New Crowdstrike capabilities

Some news from Crowdstrike’s blog about new capabilities.

Here’s the blogpost:…

And here’s the report on it from BusinessWire:

CrowdStrike (Nasdaq: CRWD), a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, today introduced new adversary-focused Cloud Native Application Protection Platform (CNAPP) capabilities to accelerate threat hunting for cloud environments and workloads and reduce the mean time to respond. Delivered from the Falcon platform, the new capabilities bring together CrowdStrike’s popular Falcon Horizon (Cloud Security Posture Management or CSPM) and Falcon Cloud Workload Protection (CWP) modules via a common cloud activity dashboard to help security and DevOps teams prioritize top cloud security issues, address runtime threats and enable cloud threat hunting. The updates also include new ways to use Falcon Fusion (CrowdStrike’s SOAR framework) to automate remediations for Amazon Web Services (AWS), new custom Indicators of Misconfigurations (IOMs) for Google Cloud Platform (GCP), new ways to prevent identity-based threats for Microsoft Azure and more.

CrowdStrike’s adversary-focused approach to CNAPP provides both agent-based (Falcon CWP) and agentless (Falcon Horizon) solutions delivered from the Falcon platform. This gives organizations the flexibility necessary to determine how best to secure their cloud applications across the continuous integration/continuous delivery (CI/CD) pipeline and cloud infrastructure across AWS, Azure and GCP. The added benefit of an agent-based CWP solution is that it enables pre-runtime and runtime protection, compared to agentless-only solutions that only offer partial visibility and lack remediation capabilities.

“What sets CrowdStrike apart from other vendors in the market is that we offer agent-based and agentless solutions, which provides organizations with comprehensive visibility, detection and remediation capabilities to secure their cloud infrastructure,” said Amol Kulkarni, chief product and engineering officer at CrowdStrike. “Additionally, we offer breach protection for cloud workloads, containers and Kubernetes for both multi-cloud and hybrid cloud environments for organizations, who get access to real-time alerting and reporting on more than 150 cloud adversaries. Our adversary-focused approach to CNAPP, powered by our industry-leading threat intelligence, ensures that organizations are best equipped to stop cloud breaches.”

CrowdStrike’s adversary-focused CNAPP capabilities include:

New centralized console for Falcon Horizon and Falcon CWP

Cloud activity dashboard. Unify CSPM insights from Falcon Horizon with workload protection from Falcon CWP into a single user experience to prioritize top issues, address runtime threats and enable cloud threat hunting, resulting in faster investigation and response.

New capabilities for Falcon Horizon

Automated remediation workflow for AWS. Respond to threats with guided and automated remediations powered by Falcon Fusion. Workflows give context and prescriptive guidance needed to fix issues and reduce time to resolve incidents.Identity access analyzer for Azure. Prevent identity-based threats and ensure Azure AD groups, users and apps have permissions enforced based on least privilege. This capability extends Falcon Horizon’s existing identity access analyzer functionality for AWS.Custom Indicators of Misconfigurations (IOMs) for GCP. Ensure security is part of every cloud deployment with custom policies that align with business goals. This capability extends Falcon Horizon’s existing custom IOM functionality for AWS and Azure.

New capabilities for Falcon CWP

Falcon container detection. Defend against malware and sophisticated threats targeting containers automatically with machine learning (ML), artificial intelligence (AI), indicators of attack (IOAs), deep kernel visibility and custom indicators of compromise (IOCs) and behavioral blocking.Rogue container detection. Maintain an up-to-date inventory as containers are deployed and decommissioned. Additionally, scan rogue images and identify and stop containers launched as privileged or writable - which can be used as entry points for attacks.Drift container prevention. Discover new binaries created or modified at runtime to protect the immutability of the container.

“One of the big benefits I’ve witnessed is that CrowdStrike is constantly innovating and enhancing its cloud security offerings, such as Falcon Horizon, which we use to monitor our cloud environment and detect misconfigurations, vulnerabilities and security threats,” said Dave Worthington, general manager of digital security and risk at Jemena. “CrowdStrike’s CNAPP provides a deep and accurate view of the cloud threat landscape that we believe sets them apart from the competition.”

