CrowdStrike Showcases Cloud Security Innovation and Leadership at AWS re:Invent

As organizations accelerate their innovation in the cloud and their adoption of AI, securing AI workloads and identities has become critical. Misconfigurations, vulnerabilities and identity-based threats expose high-value assets to potential manipulation and exploitation. For AWS customers, advancing cloud security means establishing resilient guardrails that protect innovation without compromising speed.

Speed is critical as adversaries accelerate their operations. The CrowdStrike 2024 Global Threat Report revealed adversaries’ average breakout time — the time it takes to move from an initially compromised host to another host in a target environment — is down to just 62 minutes. Cloud intrusions jumped 75% between 2022 and 2023, driving the need to tackle common challenges such as poor visibility, unprotected workloads and delayed threat response.

All the while, organizations face new threats to the very workloads and AI models driving their innovation. Images and containers deployed with vulnerabilities and misconfigurations can put critical infrastructure at risk. Attackers are quick to exploit weaknesses to manipulate outcomes, steal proprietary algorithms or even repurpose infrastructure for malicious ends. The need for a robust, trusted and comprehensive cloud security solution has never been more urgent. 

CrowdStrike is pleased to announce several new innovations and integrations with AWS to modernize cloud security. Read on to learn more about: 

  • Innovations made to protect AI workloads
  • Integrations with AWS to secure code before deployment
  • How CrowdStrike enhances cloud detection and response across AWS
  • CrowdStrike named Partner of the Year by AWS in several categories 

Protecting AI Workloads

As organizations race to adopt cloud and AI, security teams struggle to keep pace. Emerging technologies can be gold mines for adversaries, exposing new attack paths that can be used as footholds into critical infrastructure. CrowdStrike’s new capabilities help organizations secure every stage of the software development lifecycle — from build to runtime to posture management — to secure AI deployments and protect sensitive data on AWS, enabling them to innovate with peace of mind.

Extending Support to Amazon SageMaker

At Fal.Con 2024, we announced AI security posture management (AI-SPM) features to detect misconfigurations and risks across platforms like OpenAI, Amazon Bedrock and Vertex AI, helping prevent AI-specific threats such as model tampering or poisoning. We are now excited to announce additional support for AWS SageMaker, a fully managed machine learning (ML) service. 

With Amazon SageMaker, data scientists and developers can quickly build, train and deploy ML models into a production-ready hosted environment. Now with CrowdStrike supporting Amazon SageMaker, organizations can build confidently as they innovate in the cloud.

Scanning AI Container Images

CrowdStrike Falcon® Cloud Security now monitors AI model runtime behavior to detect and respond to threats in real time. With our new release, Falcon Cloud Security extends its protection to the build phase, covering the entire lifecycle from build to runtime and posture management. Falcon Cloud Security scans for vulnerabilities and misconfigurations, enabling organizations to secure AI workloads before deployment. This approach helps organizations identify and mitigate risks early, preventing breaches and ensuring the secure deployment of AI workloads. 

Figure 1. Overview Dashboard that surfaces risks and detections for AI Services Figure 1. Overview Dashboard that surfaces risks and detections for AI Services

Together, these innovations deliver a unified, proactive approach to protecting cloud environments and providing the full context needed to stay ahead of emerging threats.

CrowdStrike Achieves AWS AI Competencies

AWS GenAI Competency: CrowdStrike has achieved the AWS Generative AI Competency, distinguishing us as a leader in advancing generative AI solutions that drive innovation and efficiency. This competency reflects CrowdStrike's expertise in leveraging AWS generative AI tools to build, train, deploy and scale foundational AI models to elevate the security analyst experience. 

AWS Security Competency — AI Security: CrowdStrike has achieved the AWS Security Competency in the AI Data Security Category, highlighting our expertise in safeguarding AI workloads across critical security environments. This competency recognizes CrowdStrike's advanced capabilities in ensuring AI data privacy, maintaining AI model integrity and availability, preventing generative AI abuse, and detecting and mitigating AI-specific threats. 

