How Falcon Horizon Secures Cloud Storage
As companies expand their use of public cloud infrastructure, human error and misconfigurations are increasingly at the root of security failures. In recent cloud breaches, unintentional public access to cloud storage, such as AWS S3, is one of the most commonly exploited misconfigurations.
Falcon Horizon Policies for Cloud Storage
Falcon Horizon uses CrowdStrike developed policies to monitor the configurations and behaviors in public cloud deployments. For each provider, the policy menu displays a list of available services. The example below focuses on AWS S3. Each policy is listed along with related compliance information, a default severity, and policy category. There are a number of policies designed to help organizations identify where public S3 access is configured.
For each policy, Falcon Horizon enables options to disable or customize the severity per cloud account and region. This helps organizations tune their assessment results with focus on the relevant policies.
The main dashboard provides an overview of the findings across all of the registered cloud accounts. In this case, filtering by provider for AWS reveals a behavioral policy related to the S3 service being made public through policy.
The detailed findings include a criticality score along with the severity, pattern, description and links to MITRE Tactic and Technique information. The documented remediation steps can be used to take action and resolve these findings.
For behavioral findings, there is also a timeline of events. Correlated events are shown with a yellow icon while indicators of attack are shown in red.
Attacks that leverage cloud misconfigurations are on the rise. Falcon Horizon offers visibility and assessment of multi-cloud deployments so that organizations can quickly identify potential exposures and take action to improve overall cloud security.
- CrowdStrike Tech Center
- Sign up for a weekly Falcon demo
- Request a 1:1 Demo
- Guide to AV Replacement
- CrowdStrike Products