CrowdStrike Ups Its Falcon Cloud Security Game
Not all cloud security programs are based on open source software. CrowdStrike, a global security company, offers its Falcon platform, which uses an AI running on its proprietary Threat Graph database and patented smart-filtering technology to deliver a cloud security service. In May, CrowdStrike will be introducing its new adversary-focused Cloud-Native Application Protection Platform CNAPP to accelerate threat hunting for cloud environments and workloads and reduce the time needed to respond.
What’s a CNAPP?
“CNAPP,” according to CrowdStrike’s Senior Product Marketing Manager Gui Alvarenga, “is an all-in-one cloud native software platform that simplifies monitoring, detecting, and acting on potential cloud security threats and vulnerabilities. As an increasing number of organizations adopt DevSecOps, they are looking for ways to ensure cloud native application security, protect business-critical workloads, and streamline operations. A CNAPP combines multiple tools and capabilities into a single software solution to minimize complexity and facilitate DevOps and DevSecOps team operations.” Further, it offers an end-to-end cloud and application security through the whole Continuous Integration/Continuous Deployment (CI/CD) application lifecycle.
This is done by bringing together CrowdStrike’s popular Falcon Horizon, a Cloud Security Posture Management (CSPM) module and Falcon Cloud Workload Protection (CWP) module via a common cloud activity dashboard. With this, both security and DevOps teams can prioritize their top cloud security issues, address runtime threats and hunt down cloud threats.
The updates also include new ways to use Falcon Fusion, CrowdStrike’s security orchestration, automation, and response (SOAR) framework to automate Amazon Web Services (AWS) remediations; new custom Indicators of Misconfigurations (IOMs) for Google Cloud Platform (GCP); new ways to prevent identity-based threats for Microsoft Azure and more.
This new approach provides both agent-based (Falcon CWP) and agentless (Falcon Horizon) solutions. You get to decide which approach is best to secure your cloud applications across your CI/CD pipeline and AWS, Azure, and/or GCP clouds CrowdStrike, however, recommends its agent-based CWP solution since it enables pre-runtime and runtime protection. By comparison, an agentless-only approach offers partial visibility and lacks remediation capabilities.
Still, Amol Kulkarni, CrowdStrike’s chief product and engineering officer, notes that what sets CrowdStrike apart from other vendors is that it offers both agent-based and agentless approaches. “Additionally,” Kulkarni continued, “we offer breach protection for cloud workloads, containers, and Kubernetes for both multi-cloud and hybrid cloud environments for organizations, who get access to real-time alerting and reporting on more than 150 cloud adversaries”
CrowdStrike’s adversary-focused CNAPP capabilities include:
New centralized console for Falcon Horizon and Falcon CWP
- Cloud activity dashboard. Unify CSPM insights from Falcon Horizon with workload protection from Falcon CWP into a single user experience to prioritize top issues, address runtime threats and enable cloud threat hunting, resulting in faster investigation and response.
New capabilities for Falcon Horizon
- Automated remediation workflow for AWS. Respond to threats with guided and automated remediations powered by Falcon Fusion. Workflows give context and prescriptive guidance needed to fix issues and reduce incident resolution time.
- Identity access analyzer for Azure. Prevent identity-based threats and ensure Azure AD groups, users and apps have permissions enforced based on least privilege. This capability extends Falcon Horizon’s existing identity access analyzer functionality for AWS.
- Custom Indicators of Misconfigurations (IOMs) for GCP. Ensure security is part of every cloud deployment with custom policies that align with business goals. This capability extends Falcon Horizon’s existing custom IOM functionality for AWS and Azure.
New capabilities for Falcon CWP
- Falcon container detection. Defend against malware and sophisticated threats targeting containers automatically with machine learning (ML), artificial intelligence (AI), indicators of attack (IOAs), deep kernel visibility and custom indicators of compromise (IOCs), and behavioral blocking.
- Rogue container detection. Maintain an up-to-date inventory as containers are deployed and decommissioned. Additionally, scan rogue images and identify and stop containers launched as privileged or writable – which can be used as entry points for attacks.
- Drift container prevention. Discover new binaries created or modified at runtime to protect the immutability of the container.
Data for Risk Assessment
That’s a lot of new features across the platform. That’s a good thing according to Dave Worthington, Australian energy utility, Jemena, general manager of digital security and risk, “One of the big benefits I’ve witnessed is that CrowdStrike is constantly innovating and enhancing its cloud security offerings, such as Falcon Horizon, which we use to monitor our cloud environment and detect misconfigurations, vulnerabilities and security threats.” In a CrowdStrike case study, Worthington added, “For the first time, I have the data I need to confidently talk to the executive committee and accurately communicate the levels of risk we’re seeing across our users, servers, and networks.”
This last is not a small thing as any IT person who’s faced a hostile C-level security overview knows. If you’ve been in that hot seat, that’s reason enough to give CrowdStrike’s latest multilevel security services a look.