Back to Tech Center

Cloud Security Posture Management with CrowdStrike

November 13, 2021

Tech Center
CrowdStrike Tech Center

Introduction

As companies expand their use of public cloud infrastructure, not only does the attack surface grow, but so does the risk of human error and misconfigurations. CrowdStrike’s Falcon Horizon provides cloud security posture management to help organizations identify security issues, malicious behaviors, and indicators of misconfiguration across their own cloud deployments.

Video

Monitor for Misconfigurations and Behaviors 

As part of Falcon Horizon, CrowdStrike has developed policies for various cloud services that can be monitored and reported in the Falcon user interface. Under the policies tab, there is a comprehensive list of policies listed under the supported services for each provider. Each policy is assigned a default severity and labeled by type to indicate if it is monitoring for a behavior or configuration.

cspm policies providers

From the actions menu, there is an option to view a more detailed explanation of the policy. For each policy, there is a description, alert logic and MITRE context to help organizations understand potential risks and make informed policy choices. 

cspm policy details

For any policies that correlate to industry compliance standards, links are available to learn more about the rationale and audit procedure for each guideline. Organizations also have the ability to assign a customized severity to each policy and enable only those that apply within their specific environment. 

cspm policy edit

Prioritize Findings

Once cloud accounts are registered and the assessments are scheduled, CrowdStrike will report the detailed findings in the same, easy to use interface. The main dashboard provides an overview of the assessment findings across all of the registered cloud accounts. The results can be filtered by provider as well as severity, account, and region. Service misconfigurations are shown on the left, while the right side highlights behavioral findings on activities or patterns that could be malicious. The clickable chart areas offer easy access to the supporting details. 

cspm dashboard

Drilling down on a configuration policy or service takes you to the assessment results. The specific policy findings can be filtered and sorted based on policy, account, region and service. From this page, there are also pull down menus available to pivot to other assessment details.

cspm assessment

Remediate Issues

For each policy, CrowdStrike also provides the detailed information needed to take action and resolve any issues. These details include the ability to sort and identify impacted instances by state, platform and management status. This list can be used along with the provided remediation steps to get these findings resolved.

cspm findings

CrowdStrike also provides the ability to automate workflows based on these findings.

Closing

Falcon Horizon provides visibility and assessment of multi-cloud deployments so that organizations can effectively monitor and report on these rapidly evolving and dynamic workloads. Streamlining security throughout the development lifecycle enables secure deployment of applications in the cloud with greater speed and efficiency.

More resources

 

Related Content