetected And OverWatch is is what we refer to as A force multiplier because it's Providing proactive hunting Resources and therefore reducing alert Fatigue The threat graph contributes to Overwatch's ability to hunt through more Than 90 billion new events per day From those events OverWatch generates And investigates over 13 million hunting Leads daily and identifies about 400 Serious breach attempts every single Week which that comes down to about two Per hour on average And thanks to the Falcon platform OverWatch is able to sift through these Events across crowdstrike's worldwide Customer community and immediately share The protective elements across all of Crowdstrike's customers that's what we Refer to as Community immunity or true Communal protection
And in a single sentence OverWatch finds The adversaries so that you don't have To And they ensure that that customers Don't suffer what we refer to as a mega Breach which is what we call a breach Where the adversary has achieved their Goal and has created significant damage So that's all from me today Um but that is crowdstrike powering Ace And thanks for listening Thank you so much Greg uh that was Extremely informational and uh really Thank you for sharing your insights Today with us now at this time uh we Will go ahead and take Some questions from the audience and Feel free to put your questions in the Chat box and we will responding to those Thank you You know we have two questions for the Cloud strike Yes Greg would you like to uh take up The first question that we have for Crowdstrike Or debug what do you want to do that So crowdstrike uh in terms of protecting From DDOS attacks we're not a networking Tool so that is not really something That I I would say that we would provide But in terms of Brute Force attacks From an identity perspective we do have A module specifically tailored toward Securing your environments from an
Active directory in an identity Perspective so Brute Force attacks is Definitely something that we can provide Protection of Foreign So so the next question uh being what if Any malicious activity passes through Crowdstrike or asked by one of the Audience Uh Deepak would you like to take this up Well uh like none of the security Solution is 100 foolproof there's always A scope but that's why I spoke about you Know difference in depth you cannot just Simply rely on one tool you need to have A sequence of tools like if you're Protecting your endpoint you need an Email security so that you don't get Threads through from the email let's say Something passes that mechanism then you Have your endpoint prediction thoughts Like AVR there's excellent enough to Detect those threats let's say it Bypasses the clouds like then you need a Web security solution that can that Works like a proxy and monitors all Outgoing requests and it can help you You know prevent such attacks let's say That happens then you have you know an SIM solution that would be going through Your logs and passing that information To the analyst it may not be able to Give you an active response but yes Proactive response would be there and
Because it's gonna be a P1 or P2 alert Our team would be able to notify you Within 15 minutes some there is an Incident happening in the environment And they can quickly provide them issues I'm sorry our remediation plan so it's Like you know you have multiple layer of Technology definitely someone would help You to direct it but you know if no one Is able to detect it then we have a Response team We can definitely bring this to the Crowds like they are very active support So whenever we find false true positives Not being detected by crowdstrike you Can we report those uh samples to the Crowdstrike and they are able to quickly Build some signatures or some machine Learning queries to detect such attacks And block it in future Understood well so we have got a few More questions uh so uh going to them Linearly so how does crowdstrike Falcon Detect malicious files which may have Been modified by attackers by changing The metadata to change the hash of the File or maybe even changing the script By some extent I would have great answer that Yeah so with with crowdstrike's machine Learning I mean not only are we looking At the behavior and the executions of Every file but uh by looking at the hash Of the file I mean you can very easily
Detect changes but crowdstrike was Designed from the beginning to look at The executions of the file so you know With with Legacy antivirus solutions They were always looking to block Malicious signatures whereas crowdstrike Tends to look for Behavior so our our Root goal was to prevent the executions Not just malicious files from existing If that makes sense Totally does wonderful So the next question would be what do we Mean by zero trust asked by somebody in The audience Deepa It's a very popular term these days you Can have several meetings from you know Authentication to the network Connectivity so it's basically more About uh what we are looking at if you Are looking at from the network Perspective then you know it's more like Having more general policies controlling More traffic what can access what and Putting uh controls to make sure that we Are not just assuming but all the Policies are intact too Provide a more isolated environment A when it comes to the identity uh That's basically Talks about where I mean it has a lot of meaning Square In other words I would say let's say you Are using an identity solution and that Is identity solution maybe creating some
