CrowdStrike Falcon platform takes on adversary-focused strategy

New features to the CrowdStrike Falcon platform that are designed to work with services from Amazon Web Services (AWS) have been rolled out, aimed at providing joint customers with comprehensive visibility, dynamic scale, automation and flexibility to better prevent, detect and respond to threats in the cloud and across endpoints.

Embattled security teams have turned to the cloud to protect their dynamic work environments from sophisticated cyber actors, implementing solutions that are scalable, automated and easily deployable.

To devise an effective strategy, in order to ensure connectivity between the cloud and the rest of the security stack, the symbiotic relationship between applications and how they communicate with each other must be considered according to Amol Kulkarni, chief product officer at CrowdStrike.

“The CrowdStrike Falcon platform unifies cloud security posture management together with breach protection for cloud workloads and containers on AWS and hybrid cloud environments in a single platform, providing end-to-end visibility and protection that optimises cloud resources and ensures applications are defended against advanced threats,” Kulkarni said.

The new expanded features include:

Ransomware protection and recovery: the cloud-native CrowdStrike Falcon platform now works with CloudEndure Disaster Recovery to provide AWS customers protection and recovery from ransomware incidents and minimise impact to productivity.
CrowdStrike Cloud Security Assessment: to deliver actionable insights into security misconfigurations and deviations from recommended cloud security architectures to help clients prevent, detect and recover from breaches, while CloudEndure helps customers restore their applications within minutes, minimising business disruption.
Identity-based threat detection and remediation: CrowdStrike IAM Analyzer for AWS is a feature in CrowdStrike Falcon Horizon and prevents identity-based threats by knowing what accounts are doing before a breach happens. It follows the principle of least privilege by assessing CrowdStrike IAM services, apps, users, roles and permissions across all cloud accounts.
CrowdStrike IAM Analyzer for AWS: Allows security teams to continuously monitor AWS accounts for excessive or unused permissions, identify suspicious permission escalation and audit AWS Cloud services for actions allowed per resource, user, group and role.
Enhanced security and compliance for workload deployments: CrowdStrike now integrates directly with Distributor, a capability of AWS Systems Manager, designed to enable customers to easily deploy Distributor packages with embedded CrowdStrike Falcon agent software, or install the agent via the CrowdStrike Falcon APIs, with customisation to run across multiple operating systems at the same time.

The solution is designed to prevent users from putting organisations at risk by automating the detection and remediation of identity-based risks.

This allows teams to manage all agent packages from a single interface with flexibility and choice of software installation, easing deployment and without reboot requirements. With simplified deployment, teams can ensure real-time protection of workloads from both malware and malware-free attacks from day one, with minimal performance impact.

[Nozomi Networks enhances Vantage offering]