Crowd adds multiple updates to Falcon platform moving it further into Zero Trust. the below is somewhat shortened and paraphrased. I don’t understand the tech but I understand that this is good news for Crowdstrike.
CrowdStrike brings behavioral detections to cloud security posture management for the industry’s first adversary-focused cloud security solution
New features in Falcon Horizon leverage CrowdStrike’s powerful telemetry to deliver IOAs for cloud control plane security and provide DevOps tools for faster detection and remediation
Announces new features for Falcon Horizon Cloud Security Posture Management (CSPM) that are powered by the vast, real-time telemetry of the CrowdStrike Security Cloud to deliver behavioral detections and attack patterns for a unique adversary-focused approach to securing the cloud control plane. These new capabilities include continuous threat detection, monitoring and correlation across cloud and on-premises environments, providing security teams the ability to cut through the noise of a multi-cloud environment and take the most effective action.
“Today’s application development lifecycle demands speed and agility, requiring teams to build applications and reconfigure cloud infrastructure on the fly and overwhelming security teams trying to gain control of resources to prevent breaches in the cloud,” said Michael Sentonas, chief technology officer at CrowdStrike. “To proactively protect organizations who are rapidly adopting the cloud, security teams must go beyond indicators of misconfiguration (IOMs) to understand the actors targeting them and the tools being used. Falcon Horizon is the first solution to deliver indicators of attack (IOAs) for the cloud control plane, arming customers with important data on threat activity leveraging cloud misconfigurations to pose serious risks across cloud services so they can quickly detect and stop breaches.”
Powered by CrowdStrike’s industry-leading threat intelligence, Falcon Horizon is the first CSPM solution to deliver an adversary-focused approach for continuous, in-depth control plane threat detection across an organization’s cloud accounts, services and users for AWS and Azure. Security teams receive real-time alerting and reporting on IOAs allowing them to better understand the adversaries and tactics that are targeting their organizations. Additionally, Falcon Horizon provides behavior-based tactics, techniques and procedures (TTPs) detections and guided remediation across the cloud estate, empowering security teams to proactively uncover hidden threats and conduct self-service threat hunting to more quickly spot suspicious activity and stop breaches.
Falcon Horizon’s new Confidence Scoring highlights the most critical Indicators of Attack. This new feature continuously aggregates, assesses and scores cloud control plane threats and changes in configurations to accurately identify malicious activity. The scores help security teams prioritize the most urgent threats, allowing them to rapidly identify, understand and take action against critical threat activity eliminating the time and resources needed for sifting through a barrage of inconsequential alerts.
Additional new capabilities for Falcon Horizon include:
Integration at the speed of DevOps: Enables faster integration and remediation with organizations’ DevOps and collaboration tools through CrowdStrike’s single, powerful API to seamlessly onboard new cloud accounts to keep pace with new digital transformation initiatives.
Unified visibility and control across cloud environments: Providesvisibility and control across multi-cloud and on-premises environments for simplified management and security policy enforcement from a single console, eliminating blind spots, more effectively preventing security incidents and ensuring application availability for any cloud.
Prevention of misconfigurations and compliance violations: Proactively detects misconfigurations, cloud plane security threats and compliance violations with over 250 out-of-the-box adversary-focused policies, saving time and reducing operation costs.
Guided remediation from security experts: Enables security teams to fix issues that leave cloud resources exposed with guided remediation and guardrails that enable developers to avoid critical mistakes.