Back to Tech Center

How Falcon for AWS Protects Cloud Workloads

November 11, 2019

CrowdStrike Tech Center


In this article and video, we will see how CrowdStrike’s unparalleled visibility, flexible deployment, proven performance and container awareness combine to deliver a unique protection solution – Falcon for AWS.



Unparalleled Visibility

Falcon Discover for AWS provides critical visibility into all of your AWS systems even if the Falcon agent is not installed. The dashboard provides reporting on sensor coverage, total EC2 instances, total EBS Storage and total security groups as well as EC2 instances by region, state, zone and type.



The highlighted filter menu also gives you the ability to focus on systems by instance ID, tag, AMI ID, State and Management status. The resulting list can be exported and shared making it easy to identify and resolve deployment issues.


Deployment Options

Armed with information about unmanaged systems, deploying the CrowdStrike solution is simply a matter of installing a single, lightweight sensor. That sensor is available in the Falcon UI under Host – Sensor Downloads.

AWS sensor download


To install the sensor, you simply need your unique customer ID and the applicable install package. CrowdStrike supports a number of operating systems including Windows, Mac and various Linux distributions including Amazon Linux.

.AWS Install instructions


Once you have the install package, there are a number of ways to deploy within AWS. While manual installations are always an option, many AWS customers prefer to stage the client as part of an AMI or deploy it via AWS Systems Manager. Regardless of deployment method, the lightweight sensor will install, register with the cloud, and provide immediate protection to the newly managed system. The Crowdstrike installation does not require a reboot, signature updates or invasive upgrades. Once the agent is deployed, all of the reporting and configuration functionality is delivered through the cloud UI.


Unique Protection

Falcon for AWS offers a unique set of protections that include NGAV, EDR and managed threat hunting.

  •         CrowdStrike delivers industry leading prevention capabilities that include machine learning, exploit prevention and behavioral detections. The single, CrowdStrike agent eliminates the need for additional, complex deployments such as host IPS and application whitelisting.
  •         CrowdStrike’s complete EDR functionality means having all of the supporting event details including process, command, host and user information.
  •         CrowdStrike’s threat hunting service is a key component of cloud protection – especially when dealing with critical server infrastructure. The OverWatch team is a group of expert threat hunters looking at event data around the clock to ensure that even the most complex, well disguised attacks are identified and prevented.



Container Awareness

With CrowdStrike, the same lightweight agent protects the endpoint as well as any running containers while maintaining the same, detailed level of visibility, protection and reporting. CrowdStrike not only provides the detailed event data, but also reports the container ID where that host was running. This visibility is available not only for Docker but also Kubernetes and any other platform compliant with the Linux Open Container Initiative standards.

AWS container detection

Security Posture

Falcon Discover for AWS can not only identify unmanaged systems, but also find and address issues with ongoing security operations. You can report on systems by state, management status, tag and AMI ID. These options can help you identify and resolve deployment issues.

AWS AMI filter

Similar reporting is available around security groups. You can filter systems based on Internet and port accessibility to understand any potential security issues in the environment.


CrowdStrike understands the importance of cloud workloads in today’s landscape and delivers a unique protection solution in Falcon for AWS. The CrowdStrike Falcon Platform offers deployment flexibility, breach prevention capabilities, unparalleled visibility and container awareness to help organizations secure their AWS workloads without compromising performance.

In addition, CrowdStrike has been identified as an AWS advanced technology partner with a security competency. CrowdStrike is also available in the AWS Marketplace, a named threat intelligence partner for Amazon GuardDuty and offers integration with AWS Security Hub for centralized and automated management of threat alerts from AWS services.

AWS competency

More resources

Related Content