Back to Tech Center

How Falcon Horizon Secures Cloud Storage

November 5, 2021

Tech Center
CrowdStrike Tech Center

Introduction

As companies expand their use of public cloud infrastructure, human error and misconfigurations are increasingly at the root of security failures. In recent cloud breaches, unintentional public access to cloud storage, such as AWS S3, is one of the most commonly exploited misconfigurations.

Video

Falcon Horizon Policies for Cloud Storage

Falcon Horizon uses CrowdStrike developed policies to monitor the configurations and behaviors in public cloud deployments. For each provider, the policy menu displays a list of available services. The example below focuses on AWS S3. Each policy is listed along with related compliance information, a default severity, and policy category. There are a number of policies designed to help organizations identify where public S3 access is configured.

falcon horizon s3 policies

For each policy, Falcon Horizon enables options to disable or customize the severity per cloud account and region. This helps organizations tune their assessment results with focus on the relevant policies.

falcon horizon s3 edits

Assessment Results

The main dashboard provides an overview of the findings across all of the registered cloud accounts. In this case, filtering by provider for AWS reveals a behavioral policy related to the S3 service being made public through policy.

falcon horizon s3 dashboard

The detailed findings include a criticality score along with the severity, pattern, description and links to MITRE Tactic and Technique information. The documented remediation steps can be used to take action and resolve these findings.

falcon horizon s3 findings

For behavioral findings, there is also a timeline of events. Correlated events are shown with a yellow icon while indicators of attack are shown in red.

falcon horizon s3 timeline

Closing

Attacks that leverage cloud misconfigurations are on the rise. Falcon Horizon offers visibility and assessment of multi-cloud deployments so that organizations can quickly identify potential exposures and take action to improve overall cloud security.

More resources

 

Related Content
CrowdStrike Falcon LogScale S3 ingest
Protecting Users from Malicious Sites with Falcon for Mobile
Getting Value from Your Proxy Logs with Falcon LogScale
Related Technical Docs
CrowdStrike Falcon LogScale S3 ingest
Protecting Users from Malicious Sites with Falcon for Mobile
Getting Value from Your Proxy Logs with Falcon LogScale
How to Complete Your LogScale Observability Strategy with Grafana
Securing private applications with CrowdStrike Zero Trust Assessment and AWS Verified Access
How to Manage USB Devices
Back to Tech Center