CrowdStrike combines technologies to bridge the gap between detection and response to a sophisticated attack.
CrowdStrike, a cybersecurity company specializing in endpoint, data and identity protection from the cloud, has announced the availability of Falcon OverWatch Cloud Threat Hunting, the industry’s first specialized cybersecurity service to discover and mitigate advanced threats. and hidden operating in cloud environments.
For the implementation of Falcon OverWatch Cloud Threat Hunting, CrowdStrike has developed the first cloud-oriented attack indicators, so that any threat, even the most sophisticated, can be controlled and it is possible for security managers of companies gain complete visibility into cloud environments.
The rapid adoption of cloud-native architectures has opened the door to cybercriminals, as security managers often do not have sufficient visibility into what is happening in their cloud environments, especially the more complex ones.
Leveraging CrowdStrike’s CNAPP capabilities, the team of professionals behind Falcon OverWatch Cloud Threat Hunting checks for anomalous or unexpected behavior in order to prevent any incident or security breach and proactively alerts of any cloud-based attack, including :
- Activities carried out by criminals and carried out in cloud infrastructures such as Amazon Web Services, Google Cloud Platform or Microsoft Azure, among others.
- Sophisticated activities including interactive intrusions, where the criminal has a console and executes commands on the victim’s infrastructure; and those of zero-day, in which unknown vulnerabilities are exploited and that can compromise cloud workloads or containers in production.
- Indicators of cloud activity, such as control planes (the set of services within the network that perform traffic management functions such as security, routing, load balancing, and analytics), serverless vulnerabilities (operating model of cloud computing in which applications depend on managed services that eliminate the need to manage, patch, and secure infrastructure and virtual machines), misconfigurations, application behavior anomalies, container leaks (where the attacker exploits vulnerabilities to traversing isolation boundaries by gaining access to host system resources), escalation of privileges, or compromised nodes, among others.
- Paths of attack in which traditional technological assets are first exploited in order to access and then pivot towards applications, systems and data in the cloud.
“CrowdStrike has consolidated the concept of unifying leading technologies with proactive defenses so that complete protection can be achieved that reduces or closes the gap between detection and response.” says Shawn Henry, Chief Security Officer and President of the Services Area at CrowdStrike. “We are now taking this idea to Falcon OverWatch Cloud Threat Hunting, a specialized service that did not exist in the industry until now. Companies can access experts at any time of the day without the need to incur additional expenses to hire, train and prepare their own security teams.”.
Eddie is an Australian news reporter with over 9 years in the industry and has published on Forbes and tech crunch.