The technology behind the CrowdStrike cybersecurity solution relies on lightweight agents or sensors to monitor threats and collect vital security data. As organizations have learned, some agents can be more lightweight than others.
“A lot of times when you look at them, they’re not light; they take a lot of effort to install and they need reboots,” said Michael Sentonas (pictured), chief technology officer at CrowdStrike Holdings Inc. “We have a smart agent with built-in smart filtering, so we’re very careful in terms of the data we collect. I’ve spoken to organizations who said they planned to deploy our product in 18 months because of what they’ve been through in the past, and we did it in seven weeks. He’s a light agent.
Sentonas spoke with theCUBE industry analyst Dave Vellante during theCUBE @ Fal.Con 2022, an exclusive show on theCUBE, SiliconANGLE Media’s live streaming studio. They discussed the expansion of CrowdStrike’s partner network and how the company built a unique telemetry processing engine for enterprise security. (*Disclosure below.)
Third-party data growth
CrowdStrike’s use of lightweight agents to extract telemetry data from a wide range of sources formed the basis of several key announcements at Fal.Con this week. This included the news that its Falcon Insight product with Extended Detection and Response or XDR would add third-party telemetry from CrowdStrike’s growing network of partners.
“My talk was to show everyone the work we’ve done to import data from Zscaler and Proofpoint,” Sentonas said. “We announced that we would pull telemetry from Palo Alto Networks, Microsoft and others. XDR is about first-party and third-party integration and making all the telemetry work together.
As Sentonas explained, CrowdStrike built its own engine to handle the large amount of telemetry data and generate the response speed needed to deal with it.
“We had to build the technology from scratch,” Sentonas said. “Today, we process over 7 trillion events every week. The reason I believe we are alone in electronic data interchange is because of the time element; we have so much context that makes it easier for the threat hunter. Speed and ease of use are essential in cyberspace. »
Here’s the full video interview, which is part of SiliconANGLE and theCUBE’s coverage of theCUBE @ Fal.Con 2022:
(*Disclosure: CrowdStrike Holdings Inc. sponsored this segment of theCUBE. Neither CrowdStrike nor other sponsors have editorial control over the content of theCUBE or SiliconANGLE.)