Cache in your browser so when you are Authenticated and you're navigating to a Different application where the Application would require the same sort Of potentials so when I say zero trust I Should not be able to browse through That session by just clicking on it There should be some sort of you know Authentication mechanism in place so we Are not just believing because your you Have already trusted this application And you can really navigate to the other One it should be some sort of Re-verification it needs to be done Could be done through you know your Identity providers can be done with uh There are a lot of Technologies Available in the market that can help You achieve this Underserved thank you Deepak next Question I believe is for you Greg uh so The question says we've heard that Crowdstrike has secured the US Government and uh the person wants to Know how would you like to hear more Details on that Yeah I'm not sure how much I can really Go into depth on that from a legal Perspective but Um yeah we we have secured an impact Level four authorization but we also Have an entire uh Cloud environment Dedicated to Fed ramp partners that is Fedramp authorized so I mean through use
Of all of our modules uh we're able to Provide that security to the government Partners some of that is extremely Wonderful and thank you so much for Answering and uh the last question for Today uh uh it's it's in two parts so The first part being do we have an Option where we can customize Crowdstrike When we want to give permission to some Users to install an application Uh Greg will this be also directed Towards you or debug would you like to Take this forward But I'm not pretty much clear about this Question uh what exactly is What's in 10 uh behind this question so If I did it correctly we want to Understand if we can customize the Crowdstrike when you want to give Permission to some users to install an Application so basically crowdstrike Doesn't know what user I mean it's the Policies are not user based it's mostly Applies to an endpoint so when the Policy is applied to an endpoint there Is no way I can say that this user would Be permitted to install application and This user would not be if it's a Malicious activity even if it's a Trusted user route cycle definitely Intervene and block that activity as per The definitions and the Machine learning Algorithms that it has
Now the second question on my machine do We get an alert when there is a threat Or is On Demand by the security team and can Be found when the scanning is done Manually When there's a threat or Is On Demand by The security team so I would say yes of Course notification can be enabled so a Thread is detected by crowd psych you Would definitely get a notification on In your notification area I cannot understand the other part can Be found when scanning Is that so uh Cloud side is basically it Detects all the files that's get you Know dropped from the network if you're Downloading anything or you're copying Files from the internet but yes now we Do have a manual scan option where you Can execute our schedule scan that can Actually look into the files that you Have stored but mostly if you're not Running a manual scan Cloud strike is at Real time anti-malware solution that Will be you know monitoring all the Processes applications that you're Executing and would be able to detect it So when talking about your IL files that Are not yet executed but still staying There in your system when you install The cloud strike it may not detect it But yes when these files are executed Cloud cycle detected but in future if
You're downloading anything from the Internet that's you know dropping the Files from internet to your system or You're copying any file from your shared Drive network drive risk drives outside Will definitely scan them Oh right Deepak really nailed that one on the Head uh not like as a whole doesn't Really believe in the need for on-demand Scanning that really was designed as to Satisfy a lot of Need for cyber Insurance but as he said the Falcon Sensor is running in real time so it is Always operating on your machine and Always preventing that malware from Executing so that's really the take home Okay I hope that answers uh the Questions for the audience and it looks Like we have covered all of our Questions Um I don't see any more coming in uh Greg is there anything else you wanted To cover before we wrap up since there Are no more questions available for us Sir Just hope to hear from you guys uh and I Hope things go well with these Absolutely and likewise Greg so uh again To to our audience thank you everyone For giving us your precious Time by Attending today's webinar and being a Wonderful audience Uh we hope to see all of you again for a
Future Ace webinars and the 8th experts Including myself we're available 24 7 by The way so feel free to reach out to us For any security consultations any Remediations recommendations or even for Just a chat to discuss any possible Scenario and we will be happy to provide You with all the necessary information Do check out our website and list it on Your screens right now uh we have as I Mentioned we have bundle packages Available uh you'll be eligible for a Certain percentage discount so please Reach out to our website call us on the Number and we'll guide you further Thank you everyone we will be closing This now thank you Greg and thank you Deepak as well Okay thank you thank you everyone
