How CrowdStrike Secures Cloud Workloads
Introduction
The CrowdStrike solution has been designed to provide proven endpoint protection to all workloads, regardless of their location. CrowdStrike Falcon® protects physical servers and virtual machines in private data centers as well as instances running in public clouds including AWS, GCP and Azure. In this article and demo, we will see how CrowdStrike identifies, manages and protects cloud workloads.
Video
Cloud Workload Reporting
The Cloud and Container workload dashboard provides an overview of all cloud instances across different providers with charts that illustrate state and type as well as statistics regarding storage and instances by provider. This level of reporting helps organizations understand how they are using cloud resources and identify coverage and security gaps.
The menu at the top provides quick access to drill down on a specific provider like Azure.
Identifying Issues in Cloud Workloads
Looking at a specific provider, there are additional options to filter the available data to identify potential security issues. The ability to filter by attributes like ID, tag, state, management, zone and type can help isolate issues. In the example below for AWS, a search for running systems in an unmanaged state provides a list of systems where CrowdStrike is not installed. Using the AMI information, we can follow up to ensure those images are correctly built with the Falcon agent.
To see another use case, we will shift to the Azure Workloads and additional network security filter options. For this example, we will look for any workloads where port 25 for email is open to the internet. With one system returned, we can follow up and get that issue resolved.
Understanding the Usage of Container Workloads
In addition to reporting by cloud provider, CrowdStrike also delivers dashboards specific to container workloads – an important aspect of many cloud strategies. As containers tend to have short lifespans, having this sustained visibility is an important security tool. As an example, the usage dashboard gives an overview of the containers and hosts in the environment with useful information around runtime. Seeing a spike in how many containers are running or containers running for an abnormal period of time would indicate cause for investigation.
Important information like privilege and interactive mode are highlighted on the container configurations dashboard. It also highlights user accounts and detections per host and container with clickable options to see the supporting details. By drilling down on a specific container ID, we can view the related detections for that container.
Other container dashboards include information about container images and containers by host. More detailed information on those can be found in the container visibility blog.
Closing
CrowdStrike delivers a unique, cloud workload protection solution across multiple providers and platforms. Along with that, the CrowdStrike solution offers a number of dashboards to help organizations understand and monitor these rapidly evolving and dynamic workloads. The CrowdStrike Falcon® Platform offers proven protection, unparalleled visibility, container awareness and reporting to help organizations secure cloud workloads without compromising performance.
