CrowdStrike new capabilities – Enhanced Threat hunting and Container Security

CrowdStrike introduced a new cloud threat-hunting product Falcon OverWatch Cloud Threat Hunting and expanded capabilities to secure containers.

A service for finding hidden and advanced threats originating, operating, or persisting in cloud environments. The new service offers cloud-oriented indicators of attack for the control plane and detailed adversary tradecraft to observe and disrupt sophisticated cloud threats.

Advertisements

The rapid adoption of cloud-native architectures has opened introduced broader attack surfaces, while security teams often limited in their ability to always assess sophisticated threats across these complex cloud environments. As a result, attackers find cloud assets and exploit them faster than security teams can discover them.

Using CrowdStrike CCNAPP, Falcon OverWatch cloud threat hunters investigate suspicious and anomalous behaviors. It offers constant operations and support that can prevent incidents and breaches while proactively alerting customers to cloud-based attacks. The service can detect adversary activity within and across cloud infrastructure for Amazon Web Services Inc., Google Cloud Platform, Microsoft Azure, and other cloud service providers.

Cloud-based indicators of attack, such as control plane and serverless vulnerabilities, misconfigurations, application behavior anomalies, container escapes, privilege escalations, node compromises and more are detected, with support to spot attacks that exploit traditional information technology assets to gain initial entry and pivot.

CrowdStrike also expanded Cloud Native Application Protection Platform capabilities to secure containers and help developers identify and remediate cloud vulnerabilities.