CrowdStrike Holdings Inc. today introduced a new cloud threat-hunting product and expanded capabilities to secure containers.
The new product, Falcon OverWatch Cloud Threat Hunting, is being pitched as the industry’s first standalone service for finding hidden and advanced threats originating, operating or persisting in cloud environments. The new service offers cloud-oriented indicators of attack for the control plane and detailed adversary tradecraft to observe and disrupt sophisticated cloud threats.
CrowdStrike argues that the rapid adoption of cloud-native architectures has opened up new, broader attack surfaces, while security teams often limited in their ability to assess sophisticated threats across these complex cloud environments at all times. As a result, attackers find cloud assets and exploit them faster than security teams can discover them.
Using CrowdStrike’s Cloud Native Application Protection Platform capabilities, Falcon OverWatch cloud threat hunters investigate suspicious and anomalous behaviors and novel attacker tradecraft. Falcon OverWatch Cloud Threat Hunting offers constant operations and support that can prevent incidents and breaches while proactively alerting customers to cloud-based attacks.
The service can detect adversary activity within and across cloud infrastructure for Amazon Web Services Inc., Google Cloud Platform, Microsoft Azure and other cloud service providers. The new service can also detect sophisticated hands-on-keyboard activity and zero-day or unpatched vulnerabilities that take advantage and compromise cloud workloads and containers in production.
Cloud-based indicators of attack, such as control plane and serverless vulnerabilities, misconfigurations, application behavior anomalies, container escapes, privilege escalations, node compromises and more are detected, with support to spot attacks that exploit traditional information technology assets to gain initial entry and pivot.
“Falcon OverWatch demonstrates how CrowdStrike pioneered the concept of blending industry-leading technology with proactive threat hunting to deliver truly comprehensive protection that closes the gap between detection and response,” Shawn Henry, CrowdStrike’s chief security officer and president of CrowdStrike Services, said in a statement. “Organizations gain access to around-the-clock cloud expertise without the costly overhead or requisite investments in hiring, training and tooling that’s required to succeed in combating adversaries.”
Along with the announcement of Falcon OverWatch Cloud Threat Hunting, CrowdStrike also announced that it had expanded Cloud Native Application Protection Platform capabilities to secure containers and help developers identify and remediate cloud vulnerabilities.
CrowdStrike’s new CNAPP extends support to Amazon ECS within AWS Fargate, expands image registry scanning for eight new container registries and enables Software Comparison Analysis for open-source software.
The eight container registries now supported by CNAPP are Docker Registry 2.0, IBM Cloud Container Registry, JFrog Artifactory, Oracle Container Registry, Red Hat OpenShift, Red Hat Quay, Sonatype Nexus Repository and VMware Harbor Registry.