“We’re blown away by the performance of CrowdStrike, as there is minimal CPU demand and negligible impact on system performance. With Falcon Horizon, we’re able to eliminate security blindspots by continuously monitoring our cloud environment for misconfigurations,” said Jason Waits, director of cyber security at Inductive Automation. “We think CrowdStrike extending the Falcon platform to support CNAPP can provide comprehensive cloud security with threat hunting capabilities that no other vendor can match.”

“CrowdStrike’s ability to provide an adversarial perspective on cloud attack chains supports the strategic imperative for organizations to update their threat model to include their cloud footprint,” said Doug Cahill, vice president, analyst services and senior analyst at Enterprise Strategy Group (ESG). “Additionally, the rise of cloud threats demands a comprehensive approach to cloud security and CrowdStrike is well-positioned to address this need with the Falcon platform, which integrates agent-based and agentless solutions to provide end-to-end security from code to runtime.”

All CNAPP capabilities will be generally available for customers in May.

My comments and a word about macro-trends:

I don’t pretend to know how exactly all this works, despite reading Muji’s deep dives on the technology. But I have been increasing my CRWD position over the past few months. It is now a 16.5% position for me. Others have parsed out the numbers far better than I can, but I can highlight the things in the macro environment as well as other aspects of the company that are helping my confidence to grow.

Company-specific stuff:

  1. They release new features on a regular basis. By itself that is interesting, but companies can also get to feature-bloat. Features for the sake of features may not amount to much or can weigh a company down. However…

  2. Along with new features, they also have frequent announcements about new partners and important customers, including climbing up the considerable walls of access to the federal government. That tells me that the new features are desirable, working well, and a net asset to CRWD’s ability to gain new customers and grow.

  3. Management. Yes, Kurtz has a massive ego and a brash style. But he has a 95% approval rating on Glassdoor and 85% would recommend working there to a friend. That tells me that however much he might denigrate his competitors (especially $S) on conference calls, he does not abuse those who work for him and has managed to create a culture of very talented and committed people at the company. That is what the greatest companies are made of, imo.

  4. Antifragility. Nassim Taleb defines something that actually improves under stress and difficulty as being “antifragile.” Something fragile breaks under stress. Something resilient stays intact under stress. But something that actually improves under stress, the way the muscles in our bodies get stronger when we stress them in exercise, he calls “antifragile.”

I see Crowdstrike and any company that uses AI/ML in their primary operation as being antifragile. The more they are tested, the more the algorithm improves, and the stronger they get at their core function. That, of course, makes them more valuable to their customers. The closer the AI/ML is to the core function of the business, the more they prosper. This is key to my Upstart thesis as well.


  1. Cybersecurity is a must-have now for every business on earth–and now, those businesses working above the earth in satellites and space stations as well. Every individual engaging anything at all online needs it. No company is going to cut their cybersecurity budgets and with ever-evolving threats, those budgets will grow as new features are developed and needed.

  2. The world right now is at war, either directly or by proxy. Cyber capabilities are a military asset and are at a level where it is possible to disable not just individual companies but military systems and nations. This increases the importance item #1 by an order of magnitude, but it also gives an enormous boost to the strength to be gained for an antifragile company like Crowdstrike.

Because CRWD is already a leader in the space (I think the leader can be argued.), they are literally on the front lines of every act of cyber-aggression around the world. I pointed out in a previous thread that having Cloudflare (NET) using CRWD (partnership described here:…) while remaining in Russia (…) means that they are both getting hammered every second by the best hackers in the world.

For companies like NET and CRWD that are antifragile–for those that learn and grow stronger with every swing of that hammer–I believe they are gaining an unshakable advantage from being on the frontlines of these fights. As has been said repeatedly about UPST (which is now facing the economic stress test that will improve its algorithms as well), it is very hard for a newer company to make up the massive data advantage the leaders and first-movers have in AI/ML. The leaders would have to suddenly stop acquiring new data, and it would still take years for even a great company just starting up to catch them. I would argue that the cybersecurity companies gathering the most data about the most sophisticated and evolved threats on the planet today are CRWD and NET.

CRWD 16.5%
NET 11%
UPST 24%