>> We're back in Las Vegas at the ARIA for Fal.Con 22, CrowdStrike's big user conference. I'm Dave Vellante and you're watching the cube. Sven Krasser is here as the senior vice president and chief scientist at CrowdStrike and we're going to get a masterclass in AI for security, Sven. Thanks for coming on. Appreciate it. >> Thanks for having me. >> So I love the title. I just, I'm excited to have you on, I understand you were like employee number two or, you know, really early on >> Among the initial nine. Yeah. >> 11 years ago and I think two days you started. >> Yes. >> What was that like? You know, was that, you know, did you know George beforehand or you kind of? >> Yeah, I, I knew I knew George before, like not as well as I know him now. >> Yeah. >> And it, it sounded like a pretty good proposition about what he was having in mind. Like things security wise didn't really work that well back in the day. And we wanted to try something new, like cloud native, data driven, AI, and use that to stop, to stop breaches. So yeah, like it was very exciting. Like you go there, you have nothing there. First day, you open your laptop and you try to reinvent security. >> Yeah. So, I mean, I know he never, he talks about this. I never said we're going to be an AV company. But of course, you know, you start with antivirus and when at an endpoint and known malware, okay. But unknown malware at the time wasn't really being addressed. And if I understand it you guys brought in machine intelligence from the start. Explain that. >> That's that's right. And like, the way we, we looked at it is like, back then we said, you don't have a malware problem. You have an adversary problem. Just like recognizing that it's not malware but there's people behind it that act on objectives that you need to, that you need to counter and you don't want to run after them. You want to be ahead of them. Like that was, that was the approach, like at a very high level that we were taking and you know, now we have it a little bit more summed up and we say, we stop breaches. So like, that's, that's the end result. >> So how do you specifically leverage AI? Which parts of the portfolio, is it across the portfolio and you know, where did it start? How did it evolve? >> Yeah, we are very, we're very data driven. So we are working hard to use the, the proper tools to work with data wherever we can. And AI being one of these, these tools that we like to bring to bear. The, the cloud, the CrowdStrike security cloud at the moment we're doing about roughly 2 trillion events, with a T, per day. Like that, that volume of data, like going through our platform, that that's not something that you can, that you can work with manually, right? So we need, we need to bring the heavy machinery, like that's, that's how we're bringing AI to bear. >> 2 trillion events per day. I mean, there aren't a lot of organizations that see that many events a day. I mean, maybe, maybe some of the hyperscalers possibly. I don't know. That's a... >> Yeah. I think, I think it really allows us to get unprecedented insights into what's actually going on out there in the, in, in the landscape. And, you know, it's, it's like, it's like with a camera or a telescope, the bigger your aperture the fainter signals you can detect. And that's why like, that's why the volume is, is critical. And that's why we, that's why we from the get go, set out to build a cloud native platform so that we can actually aggregate this type of data and analyze it in one spot, basically where where everything comes together that we can draw these connections. >> Will we ever see security without humans? >> I don't, I don't think so. This, this, this notion that machine intelligence is so intelligent that it just takes these jobs over. To me it's more like a tool, right? Like these, these algorithms, they do need to learn from something they need to learn from human expertise. The way at CrowdStrike we have things set up is like our, our human teams our threat hunters, our MDR staff, our incident responders, like whatever they do, we, we are taking these insights and we're feeding them into the AI algorithms. So if there's, if there's a new type of attack and we have an incident response team on the ground and they find something, that gets leveraged put into a database and our AI can learn from that. I, I, I really like that in the keynote, Kevin Mandia actually talked to that, you know. Like get the incident responders out there, get their knowledge, bake it into products. And that that's, that's the approach that we're taking with, with with our AI. >> So in my head, I'm thinking okay, what do humans do better than machines? I mean, humans are creative, right? Machines really aren't creative, right? I mean, and adversaries are very creative. So, so I guess flip side question, what is, what does AI do? What does the machine intelligence do that that humans can't do? Is it scale? Is it just massive volumes? Help us understand what humans do well and machines do well and how they compliment each other. >> Yeah. So AI is, is very good at working with extremely large amounts of data. Again, like cloud native platform, like that's where you get this AI advantage. It can work with data that is a lot more complex like more facets of data. So we talked about XDR here at Fal.Con a lot, right? Like you get data from all these different products, from all these different angles. Like the more different facets you add to that like it becomes overwhelming for the human mind. It's just like so much complexity that a human can put together in their brain. With AI you don't have these limitations. It's just math. It's just like multiplying big matrices and you can work with a lot larger data sets, like those 2 trillion events that we do per day on the on the CrowdStrike security cloud. But also data that is a lot more complex, that has more facets, looks at the problem from different angles. That's where AI is especially useful. >> I want to ask you as a topic I haven't asked anybody this week and I've been meaning to, is, you know there's this concept of, of living off the land, right? Using your own tools against you. How are you able to detect that? Is that cuz of lateral movement or, I mean I'm sure there are many, many factors, but but how are you addressing that problem? That kind of stealthy using your tools against you? >> Yeah, so adversaries, this is, again there's motivated humans behind that. They figured if they drop a malware file on the machine that's an artifact, an indicator of compromise, right? And that can be detected. So they're avoiding dropping files on disc that could be detected or to bring their to