CrowdStrike Extends Scope of Managed Cybersecurity Services – Source: securityboulevard.com

At its Fal.Con 2023 conference, CrowdStrike made a host of announcements, including the addition of a slew of capabilities to its managed cybersecurity service and generative artificial intelligence (AI) tools to investigate incidents and the acquisition of Bionic, a provider of an application security posture management platform (ASPM).

Specifically, the company’s CrowdStrike Falcon extended detection and response (XDR) platform now provides access to a Charlotte AI Investigator tool. Charlotte leverages a large language model (LLM) to provide summaries of incidents that make it simpler for cybersecurity professionals of varying levels of expertise to comprehend the scope of any given threat or breach.

In addition, the company has added a unified alerts capability to streamline incident investigations along with an Incident Workbench and a Collaborative Incident Command Center to enable cybersecurity teams to collectively focus their efforts on specific incidents in real-time. CrowdStrike has also added an improved search capability that can now be applied to petabytes of data.

At the same time, CrowdStrike is adding a no-code application development capability to Falcon Foundry, the security orchestration and automated response (SOAR) framework it uses to protect endpoints.

CrowdStrike is also adding content-aware data protection capabilities to the platform in addition to tools that make it simpler to discover IT assets that need to be secured.

Raj Rajamani, chief product officer for CrowdStrike, said these latter capabilities set the stage for further convergence of cybersecurity and IT operations using the lightweight agent the company relies on to secure and manage endpoints.

It’s not clear how much security and IT operations are converging, but as it continues to become challenging to fill open cybersecurity positions, it’s apparent IT operations teams are being tasked with managing more cybersecurity processes.

At the same time, organizations are also expecting that advances in AI will make it simpler for existing cybersecurity and IT operations teams to collaborate to secure expanding attack surfaces. CrowdStrike is addressing that issue using a Bionic ASPM platform that ingests data from third-party tools to assess security risks. The overall goal is to enable organizations to better prioritize their application security remediation efforts.

CrowdStrike has been making a case for its cybersecurity platform augmented by managed cybersecurity services. Historically, many organizations have preferred to rely mainly on their own internal IT resources, but as cybersecurity has become more complex, there is a greater willingness to rely more heavily on external expertise.

In addition, most organizations are not going to be able to build and train the LLMs required to apply AI to cybersecurity. In time, more organizations will find they need to employ services to combat these threats, especially as cybercriminals also leverage AI and cyberattacks become more sophisticated. In effect, organizations of all sizes are now involved in a cybersecurity arms race.

It’s not necessarily apparent who will win that race in the short term. In the short term, organizations are already overwhelmed by cyberattacks. Over the long term, AI should go a long way to leveling the playing field in favor of defenders.