CrowdStrike and AWS Expand Partnership to Offer Customers DevOps-Ready Security

Cloud-based services are augmenting business operations and being adopted at a record pace. In fact, ​Gartner® estimates “more than 85% of organizations will embrace a cloud-first principle by 2025 and will not be able to fully execute on their digital strategies without the use of cloud-native architectures and technologies.”

As cloud adoption continues unabated, adversaries are becoming increasingly adept at finding security gaps to exploit cloud environments. According to the CrowdStrike 2022 Global Threat Report, cloud-based services are “increasingly abused by malicious actors in the course of computer network operations (CNO), a trend that is likely to continue in the foreseeable future as more businesses seek hybrid work environments.”

Defending cloud-based services requires securing a rapidly growing attack surface. DevOps and security teams must enforce continuous monitoring and protection from the development process to runtime to ensure DevOps-ready security. Agentless-only solutions only offer partial visibility and lack remediation capabilities. Securing the cloud requires an approach that combines agentless scanning with agent-driven protection, ensuring that DevOps and security teams are able to deploy the protection they need regardless of their environment. They need integrated protection and visibility to understand and stay ahead of modern adversaries.

CrowdStrike continues to extend our partnership with AWS to provide DevOps-ready security, and this week we’re making multiple key announcements to underscore our commitment: our Threat Detection and Remediation distinction in the AWS Security Competency; our role as a Launch Partner of AWS services; and our Service Ready designation.

AWS Security Competency Re-Launch

CrowdStrike is excited to announce today that it has achieved Threat Detection and Remediation distinction in the AWS Security Competency. This designation recognizes that CrowdStrike has successfully met AWS’s technical and quality requirements for providing customers with a deep level of protection and expertise in threat detection and remediation to help them achieve their cloud security goals.

Achieving the Threat Detection and Remediation distinction in the AWS Security Competency differentiates CrowdStrike as an AWS partner that provides specialized solutions designed to help companies — from startups and mid-sized businesses to the largest global enterprises — to adopt, develop and deploy security into their AWS environments, increasing their overall security posture on AWS. To receive the designation, partners must possess deep AWS expertise and deliver solutions seamlessly on AWS.

CrowdStrike Named a Launch Partner of AWS Services

Humio-powered Amazon GuardDuty Malware Protection: Amazon is launching Amazon GuardDuty Malware Protection for potentially compromised Amazon Elastic Compute Cloud (Amazon EC2) instances and containers running on Amazon EC2 (Amazon Elastic Kubernetes Service [Amazon EKS], Amazon ECS and customer-managed Kubernetes). Once Amazon GuardDuty Malware Protection enhancement is enabled and Amazon GuardDuty detects suspicious activity on a workload, it will initiate a malware scan on the associated Amazon EC2 instance. With the new Amazon GuardDuty Malware Protection, customers will have more context to detect malicious software as the source of suspicious behavior so they can take appropriate response actions. Amazon GuardDuty Malware Protection detects malware on Amazon Elastic Block Store (Amazon EBS)-backed Amazon EC2 instances and containers. If malware is detected during the scan, an additional finding will be generated by Amazon GuardDuty.

As a launch partner for Amazon GuardDuty Malware Protection, CrowdStrike provides customers with a specific Humio shipper for these Amazon GuardDuty logs to ingest all events identified, including the new types introduced with this release. This combination will include queries and dashboards for customers to contextually analyze, report and act based on the findings in Amazon GuardDuty. Customers will now have greater extensibility to use the breadth of services at AWS to simplify routing of logs to Humio, enabling accelerated threat hunting and search across their AWS footprint for novel and advanced cyber threats. As a launch partner, CrowdStrike provides customers with:

  • defense-in-depth approach to protect instances that may not be protected or address blind spots where CrowdStrike Falcon®® agents aren’t deployed
  • Context enrichment from other applications and platform logs
  • Automated remediation such as getting notified of Humio’s built-in actions or isolating an Amazon EC2 instance for incident response with a webhook
Figure 1. Amazon GuardDuty dashboard in the CrowdStrike Humio console

AWS Service Ready Achievements

The AWS Service Ready Program is designed to validate software products that are built by AWS partners and work with specific AWS services. These software products are technically validated by AWS Partner Solution Architects for their sound architecture and adherence to AWS best practices, and for their market adoption including customer successes. CrowdStrike has completed all of the requirements for two Service Ready Programs:

AWS Graviton Ready: AWS Graviton processors are designed to deliver the best price performance for cloud workloads running in Amazon EC2. As an AWS Graviton Ready Partner, CrowdStrike provides:

  • Industry-leading protection across AWS Graviton-powered workloads through machine learning and artificial intelligence
  • Unparalleled visibility and alert context across compute services powered by Graviton processors, including Amazon EC2
  • Unified security across endpoints, cloud workloads and identity

AWS PrivateLink Service Ready: AWS PrivateLink provides private connectivity between VPCs, AWS services, and your on-premises networks, without exposing your traffic to the public internet. AWS PrivateLink makes it easy to connect services across different accounts and VPCs to significantly simplify your network architecture. CrowdStrike is now an AWS PrivateLink Ready Partner, and the integration enables customers sensor-to-cloud traffic to flow via AWS PrivateLink, reducing internet exposure and simplifying network architectures.

The Powerful Benefits of CrowdStrike and AWS

Our joint solutions and integrations in various AWS services are powered by the CrowdStrike Security Cloud and the CrowdStrike Falcon® platform, which leverage real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities. Customers benefit from better protection, better performance and immediate time-to-value. With over a dozen service-level integrations available, joint AWS and CrowdStrike customers are provided with a consistent security posture between their on-premises workloads and those running in the AWS cloud for DevOps-ready security.

  • Unified hybrid security experience: CrowdStrike supports secure deployment and management of AWS Graviton processors, and workloads across Amazon EKS, AWS Fargate, and Amazon EKS Anywhere. With a single lightweight agent and single management console, customers can experience a unified, end-to-end experience from the host to the cloud. No matter where compute workloads are located, customers benefit from visibility, compliance and threat detection and response to outsmart the adversary.
  • A modern and consistent security approach: The latest integrations, support and Service Ready achievements from CrowdStrike for AWS allow organizations to implement a modern enterprise security approach where protection is provided across your AWS infrastructure to defend against sophisticated threat activity.

Try a 15-day trial to see how the CrowdStrike Falcon® platform’s superior cyberattack prevention, malicious activity detection and immediate response capabilities can be fully deployed in minutes to protect your business.

Endnotes

  1. Gartner, “Gartner Says Cloud Will Be the Centerpiece of New Digital Experiences,” November 10, 2021.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.

Additional Resources

Breaches Stop Here