bring their own tools. They try to work with the tools that they find on the machines. They need to act on objective though. There's something they want to accomplish. Like they're not, they're not logging in just to, you know, like do nothing. And this is where indicators of attack come in, right? Like we know what their objectives are and we're trying to capture this. We're describing this in an abstract way. What is it that they try to accomplish? That's what indicators of attack describe and when they act on these objectives then we can catch them. >> So I, I think that the the term indicators of attack, I, I, you may have coined it. I'm, I'm not sure. I think it was you announcement at, at black hat. Those indicators are not static, right? To your point, the humans on the other end are motivated. Are you a can, can AI help predict future indicators of attack maybe working with, with humans? >> Yeah, this is, this is something that we recently rolled out where we are connecting our AI intelligence to our indicator of attack framework. Where basically the AI crunches the big data and then the indicators, the, the knowledge that the AI generates, understanding the context of the situation, can feed into the indicators of attack that we're evaluating to see if an adversary is acting on a specific objective. And then if an IOA triggers, that can feed back into the AI and the AI can use that information to derive for more precise results. We have a good feedback loop between these two, these two systems and they're more tightly integrated now. >> As a, as an AI expert, I want to ask you, is is the intelligence, is AI actually artificial? Or is it, is it real? >> Well, it, it is artificial cause I guess we, we build it right? Like it's a human made. I, I think a lot of people get hung up on the term intelligent and it, it's not really intelligent in the say, in the sense that it acts on agency with, with agency like you would look at a problem, right? It's good at solving specific types of tasks and problems that we can define in ways that these algorithms work on it. But it is not the same level of creative thinking that a human brings to the problem. And this is, going back to the beginning of the conversation, this is where we like to have humans involved in the teaching of the AI. The AI connect autonomously in real time stopping threats. But there's humans that take a look at what is going on to give the AI input and feedback and, and improvements because we are up against other humans, right? You don't want to have a human kind of press the buttons of the AI until they found a way around it. But that's called adversarial machine learning. Very real threat as well. Like we are, we're looking at the problem as humans against humans. Like what, what tools do we need to bring to the battle to keep the adversaries out of our customer's networks? >> Okay. So my follow up is, but there are systems of agency for our detection is a, as an example. But your, I think your point is that that never would've been possible without humans. Is that right? Or... >> Yeah, like on, on the one hand, these systems get trained with human knowledge. On the other hand, there, there are humans that take a look at, if the systems give the right responses. Like there, there isn't like if you talk to your smart speaker, like, like for me, like I'm, I'm asking my smart speaker to turn a specific light on in my living room and it, it, half the time doesn't work, right? Like that, that wouldn't happen with a human. There's like a lot more context and understanding and humans are more robust. Like it's, it's harder to fool a human. The limitation that we humans have is complexity, complexity and volume. So we're trying to make like a peanut butter and cookie approach, a peanut butter and chocolate approach rather, where we want to use the human creativity alongside the AI, which can handle scale complexity and volume at unprecedented, unprecedented scales. >> And when you bring it out to the edge, we, we were just talking to Stefan Goldberg about IOT and extended IOT. When you think about, you know, AI, a lot of lot of AI today is modeling that's done in the cloud and then applied. But when you go out to the edge, you you're starting to see more AI inferencing and near realtime, or even real time. Will that change the equation? What's the future of, of, of AI and cyber look like? >> I think, I, I think it would be pervasively applied. So we are using it already on the edge, on our sensors, but also in the cloud, right? On the sensor, we want to be able to act very quickly on the endpoint, want to be able to act very quickly without any delay with local inflammation. Or if the system is offline for a period of time, right? So we have AI models running there. In the cloud, we have the advantage of being able to work with vast amounts of data without slowing down our customer's machines. So like models will be applied everywhere where there's data, like that's kind of the name of the game. Like let's bring, let's bring this, this type of artificial intelligence, this type of, of like refined digested expertise, wherever the data sits on the end point, in the clouds, where you have it. >> And CrowdStrike doesn't care, right? I mean, it's... >> We care about stopping the breaches. >> Yeah. But you're agnostic to the physical location of >> That, that's correct. >> The activity. So last question is, how should we as humans prepare for the future of AI in, in cyber? >> That's a, that's a good question. I, I would say like, stay, stay creative and like figure out how we can get that knowledge that you have like formalized into, into databases, right? AI, the way I look at it is an amplifier of human expertise. You do something at a small scale as a human, the AI system can do it at a big scale, right? Like it's kind of like digging with a spoon whether it's digging with an excavator, with a, with a backhoe. So I I'd say stay, stay creative and see how we can take things that we do as humans in the small scale and let's do it in the cloud, like with with large data volumes. >> Great advice, creativity, I think is, is a key. Sven, thanks so much for coming on the cube. Really appreciate your time. >> Thanks for having me. >> You're very welcome. Okay. Keep it right there. Listen, by, by the way, I meant to to tell our audience a lot of resources at siliconangle.com, thecube.net, wikibon.com, has a ton of research all available at for no charge. No, no, no password needed. Just access that. Check it out. We're live from the ARIA hotel in Las Vegas, Fal.Con 22, Dave Vellante for the cube. We'll be back after this short break. (calming xylophone music)