Future of Security Awareness with CrowdStrike and SecurityAdvisor Blog

Developing a Cybersecurity Culture

Challenge:

Studies by IBM, Computer Weekly and Kroll show that anywhere between 75 to 95% of security breaches and incidents can be traced back to human actions. Yet, when it comes to fortifying humans, the primary tools that CISOs use today are periodic training for their employees and email-based phishing assessments. The 3 big challenges with this approach are:


  1. Employees are bombarded with different types of training and Security Awareness training is yet another chore for them to complete. Most employees do not pay attention even if the content is great.

  2. There is no measurable RoI for CISOs from periodic security awareness training other than fulfilling a compliance mandate.

  3. Each employee has a different risk profile depending on behavior, role, geography etc. One set of generic security awareness modules sent to all employees does not address the learning needs of the individual employee.

The underlying problem across these challenges is that Security Awareness tools are fundamentally disconnected from core cybersecurity platforms like endpoint security and does not take into account user behaviors or profile.

Solution:

The SecurityAdvisor app on the CrowdStrike store is a next-generation security awareness solution that addresses all the 3 challenges above. It leverages the data, insights and incidents logged by CrowdStrike to:


  1. Detect teachable moments for end users in real-time.

  2. Provide personalized security awareness lessons to end users, based on their risk profile.

  3. Provide automated and targeted awareness lessons the identified top 5% of users who account for more than 90% of the incidents.

  4. Provide a measurable RoI in terms of reduced malware or reduced incidents for the identified risky users.

Experience:

The SecurityAdvisor app can be installed from the CrowdStrike Store. Below, we outline the entire workflow of getting the SecurityAdvisor app working.

Install SecurityAdvisor App from CrowdStrike App store

Get initial assessment from SecurityAdvisor

Realtime awareness lessons for end users

Install the SecurityAdvisor app from the CrowdStrike app store by clicking on the Try it Now button. In under 5 minutes get the application up and running by sharing your token and permissions. Once installed, SecurityAdvisor will provide visuals around teachable moments and identify the high priority users who need to be coached based on incidents observed on the CrowdStrike Falcon platform.


For each of the high-risk users, SecurityAdvisor identifies specific teachable moments based on their behavior and incident profile.

Teachable moments for CrowdStrike users

Teachable moments for CrowdStrike users

These personalized teachable moments are issued as emails, posters, or messages to engage with and educate end users - providing bite-sized micro lessons which are contextualized and personalized. A sample message to an end user is shown above.

Measuring outcomes and RoI

Finally, the biggest problem with Security Awareness initiatives is that it is very hard to measure the RoI of such initiatives. The SecurityAdvisor app on the CrowdStrike Store can leverage real-world metrics collected by the CrowdStrike Falcon platform. A sample outcomes report is shown below. By educating end users in a timely fashion, we can reduce the number of users from getting exposed to with malware and inadvertently resulting in data exposure...


Our goal is to trigger a virtuous cycle of events where we identify risky users, coach them with specific lessons, track whether they respond to our lessons and as these users become safe - the overall incident count in the organization reduces. This is a measurable results story that CISOs can take to their executive management.

Measurable reduction in risky users

Measurable reduction in risky users

About The CrowdStrike Store

The CrowdStrike Store provides a strategic choice of vendors and security technologies to our customers, managed through a single cloud platform. All CrowdStrike Store applications leverage our powerful lightweight agent that provides rich endpoint telemetry to the Falcon cloud-native platform. The CrowdStrike Store is focused on delivering a frictionless consumption of curated third-party applications for our customers, leveraging the power of our extensible platform architecture and rich threat intelligence data.

Conclusion:

Overall, the SecurityAdvisor app on the CrowdStrike Store represents the next-generation of security awareness that helps automate and personalize security awareness processes in enterprises.

Additional Resources:



Learn how SecurityAdvisor can help your team

Schedule some time to talk with one of our experts and they will show you how we can help your organization.

Get a demo Today