CrowdStrike Defines the Future of Cloud Security with One-Click XDR to Automatically Identify and Secure Unmanaged Cloud Assets

CrowdStrike is defining the future of cloud security by empowering customers to rapidly understand their cloud risk and to detect, prevent and remediate cloud-focused threats. Today we are announcing a series of new cloud security innovations designed to deliver complete visibility into potential attack paths, from endpoint to cloud, and instantly secure vulnerable cloud workloads across build and runtime.

As part of this, CrowdStrike announced a new “One-Click XDR” capability that automatically identifies and secures unprotected cloud workloads by instantly deploying the CrowdStrike Falcon® agent. These agent-based and agentless innovations enable customers to consolidate multiple cloud security point products into a single, unified platform for complete protection across the cloud security lifecycle.

The cloud has quickly emerged as the new adversary battleground. As organizations expand their adoption of cloud infrastructure and services, adversaries follow, refining their tactics and techniques to exploit these environments. The growth of “cloud-conscious” adversaries — groups that abuse cloud-specific features to achieve their goals — represents significant risk to any organization operating in the cloud. 

Request a free CrowdStrike Cloud Security Risk Review to understand how to protect your cloud environment and get customized insights to operationalize best practices for cloud security.

CrowdStrike research shows cloud exploitation cases grew by 95% in the past year, and cases involving threat actors specifically targeting cloud environments nearly tripled. Adversaries are also growing more brazen, infiltrating endpoints and pivoting to cloud infrastructure. The increasingly sophisticated tactics, techniques and procedures (TTPs) of cloud-conscious adversaries are documented in the CrowdStrike 2023 Cloud Risk Report, released today in conjunction with CrowdStrike’s on-demand Cloud Threat Summit.  

Staying ahead of the adversary requires knowledge of their TTPs, but stopping breaches in the cloud also requires a unified platform approach to cloud security that delivers complete visibility and protection across cloud workloads. 

To help organizations stop breaches from endpoint to cloud, we’ve extended our industry-leading platform with CrowdStrike Falcon® Cloud Security and unveiled powerful new cloud-native application protection platform (CNAPP) capabilities to deliver complete visibility into potential cloud attack paths and instantly secure unprotected or vulnerable cloud workloads across build and runtime. 

Falcon Cloud Security provides complete coverage across all major cloud providers — AWS, GCP and Azure — and cloud infrastructure. We have created an offering that unifies cloud workload protection, cloud security posture management and cloud identity entitlement management into a holistic CNAPP with industry-leading threat hunting, services and adversary intelligence built in. Our customers can protect their environment from host to cloud using a single platform, operated from a single console.

New innovations that will soon be available in Falcon Cloud Security include:

One-Click XDR: One of the chief causes of cloud breaches is unprotected hosts — without visibility, they are open targets. This innovation enables organizations to easily view all unmanaged AWS EC2 instances for Windows and Linux, as well as unregistered accounts, to identify vulnerable workloads and automatically protect them with our industry-leading EDR/XDR capabilities for full breach prevention with one click. This will start with support with AWS.

Agentless Snapshot Scanning for OS Vulnerabilities: There are several reasons customers may be unable to install agents across their cloud infrastructure — whether it’s an unsupported operating system or PaaS services like Lambda/Functions or AppEngine — leading them to potentially miss vulnerabilities. To address this visibility gap, CrowdStrike is introducing Snapshots for AWS. This agentless capability takes snapshots of running AWS EC2 instances and scans them for potential risks. Security teams can integrate the view of these risks into the attack path visualization and deploy runtime protection with one-click XDR if needed.

Complete Cloud Attack Path Visualization: As organizations adopt more cloud services, it becomes difficult to visualize and prioritize risk. CrowdStrike’s new attack path visualization gives IT and security teams the ability to view potential attack paths an adversary might take to compromise a cloud workload, and in doing so, help them understand areas of risk. CrowdStrike attack path visualization uses pre-runtime and runtime data to provide a complete picture of how an adversary accessed a system and moved laterally, as well as which weaknesses might be exploited to further an attack, all in one easy-to-understand view.  

Compliance Dashboard Enhancements: The proliferation of cloud services and providers has made it increasingly challenging to adhere to industry and organizational benchmarks. Violations often go unnoticed, leading to potential risks and costly consequences. Falcon Cloud Security compares cloud application configurations to these benchmarks to identify violations, as well as the ability to remediate in real time, to ensure application availability across all major cloud providers. 

We have added to our CIS benchmarks across AWS, Azure and Google. Now, we have over 250 adversary-focused policies out-of-the-box, helping organizations save time and reduce operational costs. Our single dashboard provides compliance visualization across AWS, Azure, GCP and on-premises environments. This allows users to identify risks specific to their application or environment and consistently enforce compliance across all major cloud infrastructures.  

Infrastructure-as-Code (IaC) Security: It is critical that organizations ensure applications are secure before they are deployed. IaC security enables IT and security teams to perform IaC scans, which can identify more than 1,000 misconfigurations across cloud and container assets and 10 IaC platforms with a single command-line interface tool. This allows DevOps teams and developers to easily assess the security posture of their software early in the application lifecycle, and it lets security teams monitor the efficacy of preventive controls in the build phase of application development.

Kubernetes Admission Controller (KAC): CrowdStrike’s Kubernetes Admission Controller simplifies container management by providing predefined policies, removing the need for users to write raw Rego rules and preventing the deployment of misconfigured containers. Only our KAC is able to identify and eliminate vulnerable containers and prevent them from re-deploying.

Defending Against the Future of Cloud Threats

CrowdStrike expects cloud-focused threat activity to continue — an assessment made with high confidence based on the persistent increase in cloud targeting and organizations’ expansion into multi-cloud and hybrid cloud environments. While the multi-cloud approach offers greater scalability and flexibility, it also drives complexity and creates new challenges for security teams.

In response to these evolving threats, we will continue to provide industry-leading technologies, adversary tracking, threat intelligence collection and campaign analysis — all delivered in a single unified console to help organizations stay informed and protected against modern cloud threats without adding complexity to their security environment.

Additional Resources

Related Content