Crowd adds multiple updates to Falcon platform

Crowd adds multiple updates to Falcon platform moving it further into Zero Trust. the below is somewhat shortened and paraphrased. I don’t understand the tech but I understand that this is good news for Crowdstrike.
Saul

CrowdStrike brings behavioral detections to cloud security posture management for the industry’s first adversary-focused cloud security solution

New features in Falcon Horizon leverage CrowdStrike’s powerful telemetry to deliver IOAs for cloud control plane security and provide DevOps tools for faster detection and remediation

Announces new features for Falcon Horizon Cloud Security Posture Management (CSPM) that are powered by the vast, real-time telemetry of the CrowdStrike Security Cloud to deliver behavioral detections and attack patterns for a unique adversary-focused approach to securing the cloud control plane. These new capabilities include continuous threat detection, monitoring and correlation across cloud and on-premises environments, providing security teams the ability to cut through the noise of a multi-cloud environment and take the most effective action.

“Today’s application development lifecycle demands speed and agility, requiring teams to build applications and reconfigure cloud infrastructure on the fly and overwhelming security teams trying to gain control of resources to prevent breaches in the cloud,” said Michael Sentonas, chief technology officer at CrowdStrike. “To proactively protect organizations who are rapidly adopting the cloud, security teams must go beyond indicators of misconfiguration (IOMs) to understand the actors targeting them and the tools being used. Falcon Horizon is the first solution to deliver indicators of attack (IOAs) for the cloud control plane, arming customers with important data on threat activity leveraging cloud misconfigurations to pose serious risks across cloud services so they can quickly detect and stop breaches.”

Powered by CrowdStrike’s industry-leading threat intelligence, Falcon Horizon is the first CSPM solution to deliver an adversary-focused approach for continuous, in-depth control plane threat detection across an organization’s cloud accounts, services and users for AWS and Azure. Security teams receive real-time alerting and reporting on IOAs allowing them to better understand the adversaries and tactics that are targeting their organizations. Additionally, Falcon Horizon provides behavior-based tactics, techniques and procedures (TTPs) detections and guided remediation across the cloud estate, empowering security teams to proactively uncover hidden threats and conduct self-service threat hunting to more quickly spot suspicious activity and stop breaches.

Falcon Horizon’s new Confidence Scoring highlights the most critical Indicators of Attack. This new feature continuously aggregates, assesses and scores cloud control plane threats and changes in configurations to accurately identify malicious activity. The scores help security teams prioritize the most urgent threats, allowing them to rapidly identify, understand and take action against critical threat activity eliminating the time and resources needed for sifting through a barrage of inconsequential alerts.

Additional new capabilities for Falcon Horizon include:

Integration at the speed of DevOps: Enables faster integration and remediation with organizations’ DevOps and collaboration tools through CrowdStrike’s single, powerful API to seamlessly onboard new cloud accounts to keep pace with new digital transformation initiatives.

Unified visibility and control across cloud environments: Providesvisibility and control across multi-cloud and on-premises environments for simplified management and security policy enforcement from a single console, eliminating blind spots, more effectively preventing security incidents and ensuring application availability for any cloud.

Prevention of misconfigurations and compliance violations: Proactively detects misconfigurations, cloud plane security threats and compliance violations with over 250 out-of-the-box adversary-focused policies, saving time and reducing operation costs.

Guided remediation from security experts: Enables security teams to fix issues that leave cloud resources exposed with guided remediation and guardrails that enable developers to avoid critical mistakes.

“Crowd adds multiple updates to Falcon platform moving it further into Zero Trust. the below is somewhat shortened and paraphrased. I don’t understand the tech but I understand that this is good news for Crowdstrike.
Saul”

Parsing through it here are my interpretations:

“industry’s first adversary-focused cloud security solution”:

They are letting companies not only see where they are vulnerable or misconfigured, but the potential attack techniques that might exploit those weaknesses.

“To proactively protect organizations who are rapidly adopting the cloud, security teams must go beyond indicators of misconfiguration (IOMs) to understand the actors targeting them and the tools being used. Falcon Horizon is the first solution to deliver indicators of attack (IOAs) for the cloud control plane, arming customers with important data on threat activity leveraging cloud misconfigurations to pose serious risks across cloud services so they can quickly detect and stop breaches.”:

IOM’s are like when you’ve left your window latch undone. It’s a mistake in your defensive posture, like not updating a patch on a server. Many tools detect those types of vulnerabilities and make recommendations on how to fix them. IOA’s are a more aggressive security posture, not only is your window unlatched but our motion detection indicate someone walking across your yard. Maybe they are casing the place, maybe it’s nothing, but take appropriate action.

