CrowdStrike launches in stealth-mode with $26 million Series A round led b Warburg Pincus
As I mentioned in a previous post, I was delighted to announce that I had joined Warburg Pincus, a leading global private equity firm focused on growth investing, as an Executive in Residence. So far my time as an EIR at Warburg has been fantastic. The past few months have exposed me to many new companies and technologies that really got my creative juices flowing and pushed me to get back into the start-up game with Warburg Pincus as my partner.
Today, I am proud to announce the stealth-mode launch of my newest venture that I co-founded with Dmitri Alperovitch (CTO) and Gregg Marston (CFO) – CrowdStrike. CrowdStrike is a security technology company focused on helping enterprises and governments protect their most sensitive intellectual property and national security information. Utilizing Big-Data technologies, CrowdStrike is developing a new and innovative approach to solving today’s most demanding cyber-security challenges. CrowdStrike’s core mission is to fundamentally change how organizations implement and manage security in their environment.
The seemingly daily barrage of disclosures about companies that have had their crown jewels stolen in recent years reinforced a key principle for us – these companies don’t have a malware problem, they have an adversary problem. Many just don’t know it. Today’s attacks are sophisticated, targeted, and long ranging in scope. Unfortunately, almost every security solution focuses on the tens of thousands of pieces of malware, exploits, and vulnerabilities that are seen in the wild every day. Yet, those are just the interchangeable and, in many cases, disposable tools that the adversaries use to achieve their ultimate objective – theft of intellectual property, trade secrets, and other business proprietary information.
As many of you know the security industry is building “Maginot-line” style of defenses – attempting to prevent all adversaries from getting inside the perimeter of the network or host system. More importantly, a well-financed, trained, and highly determined attacker will always get in. More than likely, they are already in. There is no silver bullet that will stop a determined adversary, so while the security industry attempts to build bigger fences, the enemy is bringing higher ladders to the fight. Moreover, the industry continues to focus on the malware or exploits which is akin to focusing on the gun as opposed to the shooter committing the crime. The person or organization pulling the trigger (or deploying the malware) is the one that you ultimately need to focus on. The type of gun or ammunition they may be using is interesting, but in most cases not strategically relevant.
Based upon investigations we have led, such as Operation Aurora, Night Dragon, and Shady RAT, and knowing the limitations of existing technologies, we are horrified at the amount of IP being stolen and financial damage inflicted every day. It is evident that we are dealing with economic predators who are systematically destroying value in countries around the world. Even worse, we may very well see the enemy engage in destructive and disruptive attacks designed to take down critical infrastructure or modify key processes and data in a covert undetectable fashion.
Attribution is the key strategic piece missing from all existing security technologies – providing the answer to the “who?” vs. the “what?” Knowing who is after your IP is critical in determining what assets you want to protect and how. Protecting everything is impossible – you may as well be protecting nothing. However, knowing the enemy is the first step in the process of determining the priority of allocation of scarce resources to defend the key assets and tailoring your response to the Tactics, Techniques and Procedures (TTPs) of the adversary. Knowing their capabilities, objectives, and the way they go about executing on them is the missing piece of the puzzle in today’s defensive security technologies. The key to success is raising adversary’s costs to exceed the value of the data they may be trying to exfiltrate and the only way to accomplish that is by forcing them to change the way they conduct the human-led parts of their intrusions, such as reconnaissance, lateral movement, identification of valuable assets, and exfiltration. Other parts of the operation, such as vulnerability weaponization, malware delivery, and command and control can be mass-produced and changed at will with little cost. However, attackers are creatures of habit and while they are fast to change their weapons, they are slow to change their methods. By identifying the adversary and revealing their unique TTPs (i.e. modus operandi), we can hit them where it counts – at the human-dependent and not easily scalable parts of their operations.