At AWS re:Invent 2022, CrowdStrike announced expanded service integrations with AWS to provide breach protection across your AWS environment, simplified infrastructure management and security consolidation. On January 31, 2023, AWS announced CloudTrail Lake Partner Integrations, with CrowdStrike signing on as a launch partner. With this integration, organizations get the opportunity for a consistent security posture between on-premises workloads and those running in the AWS cloud. 

Innovate with AWS, Stay Secure with CrowdStrike

Cloud-based services are transforming organizations at a record pace and a shared responsibility model relieves the customer’s operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the service operates. CrowdStrike and AWS have integrations to help customers secure against advanced threats. Security threats are on the rise — for instance, according to the CrowdStrike 2023 Global Threat Report, CrowdStrike Intelligence observed an 82% increase in ransomware-related data leaks in 2021, with 2,686 attacks as of Dec. 31, 2021, compared to 1,474 in 2020.

Free webinar: Mitigate threats in the cloud by focusing on adversaries

Modern workloads are dynamic and ephemeral, adding to the challenge of maintaining comprehensive coverage and visibility across multiple cloud and on-premises environments. Visibility and protection for your organization’s deployed assets and workloads allow operations and security teams to gain clarity and control over the current state of their environment by examining resource configurations, network traffic to and from protected workloads, API call auditing and runtime system calls.

Organizations can rely on CrowdStrike and AWS through a shared responsibility model to protect against the onslaught of today’s threats and provide comprehensive visibility to understand the full layout of your digital footprint.

CrowdStrike Cloud Security and AWS Account Factory Customization

AWS announced the release of AWS Account Factory Customization (AFC), which enables customers to customize their AWS account natively during provisioning in AWS AFC. For this integration, CrowdStrike Falcon Cloud Security operates together with AWS AFC to automatically provide actionable data to help triage findings and recommend remediations so you can close the gaps and keep your cloud data secure while ensuring that your cloud infrastructure meets industry and governmental security requirements and compliance standards. 

Additionally, customers can automate the detection of cloud-specific misconfigurations and vulnerabilities, eliminating security threats across your cloud environments. CrowdStrike’s adversary-focused approach provides real-time threat intelligence on over 180 adversary groups, over 50 indicator of attack (IOA) detections and guided remediation that increases investigation speed by up to 88%, enabling teams to respond faster to stop breaches.

CrowdStrike and AWS Verified Access

AWS Verified Access delivers secure access to private applications without a VPN. AWS Verified Access continuously evaluates each request in real-time based on contextual security signals like identity, device security status and location. It then grants access based on the configured security policy for each application and connects the users, thereby improving security posture of the organization. 

CrowdStrike has integrated Falcon Zero Trust Assessment (ZTA) scoring to deliver real-time security posture assessments across all endpoints regardless of location, network and user. Falcon ZTA enables enforcement of dynamic conditional access based on device health and compliance checks that mitigate the risk to cloud applications, users and the organization. Every endpoint is assessed before being granted least privilege access to sensitive data and corporate assets. By including device security as a key input to Zero Trust access policies, this Falcon ZTA and AWS Verified Access integration can help organizations improve security posture, deliver a seamless user experience and simplify policy implementation for application access.

CrowdStrike Falcon Data Integrated into Amazon Security Lake

Detecting and stopping advanced cyberattacks demands coordination across multiple security tools and domains. Security teams often exhaust time and resources normalizing data from disparate tools to perform the analysis and investigation needed to contain attacks. 

To solve this problem, customers can export their Falcon security data and share it with AWS through Amazon Security Lake, which automatically pools an organization’s security data from cloud, on-premises and custom sources into a purpose-built data lake stored in a customer’s account. CrowdStrike is a member of the Open Cybersecurity Schema Framework (OCSF) project, a collaborative open-source standard that provides a common, extensible, vendor-agnostic taxonomy to deliver simple and faster data ingestion and analysis without time-consuming data normalization. 

This empowers customers to normalize their CrowdStrike Falcon data in Amazon Security Lake according to the OCSF and view it alongside other data sources to help aggregate, manage and derive value from log and event data located in the cloud and on-premises to give security teams greater visibility across their organizations.

CrowdStrike Named Launch Partner for AWS CloudTrail Lake Integrations

In January 2023, CloudTrail Lake announced support for ingesting activity logs from CrowdStrike, allowing organizations to use CloudTrail Lake to aggregate, store and query security-relevant events from CrowdStrike. This helps customers streamline auditing, security investigation and operational troubleshooting across multiple sources. 

AWS CloudTrail Lake is a managed security and audit data lake for organizations seeking to enhance their security and compliance efforts. A managed data lake, the offering provides an innovative approach for managing security and audit data, allowing you to aggregate, store and query events recorded by AWS CloudTrail. From the AWS console, you can easily monitor and analyze the AWS environment, making it simpler to conduct audits, investigate security incidents and troubleshoot operational issues.

With the integration of CrowdStrike and AWS CloudTrail Lake, organizations can get a more complete and comprehensive view of their security posture. The integration includes a 7-year immutable storage retention policy for events ingested into CloudTrail Lake, helping you retain and analyze security-relevant events for a significant period of time. With improved context on these historical events, you can quickly identify and investigate security incidents, troubleshoot operational issues and make informed decisions, making it simpler to protect your organization.

The Powerful Benefits of CrowdStrike and AWS

With CrowdStrike and AWS, customers benefit from better protection, better performance and immediate time-to-value. With over a dozen service-level integrations available, joint AWS and CrowdStrike customers are provided with a consistent security posture between their on-premises workloads and those running in the AWS cloud for defense-in-depth security.

Additional Resources

• See how CrowdStrike and AWS are better together in this Cloud Security Made Easy infographic.
• Visit the Falcon Cloud Security CWP capabilities webpage and download the solution brief.
• Learn about Falcon for AWS by visiting the webpage.
• Learn more about CrowdStrike Falcon Cloud Security.
• Test CrowdStrike next-gen AV for yourself. Start your free trial of CrowdStrike Falcon Prevent today.