CrowdStrike Allies With Google to Secure ChromeOS at the Edge
At the RSA Conference 2023 event, CrowdStrike and Google today announced they are collaborating on an effort to better secure instances of ChromeOS being used at the network edge. It will be delivered via CrowdStrike Falcon Insight detection and response services starting in June 2023.
Raj Rajamani, chief product officer for data, identity, cloud and endpoint (DICE) at CrowdStrike, said in addition to providing end users remote access to applications, many organizations are now using ChromeOS to drive edge computing applications. The primary driver of those decisions is that a more modern operating system like ChromeOS reduces the size of the attack surface because there is less bloat compared to legacy operating systems, he added.
More applications are being deployed at the network edge because there is a greater need to process and analyze data in near-real-time at the point where it is created and consumed. However, as more data becomes available at the network edge, the more tempting those targets become to cybercriminals.
In addition, those devices provide access to credentials that, once compromised, can provide cybercriminals with access to all the other assets that might be connected to an edge computing platform, noted Rajamani.
CrowdStrike has been making a case for a managed set of endpoint detection and response (EDR) and extended detection and response (XDR) services augmented by its machine learning-infused platform. In the case of Google Chrome, this approach eliminates the need for organizations to employ a separate mobile device management (MDM) platform, added Rajamani.
As a provider of managed cybersecurity services, CrowdStrike is in a better position to collect the massive amounts of telemetry data required to train those models, said Rajamani.
There is no doubt that organizations will be relying on AI to increase overall cybersecurity resiliency and remediate vulnerabilities faster. The overall goal is not to replace chronically short-staffed cybersecurity teams but to augment them with capabilities that automate many of the rote tasks that conspire to make working in cybersecurity tedious. AI technologies should enable cybersecurity teams to mitigate increasingly sophisticated attacks as cybercriminals themselves begin to experiment with AI. In effect, organizations are now locked in a cybersecurity arms race.
It’s not clear how heavily organizations will rely on managed services as cybersecurity continues to evolve. But as cyberattacks continue to increase in volume and sophistication, chronically short-staffed internal cybersecurity teams are being stretched thinner than ever. Couple that with a downturn in the economy and many organizations are re-evaluating the total cost of maintaining cybersecurity at scale just as many cybersecurity regulations are about to become more stringent.
Regardless of approach, the one thing that is certain is that the overall size of the defensible attack surface is only increasing so it may only be a matter of time before the proverbial cybersecurity bough finally breaks.
