Data is increasingly becoming the Teflon shield to repel cyberattacks in the enterprise world.

The flow of data through networks tells a story about where vulnerabilities may exist or whether bad actors could be lurking. Threat intelligence based on attack data offers a picture of what a compromise could look like within an organization and the steps necessary to recover from it.

CrowdStrike Holdings Inc.’s Fal.Con event in Las Vegas provided an opportunity for security practitioners to learn how, through advances in artificial intelligence and an ecosystem of partners, enterprises can defend against increasing threats and shrinking breakout times to network intrusion. That starts and ends with data.

“It’s all about the data,” said Dave Vellante, industry analyst for theCUBE, SiliconANGLE’s livestreaming studio, during a Fal.Con analysis segment at the conference. “CrowdStrike wants your data, because then they can do more with it. They can protect you, remediate, prioritize and act.” (* Disclosure below.)

Vellante was joined in an analyst segment by fellow analyst Lisa Martin. Here’s theCUBE’s Day 2 analyst discussion at Fal.Con:

Here are three key insights you might have missed during the event:

1. As generative AI reshapes the security industry, new tools emerge.

A central focus at Fal.Con was Charlotte AI, CrowdStrike’s intelligent security analyst for the Falcon platform. One keynote presentation included a demo of Charlotte AI’s text-to-voice translation capabilities and its ability to enhance productivity of security operations center, or SOC, analysts.

“It’s taking the collective knowledge of CrowdStrike and empowering that SOC analyst not only with our knowledge, but to actually do work,” said George Kurtz (pictured), the company’s co-founder and chief executive officer, during an exclusive interview on theCUBE. “We’ve got a data science team that is very robust; we spent a lot of time in this area. We looked at this and said, ‘Hey, this can be really useful.’”

Here’s theCUBE’s complete video interview with George Kurtz:

Generative AI and tools such as Charlotte AI provide an opportunity for security organizations to respond more rapidly to threats. In an industry where the lack of experienced researchers has been an issue, the ability to educate novice users has significant appeal.

“Charlotte’s not going to make the decision for you, but it’s going to put the data at your fingertips and help you make better educated decisions a lot faster,” said Mike Sentonas, president of CrowdStrike, in an appearance on theCUBE. “One of the things that we think a lot about with Charlotte is how we can make a novice user more experienced … make them solve more complex problems a lot faster. To win in security, you need to be faster than the adversary.”

Here’s theCUBE’s complete video interview with Mike Sentonas:

CrowdStrike has also launched additional tools designed to help users leverage Charlotte AI. One of these is Raptor, a Falcon module that incorporates the Charlotte AI incident investigation tool.

“[Raptor] opens it up so that customers can now bring in whatever data they want into the platform,” said Elia Zaitsev, chief technology officer of CrowdStrike, during an interview on theCUBE. “It also unlocks a lot for our customers. They can now take advantage of Charlotte, our generative AI assistant. And it’s going to bring XDR capabilities for all of our customers as well.”

Here’s theCUBE’s complete video interview with Elia Zaitsev:

2. CrowdStrike is building out its partner ecosystem.

The Fal.Con event provided additional insight into how CrowdStrike’s approach has attracted the participation of a number of major industry players. One example can be found in a three-way alliance between CrowdStrike, Dell Technologies Inc. and Intel Corp. The collaboration is designed to leverage the strengths of each partner in shrinking the attack surface for customers.

“The way we approach security at the silicon level is first you have to deliver a very strong foundation through a lot of the work we do with security development practices and product assurance,” said Rick Echevarria, vice president of security and sales at Intel, in a discussion with theCUBE. “As you move up the stack, you start identifying some of those newer threats that we can solve with silicon. If you look at endpoint, with this collaboration with Dell and CrowdStrike, a large number of attacks today are fileless attacks.”

Here’s theCUBE’s complete video interview with Rick Echevarria, who was joined by JR Balaji, director of product, security, manageability and serviceability, Client Solutions Group, at Dell:

Another company represented at Fal.Con was Salesforce Inc., which received recognition at the event. A Falcon platform user, Salesforce has focused on protecting software-as-a-service providers and its own internal operations.

“What Salesforce likes to do is make sure that we are providing our customers all the knowledge and making it as easy as possible to make sure that they’re configuring their side of this, their Salesforce product,” said Kelly McCracken, senior VP of detection and response at Salesforce, in an interview on theCUBE. “The other thing is making sure that you are partnering with everyone in the industry, because this is important. Years ago, we didn’t always partner as well as we do today.”

Here’s theCUBE’s complete video interview with Kelly McCracken:

One of CrowdStrike’s key partners is Amazon Web Services Inc. The company’s products are heavily embedded in the AWS framework, according to Daniel Bernard, chief business officer of CrowdStrike.

“CrowdStrike was conceived and built in AWS,” Bernard explained in his appearance on theCUBE. “From day one, we’ve been partners. The go-to-market that we have with AWS through Marketplace is fantastic, and it’s unlike any other ISV. AWS sellers talk about CrowdStrike. They bring us into their cloud deals.”

Here’s theCUBE’s complete video interview with Daniel Bernard:

3. Security researchers are confronting a variety of threats as adversaries get faster.

The Fal.Con gathering offered an opportunity to assess key trends and evolving threats in the cybersecurity landscape. One of these trends involves speed. CrowdStrike’s recent “Threat Hunting Report” revealed that adversaries are improving breakout time, the period between initial compromise to when an adversary breaches other hosts in a victim’s environment.

“We had our threat-hunting report come out a couple of weeks ago, and the average breakout time was 79 minutes and the fastest was seven minutes,” said Adam Meyers, senior VP of counter adversary operations at CrowdStrike, in conversation with theCUBE. “We’ve kind of acknowledged that these adversaries are getting faster and faster every single year and every month really.”

Here’s theCUBE’s complete video interview with Adam Meyers:

Participants at the conference took note of recent headlines involving the breach of computer networks at MGM and Caesar hotels in Las Vegas. Reports indicated that the hacks were achieved primarily through the use of social engineering to trick employees into revealing information that would facilitate system access.

“I find it shocking that enterprises that have the kind of money going through them … that they wouldn’t have more mature processes to train or to create awareness in their personnel,” said Mark Bowling, chief information security and risk officer of ExtraHop Networks Inc., during an interview with theCUBE. “If you’re somebody who can answer the phone and give out information that can cause the entire enterprise to be compromised, they should at least be trained up and they should have the level of awareness and the level of operational maturity that they can see this type of activity coming and take the appropriate action.”

Here’s theCUBE’s complete video interview with Mark Bowling:

In addition to faster breakout times and successful social engineering attacks, security practitioners must also cope with the ever-present threat from well-funded nation states. The war between Russia and Ukraine is providing a glimpse into how this is playing out, and attack methods could offer a preview of future tactics, according to Shawn Henry, chief security officer of CrowdStrike, in an appearance on theCUBE.

“We’re now seeing digital attacks in advance of a kinetic attack,” Henry said. “For example, in Ukraine … we saw targeting of the power grid, where we saw disinformation to try and cause confusion and to create some type of dysfunction on the ground in advance of tanks rolling across the border.”

So, what’s the ultimate goal for CrowdStrike? Giving companies “the level of comfort and confidence that we’re by them when they’re in a dark time,” Henry stated.

Here’s theCUBE’s complete video interview with Shawn Henry:

To watch more of theCUBE’s coverage of the Fal.Con event, here’s our complete event video playlist:

(* Disclosure: TheCUBE is a paid media partner for the Fal.Con event. Neither CrowdStrike, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE