As major companies have come to rely on the cloud to power business, the threats have increased accordingly.

This has led security vendors such as CrowdStrike Holdings Inc. to adopt new approaches, including advanced artificial intelligence tools, to protect client workloads and data.

“It starts with how dangerous it is in the cloud environment; what we’ve seen over the last year [is a] 95% increase year over year in cloud service exploitation,” said George Kurtz (pictured), founder, president and chief executive officer of CrowdStrike. “What we have to start to realize and accept is that the adversaries have figured out that the cloud is a great opportunity to exploit services, gain data and ransom other organizations. A lot of the technologies that we have come to rely on in traditional environments either need to be redone or reconstituted in the cloud environment.”

Kurtz spoke with theCUBE industry analyst Dave Vellante at the Supercloud 3: Security, AI and the Supercloud event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how cloud security has evolved over the past decade and CrowdStrike’s latest AI offering for workload and data protection

Navigating cloud complexity

Founded 12 years ago, CrowdStrike has seen the evolution of cloud from a platform surrounded by questions and uncertainty to a fully accepted part of the business.

“We first started in Amazon, and it was pretty scary for a lot of customers to think about our infrastructure in Amazon,” Kurtz said. “Now people don’t think twice about that. Many of the largest companies in the world are part of that or part of some other cloud.”

Being part of the cloud also means being able to secure an increasingly more complex infrastructure. CrowdStrike’s own business has changed over the years to accommodate enterprise demands for workload protection in cloud environments.

“Clouds have evolved over time from the simple hosting files and hosting simple workloads to hosting much more complicated workloads,” Kurtz said. “We’ve evolved with that in protecting those workloads. It may exist for a tenth of a second, but it’s still a workload, or it may exist as a virtual machine for a couple of years and not be touched. Doesn’t matter; we still have to protect it.”

To protect workloads in complex cloud environments, CrowdStrike has focused on creating a common cloud experience for its users. Kurtz’s firm has designed its platform to provide consistent visibility in a cross-cloud format.

“One of the things that we’ve focused on, and I think successfully, is to allow our customers to be able to secure and manage those cloud workloads and their configurations and posture from one console,” Kurtz said. “It doesn’t matter which cloud it is, we’re able to do that. Just the fact that we’re able to focus and harmonize all of the controls across every cloud, even though there’s a different way to implement those, is a huge time saver and money saver for our customers.”

AI evolution

In addition to harmonizing controls across clouds, CrowdStrike has also embraced AI as a tool for identifying threats. Although AI usage has exploded over the past year, CrowdStrike employed the technology right from the start, according to Kurtz.

“It really started at the inception of the company,” Kurtz said. “Part of our overall goal was always to be able to prevent these sorts of malicious activities without using things like signature. We would look at a file, look at 5 million different data points within 100 milliseconds and basically compute the probability whether that was a good file or bad file. That’s evolved in machine learning and AI specifically around behaviors.”

Behavior analysis has been a key element in determining anomalous activity that could flag unwanted network intruders. As machine learning and AI became more advanced, CrowdStrike leveraged these tools to build alert systems based on events.

“One of the things that CrowdStrike pioneered was attack indicators,” Kurtz said. “We’re able to chain all these events together. By themselves a particular event may be OK, but when they are chained together, they become an indicator of an attack. We can do machine learning on that.”

In May, CrowdStrike debuted its new generative AI chatbot, called Charlotte AI, to help businesses understand and remediate breaches faster.

“It’s just going to change the way organizations work, how fast they can actually get their job done,” Kurtz said. “We’re trying to take the collective knowledge of the CrowdStrike best security analysts for over 10-11 years of doing this and put it into one virtual analyst we call Charlotte to make that available to our customers.”

Tools such as Charlotte AI can equip businesses with advanced analysis at time when threat actors are seeking to leverage the same capability.

“When you look at adversarial AI and generative AI … one of the areas that I think is critical is the ability to actually compress the timeframe for exploitation,” Kurtz said. “You can take something which is very time consuming and specialize and leverage a generative AI model to say, ‘OK, every time there’s a new Microsoft patch that comes out, reverse engineer it, create an exploit and then start to build that into the exploit toolkit that can be monetized as part of the gray market.’ Those are the kinds of things that we’re going to see.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the Supercloud 3: Security, AI and the Supercloud event:

Photo: SiliconANGLE