In a rapidly evolving digital landscape, cybersecurity has become an ever-escalating battle between threat actors and defenders. To stay ahead of the curve, organizations must adapt and innovate continuously.

By embracing artificial intelligence, educating users and sharing success stories, CrowdStrike Holdings Inc. continues to empower organizations to defend against the ever-growing and fast-paced threat landscape.

“We have so much of the CrowdStrike racing … the F1 stuff here, there’s an F1 car over there,” said Adam Meyers (pictured), senior vice president of counter adversary operations at CrowdStrike. “They’re looking at tenths or hundreds of a second. And that’s where we’re getting with the adversaries’ speed. They’re getting faster and faster, and we’re going to be down to not competing breakout time changes in minutes, but seconds.”

Meyers spoke with theCUBE industry analysts Lisa Martin and Dave Vellante at the Fal.Con event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed CrowdStrike’s approach to counter-adversary operations and the changing dynamics of the cybersecurity landscape. (* Disclosure below.)

Counter adversary operations: A shift in strategy

The conversation begins with an introduction to CrowdStrike’s Counter Adversary Operations, marking a significant shift in the company’s strategy. The catalyst for this change was the realization that adversaries were becoming faster and more adept at infiltrating networks.

“We had our threat-hunting report come out a couple of weeks ago, and the average breakout time was 79 minutes and the fastest was seven minutes,” Meyers explained. “We’ve kind of acknowledged that these adversaries are getting faster and faster every single year and every month really.”

To combat this threat, CrowdStrike combined its threat-hunting team, OverWatch, with its Intelligence Team, facilitating faster information exchange and creating a virtuous cycle of threat-hunting and intelligence gathering.

The new frontier: Identity security

One of the notable shifts in the cybersecurity landscape is the move from traditional endpoint security to identity security. Adversaries have shifted their focus from deploying malicious tools to stealing user identities. This shift allows them to blend in seamlessly with legitimate users and avoid detection by traditional security tools, according to Meyers.

“Once they get that identity, they can log in very much like a legitimate user,” he explained. “Rather than bringing tools that might be alerting with them, now they’re moving laterally, they’re living off the land with existing tools on the enterprise or they’re bringing what we call a remote monitoring and management tool.”

Additionally, adversaries now leverage various methods, such as social engineering, phishing or purchasing stolen credentials, to compromise user identities. With access secured, they move laterally within organizations, often using legitimate tools to fly under the radar. This evolving threat landscape has made identity security a critical area of concern for organizations.

“If you think about how that landscape has changed, a year ago it was a lot of Word documents with embedded macros and Cobalt Strike,” Meyers said. “It was a pretty regular and regimented toolchain of that attack. Over the last year, it’s completely shifted, and now it’s social engineering stealing the access to the credential, bypassing the multi-factor if it’s there.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the Fal.Con event:

(* Disclosure: CrowdStrike Holdings Inc. sponsored this segment of theCUBE. Neither CrowdStrike nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE