Enabling Breach Prevention on Red Hat OpenShift Service on AWS (ROSA)

As organizations increasingly deploy business-critical workloads to managed cloud services, enforcing strong security practices needs to be a top priority.  While many managed cloud service providers do a good job of protecting the cloud and infrastructure itself, it’s the responsibility of the customer to protect what’s running inside the cloud. 

This is commonly known as the Shared Responsibility Model, a security and compliance framework that outlines the responsibilities of both the cloud provider and customer. Understanding where responsibilities begin and end is critical as adversaries increasingly turn their sights on cloud exploitation. According to the CrowdStrike 2023 Global Threat Report, cloud exploitation grew by 95% in 2022 and the number of cloud-conscious threat actors nearly tripled.   

CrowdStrike Falcon Cloud Security delivers comprehensive cloud security for complete visibility and protection to stop breaches in the cloud. CrowdStrike is helping customers strengthen the security posture of managed cloud services by supporting the CrowdStrike Falcon® sensor on Red Hat® OpenShift® Service on AWS (ROSA), a Kubernetes-based application platform jointly engineered and managed by Red Hat and Amazon Web Services.

Together, ROSA and the Falcon platform provide customers with a fully managed and protected OpenShift cluster running in their preferred cloud environment so they can rapidly deploy their most critical applications to the cloud with confidence.

ROSA allows platform administrators to offload cluster provisioning, maintenance and 24/7 monitoring to a team of professional site reliability engineers (SREs). CrowdStrike extends this operational efficiency by offloading the collection, analysis and detection of threat indicators to a global team of security analysts and expertly tuned artificial intelligence. CrowdStrike regularly correlates over a trillion events per day with adversarial threat intelligence to stop breaches on Kubernetes and containers before they occur. 

In addition to protecting Kubernetes, the Falcon platform provides endpoint detection and response for Red Hat Enterprise Linux and other operating systems, cloud security posture management for AWS and Azure, identity protection for Active Directory, log management, and more. Aggregating all of these capabilities into a single cloud-hosted platform means tool reduction and cost savings for IT leaders, and higher efficiency and visibility for security analysts.

To make sure that operations teams can match the speed of the adversary and access secured clusters quickly, both ROSA and Falcon can be procured through AWS Marketplace and leverage existing spending commitments.

About the Integration

Protecting Kubernetes requires protecting the host operating system as well as all containers running on top of it. To achieve this on Red Hat’s CoreOS, the Falcon agent is deployed as a lightweight agent that mounts itself at the kernel level, granting it complete visibility and control without impacting performance. With this access, the agent is able to fully protect the cluster from both known and zero-day attacks using on-sensor machine learning and CrowdStrike’s constantly evolving threat intelligence.

To simplify deployment and operations, the Falcon agent is available as a certified operator in OpenShift’s OperatorHub. Operators are Kubernetes-native packages that automate installation and support a configuration-as-code approach to security management. Customers managing many OpenShift clusters can use Red Hat Advanced Cluster Management for Kubernetes to deploy the Falcon agent automatically with fleet-wide policies.

Once installed, the agent uses indicators of attack to break an adversary’s kill chain and prevent data destruction, exfiltration, escalation, lateral movement and many other types of breaches. But runtime protection is only part of the battle. The Falcon platform provides comprehensive cloud-native security with a Kubernetes admission controller to stop risky workloads, infrastructure-as-code and image scanning to “shift left” on enforcement, and posture management and compliance to identify misconfigured cloud resources. For organizations contending with a skills shortage, CrowdStrike’s expert analysts help uplevel your security operations team and can provide managed detection and response around the clock.

Get Started

If you’re already a CrowdStrike Falcon® Cloud Security with Containers customer, follow CrowdStrike’s deployment guide for OpenShift to enable breach prevention on a new or existing OpenShift cluster. This guide covers architecture, workflow, prerequisites and additional learning resources.

Reach out to learn how CrowdStrike Falcon protects Red Hat platforms. 

Additional Resources

Related Content