CrowdStrike Falcon Cloud Security Introduces Application Context to Runtime Detections

Since CrowdStrike’s acquisition of Bionic, we have been embedding application security posture management (ASPM) capabilities into CrowdStrike Falcon® Cloud Security, creating a unified solution that bridges the gap between proactive security for cloud security teams and cloud runtime protection for security operations. 

We are excited to share new ASPM updates in Falcon Cloud Security, built to help teams detect and respond faster to today’s cloud-focused adversaries. In this blog, we explore what’s new.

Cross-Domain Visibility Across Endpoint, Identity, and Cloud

SCATTERED SPIDER is one of many adversaries increasingly executing cross-domain attacks. This adversary, for example, has been observed accessing victims’ Microsoft 365 environments to search SharePoint Online for VPN setup instructions, logging into the VPN, and moving laterally to on-premises servers.

From there, they have used Azure Run Commands and similar cloud capabilities to pivot from the cloud control plane to compute instances. To combat these sophisticated attack chains, we have enriched and correlated the data collected in the CrowdStrike Falcon® cybersecurity platform to provide a unified view of cross-domain threats so teams can detect and respond faster. 

CrowdStrike is excited to announce a first-of-its-kind integration that embeds application insights within runtime detections, delivering unmatched visibility and protection for critical services.

CrowdStrike Falcon® ASPM now delivers enriched data to support endpoint and container detections in Falcon Cloud Security. This new feature integrates ASPM findings into runtime detections to improve visibility into risk, business criticality, and dependencies through cross-domain telemetry. This enhances runtime detection context by connecting application-specific data to refine threat detection and remediation efforts. 

SOC teams face a lack of application-specific context in runtime detections, making it difficult to accurately assess the impact of threats and collaborate with application owners. This gap leads to inefficiencies in investigations, such as interviews with development teams to understand the extent of data at risk. Responses can be slow and may include outdated information that leads to misaligned remediation efforts or unnecessary disruptions to critical business services. 

This integration will provide an in-depth understanding of how threats impact interconnected applications and endpoints. In the case of endpoint detections, it identifies the specific application(s) running on the affected endpoint, allowing security teams to trace threats back to their source and assess potential lateral movement. Similarly, for container detections, it pinpoints the exact application running within the compromised container and provides crucial context for understanding and mitigating risks in cloud-native environments. 

These advancements equip SOC teams with actionable insights that accelerate detection and response, enable clear visibility into the business impact of threats, and minimize operational disruptions while protecting critical services.

See It in Action

Integrating ASPM with Falcon Cloud Security provides teams with a unique business context, allowing them to rapidly understand the true business impact of threats, risks, and vulnerabilities across their cloud environments.

Introducing Golang Support for Falcon ASPM

Java, .net, node.js, and Python have been generally available to Falcon ASPM customers. We are excited to announce the addition of Golang as the latest supported language. Golang has experienced significant growth in recent years, consistently climbing among top programming languages since 2020.¹ Its popularity in cloud-native and microservices architectures has surged, making it a critical focus for application security.

Recognizing this trend, CrowdStrike has extended Falcon ASPM support to include Golang. This aligns with our commitment to providing comprehensive security coverage across all major languages and frameworks.

By adding Golang support, we ensure our customers are protected as they adopt and scale Golang in their applications. This enables:

• Mapping of downstream and upstream dependencies of Go-based applications
• Detection of Golang-specific vulnerabilities that are found on reachable libraries, enabling teams to further prioritize remediation efforts
• Enforcing secure coding practices in Golang projects by implementing policies to detect issues such as unapproved library versions, unencrypted credentials, and other security risks.
• Consistent security posture across multi-language environments

The Power of Integration

In addition to the announcements above, here’s a roundup of what we’ve accomplished so far since the Bionic acquisition:

• Enhanced Vulnerability Scanning: Falcon Cloud Security, including ASPM, has been integrated with CrowdStrike Falcon® Exposure Management. This gives customers full visibility into vulnerabilities across their cloud environment, with ExPRT.AI automatically prioritizing the most critical threats — so teams can focus on those actively exploited by adversaries.
• Integrated Misconfigurations: Falcon Cloud Security’s indicators of misconfiguration (IOMs) are shown as signals in ASPM, providing contextual severity and impact of the service risk score.
• Multi-Tenancy Support: This delivers scalability for enterprises managing complex environments.
• Falcon Cloud Security Console Integration: This offers a unified user experience that connects insights across platforms.

These initial integrations have significantly benefited customers by accelerating onboarding and simplifying access, allowing new users to quickly tap into the CrowdStrike Falcon platform's robust capabilities. They have also enhanced the efficiency of threat detection and response through stronger correlation of findings across the platform. Additionally, a unified user interface has streamlined operations, enabling teams to navigate seamlessly and work more effectively.

CrowdStrike sets the standard in cloud security with Falcon Cloud Security, the first CNAPP to natively integrate ASPM. By delivering comprehensive visibility, precise risk scoring, and seamless workflows, Falcon Cloud Security enables organizations to better protect every layer of their cloud environment with confidence. Falcon Cloud Security is designed to provide broader visibility and better protection across every layer — from infrastructure to applications and data.

Additional Resources 

• Download the CrowdStrike 2024 State of Application Security Report.
• Read our eBook: Application Security Posture Management: Securing Cloud-Native Applications at Scale.
• Read this blog: Shift Left, Measure Right: Assessing the Efficacy of Application Security in the Age of CI/CD.

Source:

1 TIOBE Programming Community Index, https://www.tiobe.com/tiobe-index/