June 8: Today on the Conference channel, it’s an Interview in Action live from HIMSS 2023 with Drex Deford, Executive Healthcare Strategist and Todd Felker, Executive Healthcare Strategist at CrowdStrike. What is CrowdStrike's approach to resiliency and how does their One Ten Sixty model contribute to it? How does CrowdStrike utilize the concept of a "crowd" to enhance its threat detection and response capabilities? How does CrowdStrike assist organizations during mergers and acquisitions to ensure their security posture remains strong and doesn't suffer?
Join us on June 8 at 1PM ET for our webinar: 'The Future of Care Spaces' This webinar will focus on the latest healthcare technologies and solutions transforming care spaces in America. Care spaces can include hospitals, clinics, and at-home treatments where advanced technologies can enable better workflows, treatments, and patient outcomes. Register Here: https://thisweekhealth.com/future-of-care-spaces/
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong
Welcome to this week, health my name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of this week Health. A set of channels dedicated to keeping health IT staff current and engaged. Today we have an interview in action from the 2023 Spring conferences, vibe in Nashville and hymns in Chicago.
Special thanks to our cDW, Rubrik, Sectra and Trellix for choosing to invest in our mission to develop the next generation of health leaders.
You can check them out on our website this week, health.com, now onto this interview.
📍 All right, here we are from HIMS 2023 out of Chicago. I'm here in one of the coolest booths on the floor. You guys have, oh my, really cool stuff going on. I have direction for it. Everybody knows with CrowdStrike, Todd Felker, also with CrowdStrike you keep this guy straight
on the straight and
Yeah, I, I keep him in line and he's a former CIO. I'm a former CISO. So we play off each other quite well.
We all talk about what we used to do. I know. We're former, actually. But we're doing some really interesting things now. The Drex, I have you on the show a lot and we don't talk about CrowdStrike enough because you guys are doing a lot of really cool things and you like hesitate to talk about it, but I'm going to force you to talk about it.
Okay. That's why we brought Todd in here to keep you honest and give us that perspective. Alright. What's, what's CrowdStrike doing these days?
Man, I'll tell you, I mean, for us, a big. Part of resiliency and the ability to, a lot of organizations when we sit down and talk to them, talk about resiliency from the perspective of we've been a breach, how do we recover from that breach?
And we talk about resiliency from the perspective of you can have lots of tiny cybersecurity incidents as long as you catch them and kill them inside of 60 minutes. Odds are really great that guy doesn't move from the first machine to the second machine. And if they can't move laterally, they can actually cause major outages in clinical or business and research systems.
So, for us, Resiliency is about this model that we built at CrowdStrike called One Ten Sixty. How can COMPLETE as a capability manage detection and remediation capability that we do with health systems across the country. Where we focus on being able to detect a problem in a minute, in ten minutes we do an investigation, and actually it turns out to be about 35 minutes right now.
Remediate the problem for the health system. So we don't just send them homework, we excellent fix the problem for them. And that keeps lateral movement from happening, which means the tree falls in the woods and no one is around and hear. It doesn't make the sound according to business and clinical and research operators.
It's like nothing ever happens and you can do that over and over again. That's what CrowdStrike really is all about. So is that a fully managed solution? It's a fully managed solution. So people know CrowdStrike mostly for. Endpoint detection and response capabilities. We have a ton of other capabilities, including this services capability called Falcon Complete.
Falcon Complete extends to other capabilities we have on the platform, Todd, if you want to talk about those.
Yeah, I mean, one of my favorites is Identity. That was like one of the next ways we extended our MDR, or our Complete platform, is into the Identity service. Because most organizations are really struggling with their AD, especially, you know, in healthcare.
Thanks, Todd. They've got traveling nurses, they've got students, they've got all these IDs that we need, vision, deep revision, hopefully deep revision, but they're not so, and service accounts are a big challenge as well. So, having identity, having like, us, I just only burden you on when an account is going off the rails, or doing something really, like, unnormal, or something that's very unhygienic, then we can actually manage it for you, actually react to it.
So, we and
some accounts that are being used in this way.
There's a range. Two things bear, which are important. One is, I can't find the stats.
I just, I just can't find the
expertise and the toolsets to bear. And so, I like the managed solutions. I like the identity aspect of it as well. Because that's an area that requires constant vigilance.
It's like, oh, we opened up that service again. Do you ever close that service again?
Right, right. And, and when we find service accounts, I mean, when we do, what are the things we do right now with health systems? There's something called an active directory risk assessment, and you can call us, we'll come and do it for no charge, right Todd?
And we'll, we'll come in and do an active directory risk assessment. We'll give you a ton of information about what's happening with Active Directory right now. One of the things we see over and over again is we have those service accounts that passwords haven't been changed on for like five years or 10 years, and sometimes.
legitimately, health systems are afraid to change the passwords for those service accounts because they were created by people, two administrators ago. And they don't know exactly what they do, so they're afraid that if they change the password, it'll break something. It'll break something. You know, all...
That's, that's, I mean, that's really interesting. But from a resiliency standpoint, you're not, like, backing that kind of stuff up. You're not backing up back end hardware, you're upgrading it.
Correct. Correct. Correct. I mean, for us, we're protecting it in real time. So ultimately it doesn't become the core epicenter of a breach.
So we're, we're, we're doing our best to stop the breach before it starts or to stop it when it's so tiny. Really doesn't even make
one, one. 10 60 is five. As I think about this,
there's a couple things. The crowd
aspect of CrowdStrike. So, if I'm a part of that, I benefit from all
these other organizations.