New CrowdStrike and AWS Integrations Secure Code Before Deployment

EC2 Image Builder

Falcon Cloud Security is now available as a software component within AWS EC2 Image Builder console, a fully managed service that simplifies the customization, testing, distribution and lifecycle management of Amazon Machine Images (AMIs) and container images. With this integration, customers can seamlessly add Falcon Cloud Security runtime protection to their EC2 Image Builder recipes to create golden images. 

This feature boosts reliability and reduces maintenance, highlighting CrowdStrike’s commitment to providing trusted solutions that drive security from the very beginning. Identifying risks early can help prevent the deployment of compromised or unsecure images, ensuring consistent protection across all workloads from the moment they are created.

AWS Built-in EKS Support

Businesses expanding on AWS need security that operates at cloud speed. CrowdStrike uses AWS Built-in multi-account integration to automate deployment and use the cloud’s event-driven architecture. Today, we’re excited to announce we have extended support to Amazon EKS, enabling automatic deployment of Falcon Cloud Security runtime and cluster protection on EKS clusters. 

Managing EKS security across multiple accounts and regions typically requires separate deployment efforts, reducing agility and time-to-value. CrowdStrike’s built-in solution streamlines deployments with a single, configurable CloudFormation template, simplifying security management and unifying the customer experience by eliminating the complexities of combining separate software and data sources.

Additionally, Falcon Cloud Security container protection fully supports the newly announced Amazon EKS Auto Mode, which simplifies EKS cluster operations by automating provisioning, scaling and management of cloud infrastructure for Kubernetes applications.

AWS IAM Identity Center

We are expanding the security coverage of CrowdStrike Falcon® Identity Protection to include AWS IAM Identity Center, extending the existing protection for on-premises Active Directory and cloud identity providers like Entra ID, Ping and Okta. This integration provides organizations with unified visibility and protection across identity providers, including AWS IAM Identity Center users, enabling security teams to efficiently track permissions, monitor authentication patterns, identify high-risk users and consolidate identity data within the CrowdStrike Falcon® platform for simplified compliance and auditing. Read more in this blog post: CrowdStrike Falcon Identity Protection for AWS IAM Identity Center Bolsters AWS Security Posture.

As identity-related threats grow in volume and complexity, Falcon Identity Protection empowers businesses to proactively detect and respond to potential risks, securing permissions and preventing lateral movement attacks to strengthen their AWS security posture.

Enhancing Cloud Detection and Response Across AWS

In response to adversaries’ growing speed, CrowdStrike has introduced innovations to help organizations detect and respond faster in the cloud. Organizations need robust capabilities to detect, investigate and respond to active threats while proactively eliminating weak points and potential attack pathways.

Accelerate Investigations with Complete Visibility

This race against the adversary starts with complete visibility into potential attack paths, including visibility from endpoint to cloud to identity. Adversaries can exploit weaknesses in assets along the attack path to move deeper into a target environment and achieve their objectives.

Our attack path analysis supports a host of AWS resources. We continue to grow the number of cloud and identity resources we support for AWS, as well as GCP and Azure, to provide complete visibility. New resources include AWS IAM User, AWS DynamoDB, AWS RDS instance, Azure AD User, Azure Disk, Azure Storage account, GCP IAM role and GCP Cloud Storage. 

Automatically piecing together an adversary’s full path enables security teams to investigate and respond more swiftly, strengthening security posture and providing better protection for critical assets.

Figure 2. Attack path analysis in Falcon Cloud Security Figure 2. Attack path analysis in Falcon Cloud Security

Respond Faster with Query Builder

Falcon Cloud Security has a new feature enhancement to Custom Query Builder, which enables organizations to respond faster by enabling customers to uncover vulnerabilities across domains and modules using custom parameters and unique risk criteria. 

With complex, nested queries, customers can now identify assets that meet selected criteria — such as internet exposure, IOAs/IOMs volume, ExPRT.AI ratings and runtime detections — while refining searches to specific environments or accounts to target remediation efforts when threats are active. This functionality empowers threat hunters to explore high-priority scenarios quickly, improving risk mitigation and streamlining investigations with predefined and customizable queries that give fast access to essential information.

