CrowdStrike Delivers Adversary-Focused, Platform Approach to CNAPP and Cloud Security

  • CrowdStrike Falcon® delivers comprehensive cloud security, combining agent-based and agentless protection in a single, unified platform experience
  • Integrated threat intelligence delivers a powerful, adversary-focused approach to stopping cloud breaches

Cloud-based services have revolutionized business processes and emerged as the backbone of the modern enterprise. According to analyst firm Gartner®, “more than 85% of organizations will embrace a cloud-first principle by 2025 and will not be able to fully execute on their digital strategies without the use of cloud-native architectures and technologies.”

cnapp demo
As organizations have embraced the cloud revolution, so too have today’s adversaries. As noted in the CrowdStrike 2023 Global Threat Report, organizations face malicious threats to cloud environments as cloud-based services are “increasingly abused by malicious actors in the course of computer network operations (CNO), a trend that is likely to continue in the foreseeable future as more businesses seek hybrid work environments.”

Defending the cloud requires securing a rapidly growing attack surface. IT and security teams must enforce continuous monitoring and security from the development process to runtime. Legacy and siloed security tools don’t provide the granular visibility into cloud-based events that organizations need. To protect hybrid environments, IT and security leaders need cloud-native technologies and a cloud-focused mindset. They need integrated threat intelligence to understand and stay ahead of modern adversaries. They need adaptable capabilities that enable them to adjust and meet the needs of their own IT environment.  

That’s why I’m excited to announce that CrowdStrike today unveiled new Cloud Native Application Protection Platform (CNAPP) capabilities, providing customers with comprehensive visibility, detection and remediation to secure cloud workloads with coverage from development to runtime.  The new capabilities empower customers to stop adversaries from exploiting modern enterprise cloud environments. 

These latest additions highlight the critical importance of adversary-focused protection and the powerful combination of agent-based and agentless solutions to combat cloud security threats. They also emphasize the importance of visibility for security teams: as part of today’s updates, cloud security posture management (CSPM) and workload protection (CWP) insights from Falcon Cloud Security will be shown in a single user experience.

Bringing an Adversary-Focused Approach to Cloud Security

Understanding how adversaries are targeting cloud environments is critical to stopping breaches. Powered by our industry leading threat intelligence, CrowdStrike is bringing this adversary-focused approach to CNAPP by combining continuous monitoring of misconfigurations with the deep understanding of the tactics, techniques and procedures (TTPs) attackers employ to exploit vulnerabilities and infiltrate cloud environments. 

The need for an adversary-focused approach to security has intensified as attackers exploit gaps in a constantly expanding attack surface. Traditional boundaries around work have dissolved as organizations adopt multi-cloud environments and hybrid work models. Developers spin clouds up or down in minutes without noting potential misconfigurations; similarly, public cloud instances are made available for quick work without multifactor authentication (MFA) or other measures. Organizations struggle to protect many cloud resources that could be at risk. 

All it takes is one second for an adversary to exploit a security gap and begin a fast-moving lateral breach. Defenders must think like attackers in order to safeguard their cloud environments. 

CrowdStrike’s adversary-focused CNAPP capabilities fight modern attack techniques organizations are worried about, such as hands-on-keyboard activity, living-off-the-land binaries and runtime threats. A proactive security strategy for today’s cloud includes automation, deep visibility, runtime detection and prevention, and basic cloud hygiene — all of which are addressed in the CNAPP capabilities now added to Falcon Cloud Security.

Falcon Cloud Security now includes custom indicators of misconfigurations (IOMs) for Google Cloud Platform (GCP) — extending Falcon Cloud Security’s existing custom IOM functionality for AWS and Azure — to ensure cloud deployments are secure with custom policies that align with enterprise goals. A new identity access analyzer for Azure prevents identity-based threats and ensures Azure AD groups, users and apps enforce permissions based on least privilege; this extends Falcon Cloud Security’s existing Identity Access Analyzer functionality for AWS.  

An adversary-focused approach includes giving security and incident response teams additional context about the situation they’re facing. Another addition to Falcon Cloud Security is automated remediation workflow for AWS, which provides context and guidance to address issues and reduce the time needed to resolve incidents. 

As the evolution of security threats demands a comprehensive approach to cloud security, CNAPP is designed to provide a deep and accurate view of the cloud threat landscape to give security teams the information they need. 

Agentless and Agent-Based Security: Why You Need Both

The CrowdStrike Falcon® platform was purpose-built with a cloud-native architecture so that we could scale and extend our industry-leading protection across our customers’ greatest areas of risk. We built the platform to cover all workloads from the outset and because of this, can offer deep visibility at runtime for cloud workloads. CrowdStrike stands alone in an increasingly crowded market by delivering agent-based and agentless solutions delivered natively from the Falcon platform. This approach gives organizations flexibility to determine how they can best secure their cloud applications across the continuous integration/continuous delivery (CI/CD) pipeline and cloud infrastructure across AWS, Azure and GCP. 

The added benefit of an agent-based CWP solution is it enables pre-runtime and runtime protection, compared to the agentless-only solutions that only offer partial visibility and lack remediation capabilities. An approach that combines agentless scanning with agent-driven protection can ensure security and DevOps teams are able to deploy the type of protection needed regardless of their environment. 

New capabilities for Falcon Cloud Security are designed to protect the ever-changing modern cloud as workloads evolve into various types such as containers, serverless, containers-as-a-service and more. Falcon Cloud Security now has container detection to automatically defend against malware and advanced threats targeting containers with machine learning, artificial intelligence, indicators of attack, deep kernel visibility, custom indicators of compromise and behavioral blocking. 

Another new addition is rogue container detection, which maintains an up-to-date inventory as containers are deployed and commissioned. Falcon CWP can scan rogue images, and identify and stop containers launched as privileged or writable — which can be used as entry points for an attack. Drift container protection, a third new capability in Falcon Cloud Security, can discover new binaries created or modified at runtime to protect the immutability of the container. These newly added capabilities ensure the security of containers by stopping software that doesn’t belong. 

A new cloud activity dashboard brings together CSPM and CWP insights from Falcon Cloud Security into a single user experience that will prioritize critical issues, address runtime threats and enable cloud hunting to enable faster investigation and response time. 

As organizations accelerate their move to the cloud, many will find their traditional security tools aren’t enough to keep pace with the changing nature of cloud environments — or the attackers targeting them. The new capabilities CrowdStrike is announcing this week provide the visibility, automation and cloud hygiene necessary to defend against today’s adversaries.

Additional Resources 

Related Content