Falcon platform offers cloud security with agent-based and agentless protection, which provides organizations the flexibility they need to secure their cloud environments
CrowdStrike (Nasdaq: CRWD), a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, today introduced new adversary-focused Cloud Native Application Protection Platform (CNAPP) capabilities to accelerate threat hunting for cloud environments and workloads and reduce the mean time to respond. Delivered from the Falcon platform, the new capabilities bring together CrowdStrike’s popular Falcon Horizon (Cloud Security Posture Management or CSPM) and Falcon Cloud Workload Protection (CWP) modules via a common cloud activity dashboard to help security and DevOps teams prioritize top cloud security issues, address runtime threats and enable cloud threat hunting. The updates also include new ways to use Falcon Fusion (CrowdStrike’s SOAR framework) to automate remediations for Amazon Web Services (AWS), new custom Indicators of Misconfigurations (IOMs) for Google Cloud Platform (GCP), new ways to prevent identity-based threats for Microsoft Azure and more.
CrowdStrike’s adversary-focused approach to CNAPP provides both agent-based (Falcon CWP) and agentless (Falcon Horizon) solutions delivered from the Falcon platform. This gives organizations the flexibility necessary to determine how best to secure their cloud applications across the continuous integration/continuous delivery (CI/CD) pipeline and cloud infrastructure across AWS, Azure and GCP. The added benefit of an agent-based CWP solution is that it enables pre-runtime and runtime protection, compared to agentless-only solutions that only offer partial visibility and lack remediation capabilities.
“What sets CrowdStrike apart from other vendors in the market is that we offer agent-based and agentless solutions, which provides organizations with comprehensive visibility, detection and remediation capabilities to secure their cloud infrastructure,” said Amol Kulkarni, chief product and engineering officer at CrowdStrike. “Additionally, we offer breach protection for cloud workloads, containers and Kubernetes for both multi-cloud and hybrid cloud environments for organizations, who get access to real-time alerting and reporting on more than 150 cloud adversaries. Our adversary-focused approach to CNAPP, powered by our industry-leading threat intelligence, ensures that organizations are best equipped to stop cloud breaches.”
CrowdStrike’s adversary-focused CNAPP capabilities include:
New centralized console for Falcon Horizon and Falcon CWP
● Cloud activity dashboard. Unify CSPM insights from Falcon Horizon with workload protection from Falcon CWP into a single user experience to prioritize top issues, address runtime threats and enable cloud threat hunting, resulting in faster investigation and response.
New capabilities for Falcon Horizon
● Automated remediation workflow for AWS. Respond to threats with guided and automated remediations powered by Falcon Fusion. Workflows give context and prescriptive guidance needed to fix issues and reduce time to resolve incidents.
● Identity access analyzer for Azure. Prevent identity-based threats and ensure Azure AD groups, users and apps have permissions enforced based on least privilege. This capability extends Falcon Horizon’s existing identity access analyzer functionality for AWS.
● Custom Indicators of Misconfigurations (IOMs) for GCP. Ensure security is part of every cloud deployment with custom policies that align with business goals. This capability extends Falcon Horizon’s existing custom IOM functionality for AWS and Azure.
New capabilities for Falcon CWP
● Falcon container detection. Defend against malware and sophisticated threats targeting containers automatically with machine learning (ML), artificial intelligence (AI), indicators of attack (IOAs), deep kernel visibility and custom indicators of compromise (IOCs) and behavioral blocking.
● Rogue container detection. Maintain an up-to-date inventory as containers are deployed and decommissioned. Additionally, scan rogue images and identify and stop containers launched as privileged or writable – which can be used as entry points for attacks.
● Drift container prevention. Discover new binaries created or modified at runtime to protect the immutability of the container.