What in the world does stopping breaches have to do with Formula One™ racing? Quite a bit, actually. As a long time follower of Formula 1™ racing, I am excited by CrowdStrike’s partnership with Mercedes-AMG Petronas Motorsport.
However, many are unfamiliar with the sport, especially in the U.S. where other forms of racing/motorsport are more popular. Yet, from where I sit as a technologist, there are many interesting parallels between Formula 1 racing and information security and it’s worth choosing a few to explore in more detail. In this blog, I take a look at three T’s: Technology, Telemetry, and Teamwork.
Table of Contents
Technology
In the same way that companies like CrowdStrike push the state-of-the-art forward and seek solutions to hard problems through continuous innovation, Formula 1 is the pinnacle of technological innovation in motorsports. The top teams invest heavily in research and development, even compared to other motorsports, pushing the boundaries of aerodynamic, mechanical, electrical and software engineering.
To even compete at this level requires highly experienced and talented contributors, constant development and testing of new ideas, as well as unwavering dedication and sharpness of focus. Technology forms the core foundation on which all other efforts rest in both motorsport and information security. Significant investment and a high level of achievement are required in these areas in order to even have a chance at success.
Graph Database is Key
Similarly, at CrowdStrike we have invested heavily in technology: from a bespoke graph database, we call CrowdStrike Threat Graph™, to machine-learning-driven next-generation antivirus, to first-in-class smart sensor technology.
Telemetry
Formula 1 cars are loaded with sensors that send continuous streams of operational and diagnostic information back to the team in the pit lane. This data provides general information about the state of various systems on the car, but it also alerts conditions, such as when brake temperatures are getting too high.
Telemetry is used to confirm alerts, identify the root cause, collect additional relevant data, and inform decisions about what action should be taken to remediate the situation.
Similar Workflow Steps
If all this sounds familiar to those with a role in security operations, there is good reason. These are the same workflow steps undertaken by security analysts when triaging alerts in their environments. Collection of accurate and relevant telemetry is central to these workflows.
A Formula 1 car generates around 400GB of data in a single race weekend that gets sent over networks that are specifically set up for analysis and diagnostics. But Formula 1 cars also employ Engine Control Units (ECUs) that operate on volumes of local-only data that is orders of magnitude greater to maintain control of the car’s systems in real time. Imagine trying to achieve this by centralizing all of that data and then using a central computer located in the pits that acts as the ECU instead. Obviously, this would not be a workable solution.
Using Smart Sensors
In order to protect our customers without overwhelming their networks, CrowdStrike employs smart sensors which can operate on local data, in addition to providing always-on proactive telemetry acquisition.
This allows the sensor to make better prevention decisions on more granular data locally — which can easily reach into the hundreds of gigabytes of data per sensor, per day — than is otherwise achievable when operating only on the smaller volumes of data that can be efficiently centralized. At CrowdStrike, we call this efficient hybridization of local and remote telemetry analysis “smart filtering.”
Teamwork
Drivers and cars get the vast majority of focus on TV and in other media. However, close observers of the sport know that driving cars fast is just a small fraction of the effort required to win a Formula 1™/One™ Championship.
Behind the drivers is a much larger team that designs, builds and maintains the cars, and supports the drivers. The crews on pit lane and elsewhere monitor the race and competitors, deciding which engine mappings are needed to conserve fuel or maximize performance, which tires to use and when to pit and change them, and even how aggressively the driver should be driving the car.
Victory Requires Effort, Relationships and Vigilance
Each team runs two cars, with drivers working together to maximize the chances of a team win. The FIA Formula One™ World Constructors’ Championship is an honor shared by the whole team and is as important as the FIA Formula One™ World Drivers’ Championship. And so it goes in information security. Victory over would-be cyber foes is not attributed to individual heroes but is the result of corporate effort, relationships, and constant vigilance.
Adversaries come and go, but defenders endure.
Leave a Reply