To improve security in cloud networks, cloud-native digital security firm CrowdStrike recently introduced a standalone threat-hunting service utilizing its proprietary cloud-specific indicators of attack to track down increasingly sophisticated online threats.
Called Falcon Overwatch, the service uses CrowdStrike’s Cloud-native Application Protection Platform (CNAPP) in the form of agent-based Falcon cloud workload protection and an agentless cloud security posture management solution called Falcon Horizon. The service is expected to bring greater visibility across diverse cloud networks, including Amazon Web Services, Google Cloud, and Microsoft Azure.
According to Falcon Overwatch vice-president Param Singh, this two-pronged approach will allow for more efficient and effective threat hunting in the cloud. He noted that, at one end, CrowdStrike gets agentless data via Falcon Horizon from more than 1.2 billion containers. Conversely, relevant data is gathered through agents installed by various organizations for their endpoints, including cloud-centric Linux servers. Falcon Overwatch oversees both in a timely and efficient manner.
Next on the Agenda: Improved Software Container Visibility
In addition, the company is set to improve customer visibility into containers to spot vulnerabilities more effectively before deployment – a great way to ferret out threats like embedded malware or secret files.
This is achieved through the identification and remediation of suspicious or rogue containers. Likewise, this may also be done by correcting the position of those that drifted away from the standard configuration.
Improving container visibility is actually CrowdStrike’s response to increasing client demand for such a service. In this case, the company has expanded these capabilities to work with container systems like Amazon’s Elastic Container Services (ECS) Fargate, which is both managed and serverless. This is aside from existing support for the ecommerce giant’s Elastic Kubernetes Services (EKS) Fargate.
CrowdStrike’s image registry scanning capabilities have also been expanded to cover eight new container registries. These are Docker Registry 2.0, IBM Cloud Container Registry, JFrog Artifactory, Oracle Container Registry, Red Hat OpenShift, Red Hat Quay, Sonatype Nexus Repository, and VMware Harbor Registry.
The company is also enhancing several popular open source components with software component analysis capabilities. Among those outfitted with the ability to detect and remediate vulnerabilities in customer code bases are Go, Java, JavaScript, Python, and Ruby-centric systems.
By bringing container image scanning solutions to both registries and managed service providers, CrowdStrike hopes to identify and resolve more threats and misconfigurations while ensuring continuous integration / continuous delivery (CI/CD) pipelines are made secure.
