Mercedes-AMG Petronas Motorsports steers systems security with CrowdStrike

Profile picture for user Mark Samuels By Mark Samuels October 8, 2019
Great results on the track require an equally strong technology performance off it, says F1 team’s IT chief.

FI racing

Specialist tools from technology firm CrowdStrike are helping to ensure race-changing data at the Formula 1 team Mercedes-AMG Petronas Motorsports stays safe and secure. The F1 racing team, which is home to current world champion Lewis Hamilton, uses CrowdStrike’s Falcon platform. This cloud-based platform allows IT professionals to detect and prevent never-before-seen attacks while they are still in progress. The platform forms a key element of the Mercedes stable of technology systems and services.

While in-house capability plays a key role in helping the team stay at the front of the grid, the firm uses an ecosystem of expertise that draws on both internal specialists and external partners. Matt Harris, Head of IT for Mercedes-AMG Petronas Motorsport, says technology underpins everything that the team is looking to achieve both on and off the track – but that technology must be secure:

We’re in a very high-performance, high-paced, high-turnaround environment. The innovation within the company is almost continual – if we stand still, we’ll only go backwards. So everybody wants to be able to do something quicker, faster, better, or more accurately. Technology today underlies all business processes – I can't think of a department that can work without it. But both physically and technology wise, we have to make sure that access is really secure.

Harris says his key contribution in this regard is bringing in some of Mercedes’ technology partners and integrating them seamlessly into the processes and operational activities of the team: 

We've added two or three different layers of security within the factory and within the trackside team from a technology point of view across our servers and our client estate, which is invisible to the end user. We have security people, but they've got lots of things to focus on, whether that’s policy, procedure, or data management. CrowdStrike has basically given us proactive reports on what to think about from a physical and a technology perspective.

He adds that using the CrowdStrike platform means his IT team of about 30 people can then focus on other operational areas:

With the Falcon Complete service, they really are the security team. We have people that have visibility into the portal at different levels, whether they're white-listing some special internal application that we've written, or whether they're just looking at where we've had some form of report come in, or alert or pop-up command to tell us that there's some vulnerability that we need to be careful or worrying about. That’s not necessarily something that’s happening internally, but maybe there's something that's just happened somewhere else across the world. CrowdStrike sees that and we get some understanding of where we might be susceptible and where we might need to patch a system for a new vulnerability.


Beta testing on CrowdStrike began late last year and the big deployment push started in February this year before the start of the F1 season. Harris says the team has as many as 1,500 devices covered by the CrowdStrike system already, including a mixture of end-user devices and server-based devices:

We're now able to both alert and learn from what's going on, but also start to teach our end users a little bit more about the types of things they can do and the things that they shouldn’t do. This awareness is over and above any training they’ve already had; we're now able to give them some proactive advice, particularly with the pre-event reports in CrowdStrike, for instance.

CrowdStrike has also been introduced successfully to some of what Harris refers to as the more “delicate areas” of the business. By delicate, he means places where even a microsecond’s worth of delay causes issues, such as race-day systems, and also legacy platforms, such as older operating systems and applications:

The race team is a very secure area of the business. It's very difficult to get into it and to have physical access, but it's also out in the big wide world; it's not locked away in a nice, air-conditioned office. So we want to make sure that we're protected out there. At the same time, we also want to make sure that we’re protected as much as possible in the factory. Some of the older OSes are very difficult to protect with anybody's tool. What we do is we make sure that anything that those systems touch is protected. So, actually, we get early warnings of any issues. 

Development work continues apace and Harris says the team is investigating how it can use the playbooks from CrowdStrike across its Service Now instances. This integration would allow the CrowdStrike platform to create calls within the team’s IT support system, so that the staff can go out and remediate issues:

It's not finished yet, but that type of thing is vital for us to try and speed up our response and hopefully make it proactive. If we can get out there before the user even realises that something is wrong, then – all of a sudden – we look better as a department, and then justifying some of the nice new bells and whistles to the other senior people in the business is a lot easier.

When it comes to best-practice techniques for security that he can pass onto other CIOs, Harris says IT leaders should focus on making the systems they use invisible to the end user. He also says that being able to react to something new very quickly is critical to long-term success:

CrowdStrike has helped us in our testing and development area, where a lot of people are writing bespoke code. And they're creating versions, not daily, but in hours rather than weeks. So security best-practice is about allowing people to do their jobs to the best of their ability. And, if that’s happening, then I'm doing my job well, too.