Two of America’s top cybersecurity companies have reached an agreement to work more closely together, extending a trend of cooperation between businesses and government agencies battling sophisticated spy operations, ransomware and the potential for disruptive attacks or destructive in a context of growing global conflict.
Mandiant, which is best known for leading investigations into breaches such as the ransomware attack that shut down Colonial Pipeline last year, will begin rolling out CrowdStrike protection tools as it advises clients on their defenses. and responds to incidents, the two general managers told the Washington. To post.
Both companies are renowned for identifying and analyzing the most dangerous hacking groups, especially those linked to government agencies in Russia, China, Iran and North Korea, sometimes down to the real names and photos of military officers. behind the keyboard.
But while Mandiant emphasizes high-end consulting work, especially after its spinoff from security software provider FireEye, CrowdStrike derives more than 90% of its revenue from selling tools to detect and respond to incidents, assess vulnerabilities and control access to customer networks.
CrowdStrike has investigated major hacks such as Russia’s breach of the Democratic National Committee ahead of the 2016 election and is the world’s largest supplier of so-called endpoint detection devices, with a share of market by 14%, according to a market study. IDC company. Its turnover has increased by 75% over the last year.
“There might be some overlap, but ultimately we want to have our technology in as many places as possible,” CrowdStrike chief executive George Kurtz said in an interview ahead of Thursday’s announcement.
“Our consultants are thrilled with this,” Mandiant chief executive Kevin Mandia told The Post. “When you react to a violation, you are like a doctor. It doesn’t matter who else is helping the patient.”
Google agreed last month to buy Mandiant for $5.4 billion, and it was one of CrowdStrike’s early key investors, but the two parties said they had talked about increased collaboration ahead of time. last deal.
The cybersecurity industry has been one of the most successful in the past decade in terms of stock and revenue growth, although breaches have worsened.
One of the many challenges has been the fragmentation of stakeholders. Companies like Mandiant, which are valued for what they’ve learned about hacking adversaries, may be reluctant to share this information.
Dozens of information-sharing alliances have sprung up over the past decade. But many companies withhold some of the most valuable information, and many in the industry complain that the US government has rarely provided much that was not already known to the private sector.
This landscape has improved remarkably in recent years. The Cybersecurity and Infrastructure Agency now lists actively exploited software in real time, and government officials have been in direct contact with executives of hacked companies from the start.
Officials are working with commercial companies on the response, and multiple security companies are working together on the most important cases, such as the attacks that corrupted software from network management company SolarWinds to access the systems of 18,000 companies. and government agencies over a year ago. Although SolarWinds customers included the National Security Agency, Mandiant was the first to realize that its network had been hacked and to sound the alarm.
“Virtually every breach, we see the FBI, we see the CISA, there’s intelligence being shared, there’s daily major case meetings,” Mandia said, adding that he immediately shared information with CrowdStrike, Microsoft and others.
“The new, the novel and the impact cannot be kept in a club,” he said. “We have a fucking war going on right now. ”
Both leaders said they believed Russia had weathered a major cyberattack that could hit the United States, perhaps seeking a period of maximum social or political impact.
“The biggest question everyone is asking is what will make Russia press the button, and what will be the result – does it remove everything in multiple countries or is it a precision strike ?” Mandia said.
Kurtz said he was most concerned about supply chain attacks, like the one that took advantage of SolarWinds, and something against the financial sector, where Russia is now less involved.
But he said he believed some options available to the Russian government could only be used once before the technique was exposed and could be countered, and so it waited.
The bigger one, he said, “is going to be reserved for more levels of escalation.”