CrowdStrike Adds Container Support to Cloud Security Platform
CrowdStrike today launched a cloud-native application protection platform (CNAPP) based on its Falcon Cloud Workload Protection (CWP) offering that can now detect threats aimed at containers, prevent rogue containers from running and discover binaries that have been created or modified at runtime.
In addition, CrowdStrike has updated its security orchestration, automation and response (SOAR) platform, dubbed Falcon Fusion, to enable IT teams to automate security remediations on the Amazon Web Services (AWS) cloud. In addition, IT teams can also employ custom indicators of misconfigurations (IOMs) on the Google Cloud Platform (GCP) and thwart identity-based threats that seek to elevate permissions in the Microsoft Azure cloud.
Scott Fanning, senior director of product management for cloud security at CrowdStrike, said the CNAPP capabilities are the latest extension of the Falcon platform the company developed to enable organizations to manage security across multiple clouds.
That approach provides IT and security teams with a single console through which they can manage everything from security posture to threat hunting. IT organizations have the option of employing either an agent-based approach using the Falcon CWP platform or an agentless approach based on the Falcon Horizon platform. The agent-based approach enables pre-runtime and runtime protection that can’t be achieved using an agentless approach.
The CrowdStrike Falcon platform employs machine learning algorithms and other forms of artificial intelligence (AI) alongside indicators of attacks, deep kernel visibility, custom indicators of compromise (IoCs) and behavioral blocking to secure cloud computing environments that are becoming increasingly more complex with each new type of workload deployed.
While cloud platforms are generally more secure, the processes used to configure them and then deploy applications is often deeply flawed. Developers routinely employ open source tools like Terraform to provision cloud infrastructure as part of an effort to accelerate application development. Most of those developers have limited cybersecurity expertise so, inevitably, mistakes are made. The chronic shortage of cybersecurity expertise means most organizations are not able to keep pace with the rate at which workloads are being deployed in the cloud.
More challenging still, the tools and platforms needed to secure cloud workloads are fundamentally different than the ones that have been historically used to secure on-premises IT environments. The only way to keep pace with the number of workloads being deployed in highly dynamic cloud computing environments is to rely more heavily on AI, said Fanning.
It’s not clear to what degree IT organizations are embracing AI to manage cybersecurity, but as threats become increasingly more sophisticated, it’s clear manual processes will not enable IT teams to respond quickly enough. In fact, the rate at which applications are being deployed is only going to accelerate in the age of containers. The goal needs to be finding ways to ensure cloud applications are secure without reducing the rate at which applications are being developed and deployed. It may a while before that goal is achieved using DevSecOps best practices; in the meantime, the next best thing is to rely on automation as much as possible.
