The Falcon platform gives organizations the flexibility to secure their cloud environments with agent-based and agentless cloud security. CrowdStrike introduces the new, opponent-focused CNAPP functions.
CrowdStrike, a leading provider of cloud-based protection for endpoints, workloads, identity and data, introduces new, adversary-focused Cloud Native Application Protection Platform (CNAPP) capabilities to accelerate threat hunting for cloud environments and workloads and reduce average response time. The new capabilities are delivered via the Falcon platform and bring together the CrowdStrike modules Falcon Horizon (Cloud Security Posture Management or CSPM) and Falcon Cloud Workload Protection (CWP) within a common dashboard.
Cloud Native Application Protection Platform—CNAPP
This helps security and DevOps teams prioritize top cloud security issues, combat runtime threats, and enable threat hunting within the cloud. The updates also include new ways to use Falcon Fusion (CrowdStrike's SOAR framework) for Automation fixes for Amazon Web Services (AWS), new custom misconfiguration indicators (IOMs) for Google Cloud Platform (GCP), new ways to mitigate identity-based threats for Microsoft Azure, and more.
CrowdStrike's adversary-centric CNAPP approach offers both agent-based (Falcon CWP) and agentless (Falcon Horizon) solutions within the Falcon platform. This gives organizations the flexibility they need to decide how best to secure their cloud applications across the Continuous Integration/Continuous Delivery (CI/CD) pipeline and cloud infrastructures of AWS, Azure, and GCP. An additional benefit of the CWP solution is the ability to provide pre-runtime and runtime protection, as opposed to agentless-only solutions that offer limited visibility and no remediation.
The attacker-focused CNAPP features
New centralized console for Falcon Horizon and Falcon CWP
- Cloud activity dashboard. Unify Falcon Horizon CSPM insights with Falcon CWP workload protection into a single user experience to prioritize top issues, address runtime threats, and enable cloud threat scanning. This speeds up investigation and response.
New features for Falcon Horizon
- Custom misconfiguration indicators (IOMs) for AWS, Azure, and GCP. Ensure each cloud deployment comes with custom policies aligned with business goals.
- Identity access analytics for Azure. Prevent identity-based threats and ensure Azure AD groups, users, and apps have permissions that are enforced using the principle of least privilege. This capability extends Falcon Horizon's existing Identity Access Analyzer capability for AWS.
- Individual IOMs for GCP. Ensure security is part of every cloud deployment with custom policies aligned to business goals. This capability extends Falcon Horizon's existing custom IOM capabilities for AWS and Azure.
New skills for Falcon CWP
- Falcon container detection. Automatically protect against malware and advanced threats targeting containers with machine learning (ML), artificial intelligence (AI), indicators of attack (IOAs), deep kernel visibility, custom compromise indicators (IOCs), and behavior blocking.
- Detection of rogue containers. Keep your inventory up to date as containers are deployed and decommissioned. Scan rogue images and identify and stop containers launched as privileged or writable as these can be used as entry points for attacks.
- Drift container prevention. Discover new binaries that are created or modified at runtime to protect container immutability.
About CrowdStrike CrowdStrike Inc., a global leader in cybersecurity, is redefining security in the cloud age with its completely redesigned platform for protecting workloads and devices. The lean single-agent architecture of the CrowdStrike Falcon® platform uses cloud-scaled artificial intelligence and ensures protection and transparency across the company. This prevents attacks on end devices both inside and outside the network. With the help of the company's own CrowdStrike Threat Graph®, CrowdStrike Falcon correlates around 1 trillion endpoint-related events worldwide every day and in real time. This makes the CrowdStrike Falcon platform one of the world's most advanced data platforms for cybersecurity.