In the real world maybe that’s a particular windows server vulnerability that threat actors are targeting in the healthcare space that they are also susceptible to. With all the data Crowdstrike has they can run analytics across peer groups that gives them insights that might be applicable to a specific company and make a recommendation. Gets you ahead of the potential attack, hopefully before it happens.

“Additionally, Falcon Horizon provides behavior-based tactics, techniques and procedures (TTPs) detections and guided remediation across the cloud estate”:

TTPs are known standard ways that a hacker might try to breech or compromise your systems. It’s sort of a guide to the standard techniques that you might be vulnerable to. An example of a TTP framework many companies are adopting would be the MITRE attack framework. I’m not sure what Crowd’s is based on. So Crowd is detecting those TTPs and then giving companies a guided tool on how to fix the potential exposures. A pro-active vs. reactive “we’ve been breached what should we do now” approach.

“Falcon Horizon’s new Confidence Scoring highlights the most critical Indicators of Attack.”:

Everyone does this but the question is how well. One of the biggest headaches for any security analyst are the many false positives they receive. i.e. an alert “you should do something about this” that is really not a very important concern. When you get flooded with thousands of those it can obscure the actual real vulnerabilities you should be working on or the breaches that are undetected. So you want a smart confidence score that tells you what are the highest probability IOA’s I should put my attention to now. A 10 on a scale of 100 might be a minor issue, a 90 might be all hands on deck this could be serious. No idea how good their system is but knowing Crowd and the AI it has, probably very good and this saves time for analysts, cost for companies and ultimately prioritizes where you spend your valuable time and could be the difference between a major or minor breach.

“Integration at the speed of DevOps: Enables faster integration and remediation with organizations’ DevOps and collaboration tools through CrowdStrike’s single, powerful API to seamlessly onboard new cloud accounts to keep pace with new digital transformation initiatives.”:

Critically important that you have the tools both out of the box and for custom integrations since every company has unique systems that aren’t all standard. If you can’t integrate to it, you can’t see it and protect it. They mention remediation also which might mean integration into ticket or SOAR tools for what you do to manage incidents i.e. your runbook. In the real world for example if there is an earthquake here is what you do… first cover your head, go under a support beam or table, try to exit any building and get to clear area etc. it’s your pre-established procedures when an emergency hits which is better than making it up in the middle of a crisis.

“Unified visibility and control across cloud environments”:

This sounds like creating a single dashboard and tool that gives you a view of all your environments. Rather than one portal into AWS, another into Azure, another into your on-prem systems and another into Google Cloud you have a unified view of all your assets. I’d rather create one policy that I can easily put into place for all my environments than 4 individually applied policies. CISO’s also love the unified views so they can get a snapshot of the security health of their organization and all it’s assets. Picture the guy without this unified view doing what they call swivel chair security as they spin around looking at 5 different monitors and 10 different tools.

“Prevention of misconfigurations and compliance violations: Proactively detects misconfigurations, cloud plane security threats and compliance violations with over 250 out-of-the-box adversary-focused policies, saving time and reducing operation costs.”

Pro-actively is the key here. They don’t make you search for potential misconfigurations or compliance violations. For example, here are your top 10 risks based on our advanced threat knowledge that your adversaries (hackers) will exploit, now let’s fix them. Creates a better security posture and again saves you time. That’s a continual theme for all security organizations since you can’t spend all your time and money doing security, and there are limits to budgets and to how many qualified people you can hire. You need to do more with less, which Crowd seems to be focusing on heavily. that’s your ROI and how they get a bigger slice of the total spend.

"Guided remediation from security experts: Enables security teams to fix issues that leave cloud resources exposed with guided remediation and guardrails that enable developers to avoid critical mistakes. ":

Again save you time with guided tools that tell you exactly how to fix a particular exposure. Guardrails conjures up the image of when they put up the bumpers on a bowling lane so you can’t throw a gutter ball. Same in the security world, they are building tools that don’t let your developers throw a security gutter ball. When you hire a 22 year old fresh out of college or just an older person having a bad day, they make mistakes. This sounds like it helps guide you back before you put that mistake into action.

Crowd seems to be on a roll in the industry.

Parsing through it here are my interpretations:

Thanks so much UMassHoops! What an incredible explanation. You really make Crowdstrike’s press release legible to a non-techie like me.

I really appreciate you taking the time and effort to do that. Really excellent!

Saul