Back to Tech Center

How to Secure Identity Services with Falcon Horizon

November 1, 2021

Tech Center
CrowdStrike Tech Center


The shift to leverage public cloud infrastructure not only increases an organization’s attack surface, but also introduces different tools and processes for configuring and securing those environments. IAM service configurations are often a top concern given that it is used to securely control access to AWS environments. CrowdStrike’s Cloud Security Posture Management solution, Falcon Horizon, monitors the various cloud services, like IAM, to identify possible misconfigurations, human errors and malicious behaviors. 


Falcon Horizon Assessment Findings

The main dashboard presents the latest assessment findings based on CrowdStrike developed policies. In this example, filtering to focus on AWS reveals a few high severity findings related to Identity Access Management. Drilling down on IAM in the “Top 10 Services with Misconfigurations” chart will reveal the complete list of findings for Identity Access Management. 

cspm identity dashboard

For this account, there are findings for two different multi-factor authentication policies. 

cspm identity findings

Clicking on an individual policy reveals the detailed findings as well as links to the recommended remediation steps to resolve the issue.

cspm identity mfa

Identity Access Management Policies

Those findings highlight just a few examples of the IAM policies that can be monitored by Falcon Horizon. Under the policies tab, there is a comprehensive list of supported Amazon services including IAM. Each policy is shown along with a default severity and policy category. While some policies are related to configurations, others are looking at potentially malicious behaviors.

cspm identity policies

For each policy, there is an option to view a more detailed description including remediation steps, alert logic and documentation links. Customers also have the ability to define a customized severity for each policy and disable those policies that are deemed not necessary at the account and region levels.

cspm identity edit

Also, some of those policies correlate to different compliance benchmarks.  In those cases, CrowdStrike includes links to the complete description and rationale of the requirement as well as the audit and remediation procedures.

cspm identity benchmark

However, CrowdStrike’s policies are not limited to compliance requirements. As an example, for IAM there are behavioral policies around LoginProfiles and roles that are outside any of the currently supported compliance specifications.

cspm identity behavior


Falcon Horizon delivers visibility and assessment of public cloud deployments to quickly identify and remediate potential issues. With CrowdStrike, organizations can leverage the power of multi-cloud environments while also ensuring the security of cloud deployed applications and data.

More resources

Related Content