CrowdStrike and AWS Expand Integrations to Provide Customers Multi-layered Protection Against Ransomware Attacks and Sophisticated Threats

generic partner logo

Organizations continue to be targeted by sophisticated threats that lead to potential breaches. Customers need the proper people, process, intelligence and technology to be able to reduce risk and stop these threats. Recently, we announced an expansion to the technical collaborations we have with AWS to give customers enhanced protection against threats across cloud, workloads, identities and endpoints. The expanded partnership includes:

  • AWS CloudEndure Disaster Recovery
  • AWS IAM Analyzer
  • Distributor in AWS Systems Manager

Defending Against Ransomware

In today’s world, backups and disaster recovery are a must to defend against adversaries, as we have seen with recent security incidents that force an entire organization’s operation capacity to a halt. Unfortunately, some of these organizations didn’t have an Emergency Recovery Plan, which means no backups of their data or ability to quickly recover their applications. Some of the organizations that did have a plan saw their backups encrypted by threat actors as part of the ransomware campaign.

To help protect against these attacks, the CrowdStrike Falcon® platform now coordinates with CloudEndure Disaster Recovery, an AWS Company. By leveraging our expertise, powerful artificial intelligence (AI)-powered CrowdStrike Threat Graph® database, and indicator of attack (IOA) technology, CrowdStrike® Cloud Security Assessment can deliver actionable insights into security misconfigurations and deviations from recommended cloud security architecture to help clients prevent, detect and recover from breaches. CloudEndure helps customers restore their applications within minutes, minimizing business disruption. In the event of a breach, the Falcon platform will isolate the server, and while CrowdStrike goes to work removing the ransomware, you can spin up an instance of that server within minutes on AWS to continue operating as normal.

By conducting deep-dive forensic analysis of individual systems as well as broad compromise assessment of customers’ entire environment, we can determine the initial point of entry and root cause of the attack, identify the full scope of systems targeted, understand the type of data affected by the attack, and prevent future attacks. Customers can also take advantage of CloudEndure’s recovery checkpoints to go as far back as 90 days for all servers and data, allowing them to recover in minutes to a point in time prior to a ransomware infection and remove the complexity of re-architecting a network and additional infrastructure requirements.

Preventing Identity-based Threats

Organizations must know which users (including their roles) are accessing data and systems across their cloud environment to prevent adversaries from gaining access. However, managing identity involves many complexities, primarily in having end-to-end visibility of what a user is permissioned for and what properties are applied to them to handle their access. Understanding the role isn’t always straightforward, and some users are given excessive permissions to systems. And in some cases, users can consent on behalf of their organization to grant applications access to company data. 

To provide identity protection and prevent unauthorized access into systems and applications, CrowdStrike now offers AWS IAM Analyzer, a feature in CrowdStrike Falcon® Horizon™. This allows customers to prevent identity-based threats by knowing what accounts are doing before a breach happens. The AWS IAM Analyzer assesses AWS IAM services, apps, users, roles and permissions across all cloud accounts, enabling security teams to continuously monitor AWS accounts for excessive or unused permissions, identify suspicious permission escalation, and audit AWS cloud services for actions allowed per resource, user, group and role. This solution prevents users from putting their organization at risk by automating the detection and remediation of identity-based risks across your AWS environment.

Automating Sensor Package Deployment and Management for EC2 Instances

The most valuable asset is time. Automating repetitive tasks performed by employees that could be better spent elsewhere is crucial to an organization’s security posture and staying ahead of the threat landscape. CrowdStrike now integrates directly with Distributor in AWS Systems Manager, allowing customers to enhance security and compliance through automation of operational tasks, making workload deployments efficient and secure. Customers can now easily select to install the pre-built CrowdStrike Falcon® sensor directly from Distributor without additional configuration, shortening time to deployment. AWS Systems Manager then provides customers improved visibility and control with centralized operational data from multiple AWS services and automated tasks across AWS resources. Customers are able to manage all sensor packages in one place and quickly choose which CrowdStrike Falcon® agent software versions to install for their workloads. With this integration, customers can manage all deployments using a single user interface to further streamline operations.

Providing Security Solutions for Healthcare

Healthcare organizations are reimagining how they increase collaboration, make data-driven clinical and operational decisions, enable medicine, and decrease the cost of care — all while protecting themselves against today’s threat landscape. Identifying the right cloud technologies to reach these goals can be challenging, and many organizations lack the resources to build and deploy their own solutions. And, as a highly regulated industry, healthcare has various compliance requirements that can further complicate organizations’ implementation of digital initiatives.

To help healthcare customers with these challenges, CrowdStrike is now a partner with AWS for Health, a go-to-market initiative specifically built for healthcare customers and featuring new and existing services and solutions from AWS and AWS Partner Network solutions. CrowdStrike protects healthcare systems from such threats by providing a scalable cloud-native security platform and complete turnkey services to protect endpoints and workloads, providing unrivaled time-to-value and operational efficiency. The Falcon platform combines threat intelligence, behavioral analytics and response services to seamlessly support medical services while conforming to common compliance requirements.

AWS Well-Architected Framework — Management and Governance Lens 

The AWS Well-Architected Framework — Management and Governance Lens (M&G Lens) provides prescriptive guidance on key concepts and best practices for optimizing management and governance across AWS environments. This includes recommended combinations of AWS services and integrations with AWS Partner solutions. CrowdStrike is highlighted in the M&G Lens. Click here for more information.

Previously Announced Integrations

If you missed the November 2020 announcement of our already launched integrations, you can read more here

Here’s a summary of that launch:

  • CrowdStrike + AWS Network Firewall: Accelerates incident response by quickly blocking access to known malicious domains across AWS footprints. Customers can proactively hunt for threats for suspicious activity based on industry vertical, threat actor or tactics, techniques and procedures (TTPs) across their Falcon-managed hosts and networks.
  • AWS Security Hub with CrowdStrike Falcon®: Provides a comprehensive, real-time view of high-priority security alerts, and allows teams to automate security tasks and improve overall protection across DevOps, CISO, cloud architects and operations.
  • AWS GuardDuty and CrowdStrike Falcon®: Uses AI/machine learning and IOA-based threat analysis to correlate network traffic with security findings, providing a defense-in-depth strategy against advanced attacks.

Additional Resources: 

Related Content