How do I benefit?
Yeah, the crowd part is actually really huge. When you think about CrowdStrike as a company, there are 25, 000 customers around the world. All of those endpoint protection sensors that we deploy across healthcare organizations, we deploy across all those customers. So literally, there's hundreds of millions of sensors.
That are sending trillions of feeds into Threat Graph, which is sort of the basis of our machine learning artificial intelligence. So we're looking at that all the time. This is part of the walk, the detection that happens with it. We're looking for tons and tons and tons of patterns of behavior and activity, things that we see that happen to people in a particular order.
When we see that, we investigate it, right? And when we investigate and we find a problem, we'll fix it. The machine learning algorithm learns from that. So everybody in the CrowdStrike family gets communicated. As soon as we find a deal and fix it somewhere else in the world, everybody in the family gets community from that happen.
📍 We'll get back to our show in just a minute. I am excited about our webinars this year. They have been going very well. What I've done is I've gone out and talked to people in the community and said, what works in webinars?
And they came back and said, look, this is what we want. We want a webinar that is not product centric. It's really focused in on the problems of health care. And we want people on there that are actually solving those problems. And so we have done that. And the response has been fantastic this year. We have another webinar coming up.
It is the future of care spaces. Where care is being delivered is changing rapidly. Even the care spaces within the hospital themselves are changing. Technology is being added in different types of technology. A. I obviously computer vision and whatnot is changing that modality as well as what's going on in the home and whatnot.
So we're gonna have that webinar June 8th at one p. m. Easter time. We usually have it on the first Thursday. Happens to be a little too close to my anniversary. So we're going to do June 8th at 1 p. m. Eastern time future of care spaces. We would love to have you be a part of it. If you are interested in being there, go ahead and hit our website.
Top right hand corner. We have a card. You can click on that card and go ahead and fill out the form and get registered today. We would love to have you join us we look forward to seeing you there. Now back to our show.
What's the conversation that you're having right now with CISOs that.
So a lot of it is just staff turnover if nothing else. Like I had a guy I, when I was CrowdStrike's first healthcare customer, I had a guy that got in and learned the console and he got really passionate about it. Anyway, he went and took threat hunting certified, you know, and I thought, this is great.
I'm building this team. And
so what happens when your security team get straight
So they leave, you know, and they go. They find greener pastures somewhere else. And so we take that burden off of the CISOs. And we, we just basically take arms with them. It's going to watch their environment 24 by 7 by 365. So really it's a step up by not having to staff that around the clock.
And then let CrowdStrike's threat hunters just protect you.
Guarantee you a walk in test. The other really interesting thing that we see when it comes to staffing is, I was meeting with a big healthcare customer this morning. They're talking about the merger process that they're going through right now. And that sucked all the air out of the room for the IT department and the security team to get ready to do this merger.
Or to think through the early stages of this merger. This stuff happens to us, you know, as a recovering CIO, this stuff happens to us all the time. We'd love to think that our team is there doing good standard work all the time around security and around IT operations or whatever the case may be. But they do their daytime job and then they get vacuumed out into projects all the time, which causes sometimes their daytime job to suffer.
Cybersecurity, just not a daytime job that can suffer or take a few days off from here. It's just not that kind of an environment.
The M& A aspect is interesting because the last thing I did at the CIO was plan one of the larger integrations in the industry at that time. But, we were looking at that, and we were the smaller entities.
The larger entities, my team just looked at me and said, I don't want to connect with you.
Like, we're looking at, we're having conversations where I mean, we don't like their security posture. Like, how does
CrowdStrike commit to an M& A situation to ensure that you don't take your posture down a notch when you're connecting with
you want to talk about some of the services work we do?
Yeah, so, I mean, we... You can do that as a service, a an M& A kind of assessment service for you, but also we have this whole new product that's called Falcon Service that basically looks from the outside in. You could give this M& A, you know, organization one of those giant like security questionnaires that everyone's struggling with right now for cyber insurance, right?
And, and then have them fill it all out and then you'd have to have somebody assess it. Or you could just take our, our Falcon Service product, point it at their perimeter.
And they don't fill out that form for you? I'm sorry. It gives you, it gives you a lot of insight into how you look from adversaries from the outside.
From the outside. From a military perspective, retired Air Force guy, but in my head, the way, the analogy I use, the way I think about it is that if you deploy, you set up a perimeter to defend yourself and defend your base, sometime after midnight, you're going to send a couple of folks outside of that fence.
to look back at that fence and see where there's problems, where you think you're protected, but you're really not. Service really does that from a cybersecurity perspective. It lets you know, these are the things facing the internet. There's ports that are open that you didn't know about. There's other situations that you didn't know about, all of which lets people remediate or understand better about what's happening with a partner that they may be integrated with, to put them in a better cybersecurity position.
So you're in the cyber security area. The pavilion. Yeah, they'd section you guys off. There's a perimeter
over there. Only the good guys
get in. A lot of, a lot of interesting a lot of interesting partners around here. A lot of interesting solutions. For sure. Appreciate you guys. Thanks Scott.
Rex. Thanks for having us. Thank
Another great interview. I wanna thank everybody who spent time with us at the conference. I love hearing from people on the front lines and it's phenomenal that they've taken the time to share their wisdom and experience with the community. It is greatly appreciated.
We wanna thank our partners, CDW, Rubrik, Sectra and Trellix, who invest in 📍 our mission to develop the next generation of health leaders. Thanks for listening. That's all for now. 📍