Figure 3. Custom Query Builder in Falcon Cloud Security Figure 3. Custom Query Builder in Falcon Cloud Security

CrowdStrike Achieves the AWS Security Responder and Amazon Security Lake Ready Specializations

AWS Security Incident Response Specialization

AWS has awarded CrowdStrike with the AWS Security Incident Response Specialization, which recognizes that CrowdStrike is validated for providing a streamlined incident response solution. AWS customers benefit from working with Security Incident Response Specialization Partners that work in tandem with AWS to mitigate threats to customer environments. 

For example, during an incident, the CrowdStrike Incident Response team can use the CrowdStrike Falcon platform to collaborate and communicate quickly with the AWS Security Incident Response team and the customer.  The integration enables secure sharing of CrowdStrike Falcon event data across the customer's enterprise with the AWS Security Incident Response. It also allows the AWS Security Incident Response team to share the customer's historical AWS log and event data with the CrowdStrike Incident Response team, accelerating their ability to understand the scope and impact to the customer's AWS environment.

Amazon Security Lake Ready Specialization

We are excited to announce our achievement of the Amazon Security Lake Ready Specialization. Amazon Security Lake provides a centralized security data repository from AWS, SaaS, on-premises and cloud sources into a purpose-built data lake, which can be used for customer-specific use cases ranging from long-term compliance retention to security investigations.

Amazon Security Lake manages the data lifecycle, governance and consolidation of AWS and third-party log and event data on Amazon S3, reducing the number of data connectors that must be configured and managed as their AWS organization adds sub-accounts and data sources. Amazon’s Security Lake’s adoption of the Open Cybersecurity Schema Framework (OCSF) ensures a unified schema for security events.

As a Security Lake Ready Partner, CrowdStrike acts as a data source by providing a mechanism for translating Falcon platform events into OCSF and writing them to Amazon Security Lake for processing by AWS analytics and AI/ML services. CrowdStrike also acts as a subscriber by providing a CrowdStrike Falcon® Next-Gen SIEM data connector designed to ingest and parse OCSF-formatted data for immediate use. Customers can reduce operational overhead by consolidating AWS and other third-party data sources on Amazon Security Lake, and then maintaining a single data connector to bring selected data into Falcon Next-Gen SIEM. 

CrowdStrike and AWS help customers strengthen the protection of workloads, applications and data by allowing for efficient data analysis, investigation and response to security events across cloud, SaaS and on-premises environments.

Build with AWS, Secure with CrowdStrike

CrowdStrike is committed to empowering organizations to securely build with AWS by providing the cloud-native security needed to safeguard modern cloud environments.

CrowdStrike Receives AWS Partner of the Year Awards

CrowdStrike is excited to receive multiple 2024 Geography and Global AWS Partner Awards, which recognize leaders around the globe with key roles in helping customers drive innovation and build solutions on Amazon Web Services. CrowdStrike was selected as the winner of the following AWS Partner Awards:

  • Global Security Partner of the Year: CrowdStrike is recognized as the top partner that has proven customer success in securing every stage of cloud adoption, from initial migration through ongoing day-to-day management.
  • North America Marketplace Partner of the Year: CrowdStrike is recognized as AWS’s top Marketplace Partner with significant AWS Marketplace transactions.
  • Latin America Public Sector Technology Partner of the Year: CrowdStrike is recognized as the top AWS Public Sector Technology Partner with cloud-based solutions and experience supporting government, space, education and nonprofits around the world.

CrowdStrike is also excited to announce it is a finalist for several of the 2024 Geography and Global AWS Partner Awards. These include: 

  • North America Industry Partner of the Year — Telco
  • Global Public Sector Global Technology Partner of the Year
  • North America Public Sector Technology Partner of the Year
  • Global State or Local Government Technology Partner of the Year
  • Global Non-Profit Organization (NPO) Technology Partner of the Year
  • Global Healthcare Technology Partner of the Year
  • APJ Technology Partner of the Year
  • Global Infrastructure Technology Partner of the Year

Additional Resources

Breaches Stop Here