Falcon For AWS
BREACH PROTECTION FOR AWS WORKLOADS
Continuous and comprehensive workload monitoring, including container visibility, ensuring nothing is missed and stealthy attacks can be stopped.
Protect against breaches with unparalleled coverage. Defend against threats from malware to the most sophisticated attacks.
Built in the cloud for the cloud. Reduces the overhead, friction and complexity associated with protecting cloud workloads.
Enable cloud security to keep up with the dynamic and flexible nature of AWS workloads.
Built in the Cloud to Protect the Cloud
- Full EDR prevents silent failure by capturing raw events for complete visibility
- Visibility into incidents involving containers with process trees showing container IDs
- Full attack visibility provides details, context and history for every alert
- Event details and a full set of enriched data is continuously available, even for ephemeral and decommissioned workloads
- Rogue instance detection
- Extensive AWS visibility: Environment, accounts and instances
SIMPLICITY AND PERFORMANCE
- Works everywhere: EC2 instances, ECS & EKS containers, Windows, Linux, Amazon Linux
- One console provides central visibility over cloud workloads regardless of location
- No reboots — No signatures — No scan storms — No disruption
- Lightweight — Operates with only a tiny footprint on the host and Zero impact on runtime performance even when analyzing, searching and investigating
- Automatically kept up to date with SaaS delivery
- Complete policy flexibility — apply at individual server, group or data center level
EC2 AND CONTAINER PROTECTION
- Machine Learning and AI protects against known and zero-day malware
- Protection against prevalent cloud workload threats like web shells, SQL shells and credential theft
- Behavior-based indicators of attack (IOAs) detect sophisticated attacks such as fileless and malware-free
- Exploit protection and blocking
- Delivers container security through a single agent running on the node that protects the instance itself as well as all containers running on it
- Automatic detection of attacker behavior with prioritized alerts and severity eliminates time-consuming manual searches and assessments
- Integration with CI/CD deployment workflows
- Powerful APIs enable automation of all functional areas including detection, management, response and intelligence
- Scales as cloud workloads expand — no need for additional infrastructure
- Integrates to AWS Security Hub for centralized management of threat alerts from AWS services