CrowdStrike hits unicorn status, plans on taking cybersecurity top spot


CrowdStrike’s rise to unicorn status, a valuation above $1 billion, has been built on several high-profile security cases that helped attract investment from major tech players including Google. This unicorn milestone came as part of a Series C funding round in July 2015, which raised $100 million.

Investors were attracted by CrowdStrike’s Falcon software platform, designed to stop breaches by combining antivirus, endpoint detection and response, and proactive hunting to seek out potential sources of threats rather than waiting for attacks to occur.

Founded in 2011, and headquartered in Sunnyvale, California, the company has now raised a total $281 million, and has overcome a temporary setback to its reputation. This was when it was found to have concluded too quickly in a report published December 2016 that a group called Fancy Bear, affiliated with the Russian government, had caused big losses among Ukrainian artillery units during that country’s civil war, after hacking a Ukrainian artillery app.

CrowdStrike had already claimed that Fancy Bear and the related group Cozy Bear had developed “advanced methods consistent with nation-state level capabilities including deliberate targeting and ‘access management’ tradecraft”. It also stated that both engage in “extensive political and economic espionage for the benefit of the government of the Russian Federation”.

Nobody has disputed these general assertions, but it is now widely accepted that those huge claimed losses in Ukraine were significantly overstated. The International Institute for Strategic Studies, (IISS) which supplied the data on Ukrainian losses that CrowdStrike drew upon in its report, rejected the assessment of hacking causing losses to Ukrainian artillery units. The Ukrainian Ministry of Defense corroborated the IISS line despite having a vested interest perhaps in its being correct to cast blame on the Russians.

This egg on face has done little to dent CrowdStrike’s advance, partly because media reports of the embarrassment were far less prominent than the original claims in the US. Fortunately, also for CrowdStrike it already had a strong record of genuine achievement in high profile cases, notably after the Sony Picture hack in November 2014 when it implicated North Korea within 48 hours and demonstrated how the attack was carried out. CrowdStrike also played a key role in the outing of state-sponsored Chinese group Putter Panda linked to the country’s spying on US and European satellite and aerospace industries.

CrowdStrike also featured in the case of the Democratic National Committee cyber-attacks and their attribution to Russian intelligence services, where the outcome was less clear. In that case CrowdStrike, along with other cybersecurity firms Mandiant and ThreatConnect, cited evidence of the hack and concluded with high certainty that it was the work of APT 28 and APT 29 known to be Russian intelligence services.

These findings have never been verified by the FBI or other parties for various reasons, some political, and that case remains mired in the fog associated with other such enquiries into alleged Russian extra-territorial activities. CrowdStrike was perhaps guilty of being too eager to implicate the Russians and of reaching out beyond its field of expertise in the Ukrainian case.

AI featured little in these cases but they all helped raise CrowdStrike’s profile and raise money for further development of its Falcon platform. It is based on what the company calls an Adaptive Security Architecture (ASA) model designed to predict emerging threats as well as detect and respond to identified attacks and where possible prevent them from occurring.

The prediction in particular is where the machine learning comes in by plotting where attacks are likely to occur so that countermeasures can be deployed in advance. This proactive capability is embodied in CrowdStrike’s latest module, Falcon X. We suspect that while this no doubt can anticipate some threats yet to emerge it will never be able to predict all of them, any more than a government can eliminate boom and bust in economic cycles. The laws of entropy ensure that the future can never be modelled perfectly and in fairness to CrowdStrike it is not pretending it will be capable of meeting all conceivable threats. That is why, in cybersecurity, the ability to respond to attacks when they do occur will always be a major component of any successful package or service.