CrowdStrike Expands Reach and Scope of CNAPP Capabilities
CrowdStrike today unfurled a threat hunting service delivered via the cloud based on its existing cloud-native application protection platform (CNAPP).
At the same time, the company announced it has extended the reach of its CNAPP to include the Amazon Elastic Container Service (ECS) within the managed AWS Fargate service and expanded the image scanning it provides to eight additional container registries. Finally, CrowdStrike said it added software composition analysis (SCA) tools for open source software.
These updates were announced at the AWS re:Inforce event; previously, Crowdstrike only supported the Amazon Elastic Kubernetes Service (EKS).
Param Singh, vice president for OverWatch at Crowdstike, said the Falcon OverWatch Cloud Threat Hunting service is designed to detect anomalies such as control plane, serverless and application vulnerabilities in addition to misconfigurations, container escapes, privilege escalations and node compromises that might be found across all three of the major cloud services. The Falcon OverWatch Cloud Threat Hunting service also identifies other indicators of compromise based on sophisticated hands-on-keyboard activity and zero-day threats, said Singh.
Threat hunting today still relies too much on manual processes because previous automation efforts have often only served to increase the number of false-positive alerts that waste cybersecurity teams’ time, noted Singh. The CrowdStrike Falcon platform employs machine learning algorithms and other forms of artificial intelligence (AI) alongside indicators of attacks, deep kernel visibility and behavioral blocking to secure cloud computing environments.
The Falcon OverWatch Cloud Threat Hunting service leverages a CNAPP platform that uses a combination of agents and agentless approaches to automate cybersecurity processes across both managed and unmanaged devices.
While cloud platforms are generally more secure, the processes used to configure them and then deploy applications is often deeply flawed. Developers routinely employ open source tools like Terraform to provision cloud infrastructure as part of an effort to accelerate application development. Most of those developers have limited cybersecurity expertise so, inevitably, mistakes are made. The chronic shortage of cybersecurity expertise means most organizations are not able to keep pace with the rate at which workloads are being deployed in the cloud.
CrowdStrike is making a case for using an AI-based platform to enable cybersecurity teams to keep pace with the rate at which workloads are being deployed and updated in highly dynamic cloud computing environments.
It’s not clear to what degree IT organizations are embracing AI to manage cybersecurity, but as threats become increasingly more sophisticated, it’s clear existing manual processes do not enable cybersecurity teams to respond quickly enough to threats and vulnerabilities. In fact, it’s clear AI is not going to eliminate the need for cybersecurity professionals any time soon. However, it’s also becoming increasingly apparent that many cybersecurity professionals are looking to AI to help balance the cybersecurity playing fields as the overall size of that attack surface that needs to be defended continues to expand. There may even come a day when cybersecurity professionals decline to work for organizations that have not invested in AI to help reduce the overall level of stress they currently encounter.
One way or another, algorithms of all types are playing a much larger role in cybersecurity. The one thing to remember, of course, is that algorithms can be used for good or for malicious purposes, so cybersecurity teams should assume their adversaries are already making similar investments in an escalating cybersecurity arms race.
