CrowdStrike CEO George Kurtz will deliver the keynote entitled “Next Generation SIEM: Integrating Data, Security, and Security.” … [+]
George Kurtz, CEO and co-founder of CrowdStrike, emphasized the critical challenge of the need for security operations to adapt and outperform their adversaries in his RSA keynote earlier this week.
Kurtz began by reiterating that his primary mission was to stop infringement. But the mission is becoming increasingly difficult due to the increasing speed of the enemy.
He emphasized the urgency with startling statistics. The fastest “breakout time” recorded by CrowdStrike last year was just 2 minutes and 7 seconds. This refers to the time it takes for an attacker to move laterally within the network after the initial compromise. This fact highlights the daunting challenges defenders face in the race against time to detect and mitigate threats.
Data paradox and legacy systems
Kurtz identified data as the core of modern security challenges. He says, “That's one of the reasons I started CrowdStrike and one of the reasons we created the architecture that we have.”
The sheer volume of data that security operations centers must sift through to detect threats is overwhelming, compounded by the inefficiencies of traditional security information and event management systems.
Revolutionary in 2005, these systems now suffer from the “data paradox”: the contradiction between the desire to collect extensive data and the associated prohibitive cost and complexity. . This situation often forces organizations to make decisions based on financial constraints rather than security imperatives, ultimately hampering their ability to respond effectively to threats.
He also notes that traditional SIEM solutions cannot match the speed of today's attackers, and most importantly, even a finely tuned SIEM cannot actually stop a breach. I emphasized.
Evolution towards next generation SIEM
Addressing these challenges requires a fundamental transformation in how security data is managed and used.
Kurtz introduced the concept of next-generation SIEM. According to Kurtz, next-generation SIEMs are more tightly integrated with the security platforms where SOC teams do most of their investigative work. This approach aims to solve data paradoxes, reduce costs, and increase efficiency by optimizing how data is ingested, processed, and stored.
Combining data and AI automation
A key aspect of next-generation SIEM is the use of AI to automate tasks traditionally performed manually by SOC analysts, such as data normalization and analysis. This automation not only reduces response time but also improves the accuracy of threat detection and incident response.
Next-generation SIEM automates data ingestion and normalization, allowing security teams to focus on higher-level strategies and threat mitigation instead of getting bogged down in data management.
Adopt an AI-native SOC
Kurtz enthusiastically outlined his vision for an AI-native SOC that leverages machine learning and AI to fundamentally transform security operations.
Built on next-generation SIEM concepts, this advanced system predicts and responds to threats in real-time, provides predictive insights into potential attack vectors, and automates response actions to improve event response. Designed to save you a lot of time.
“Automated responses such as isolating, taking systems offline, patching, and remediating systems will be promoted,” Kurtz declared. “So the whole idea is how do you compress and bend time in security? This is one of the important ways.”
Predictive security and adaptive posture
AI-native SOCs go beyond reactive security measures by incorporating predictive analytics to predict threats and suggest proactive security measures. Kurtz explained how an AI-native SOC reveals predictive attack paths and allows SOC analysts to ask questions such as: Show me how they break in. ”
This capability allows organizations to adapt their security posture based on dynamic threat assessment and real-time data analysis. This represents a shift from traditional static security approaches to a more dynamic and adaptive framework that evolves as new threats emerge.
A call to action for future-ready security
Kurz's keynote was a call to action for the industry to evolve and embrace AI-driven technology.
Integrating AI into security operations is more than just an enhancement; it's a necessity to address the scale and sophistication of modern cyber threats. Looking to the future, the success of our digital defenses will depend on how cutting-edge technology is seamlessly integrated into our security infrastructure, allowing our SOC teams to quickly and effectively stop even the most sophisticated attacks. It depends on you.
Kurtz's vision for an AI-native SOC is to advocate for an innovative approach that combines people, process, data, and cutting-edge technology to outwit and outpace cyber attackers and ensure a more secure digital world. Set standards.
Of course, this also strengthens CrowdStrike's primary mission of stopping breaches.
