CrowdStrike Integrated Intelligence and Deployment Automation Enhance New AWS Network Firewall

CrowdStrike is thrilled to be attending the AWS re:Invent 2020 virtual event as an AWS Partner Network (APN) sponsor and delighted to be named as a launch partner for the recently announced AWS Network Firewall. Please join us at our sponsor booth and attend our session. As launch partner, CrowdStrike is announcing a new integration with AWS Network Firewall for customers that have CrowdStrike® CROWDSTRIKE FALCON® INTELLIGENCETM and Falcon PreventTM subscriptions. With this integration, customers are able to leverage CrowdStrike Falcon®® platform capabilities by extending threat intelligence and deployment automation to streamline incident response (IR) and simplify operations. This includes adding domain indicators of compromise (IOCs) to the AWS Network Firewall for IR and proactive threat hunting.

 

Soon after this launch, CrowdStrike will provide an AWS CloudFormation template that will allow customers to evaluate the service and CrowdStrike’s integration with it.

 

 

 

AWS Network Firewall is a managed service that makes it easy to deploy essential network protections for all of your Amazon Virtual Private Clouds (VPCs). The service can be set up with just a few clicks and scales automatically with your network traffic, so you don't have to worry about deploying and managing any infrastructure. AWS Network Firewall’s flexible rules engine lets you define firewall rules that give you fine-grained control over network traffic, such as blocking outbound Server Message Block (SMB) requests to prevent the spread of malicious activity.

 

You can also import rules you’ve already written in common open-source rule formats as well as enable integrations with managed intelligence feeds sourced from AWS partners. AWS Network Firewall works with AWS Firewall Manager, so you can build policies based on AWS Network Firewall rules and then centrally apply those policies across your VPCs and accounts. For security and compliance purposes, customers often have to control ingress and egress traffic related to Amazon Elastic Compute Cloud (Amazon EC2) instances and containers. Previously, in order to achieve domain filtering, customers would have used a combination of NAT gateways and Squid or third-party firewalls. Stateful TCP/IP and UDP inspection was performed using Security Groups. AWS Network Firewall extends the ability to monitor and control ingressing and egressing network traffic via its integration with AWS Firewall Manager and its ability to scale automatically.

 

 

Security from Day One with Multiple AWS Accounts

 

Earlier this year, CrowdStrike announced integration with AWS Control Tower, which provides organizations that have multiple accounts and teams an easier way to set up their new multi-account AWS environments and govern at scale.

 

CrowdStrike Falcon® Cloud Workload Protection seamlessly integrates with AWS Control Tower via APIs, delivering comprehensive protection and visibility across all Amazon EC2 resources from initial setup. Rich AWS context helps customers quickly create ready-to-move-in cloud environments with security deployments automated from the beginning. We have created a step-by-step implementation guide with templates that help you monitor and secure your environment, spanning across multiple AWS accounts.

 

A Modern Enterprise Approach to Security

The latest integrations from CrowdStrike for AWS allow organizations to implement a modern enterprise security approach where network-layer protection works in conjunction with cloud workload protection controls to defend against sophisticated threat activity. This allows customers to build a seamless line of defense across cloud workloads hosted in Amazon VPCs across multiple AWS accounts.

 

In September 2020, CrowdStrike announced support for compute services AWS Graviton, Amazon Workspaces and Bottlerocket, and cloud services AWS PrivateLink and AWS Control Tower. In addition, CrowdStrike recently introduced Falcon Horizon™ and Falcon for AWS, which provide cloud security posture management and cloud workload protection and have been certified for Amazon Linux 2 support.

 

CrowdStrike has also implemented an integration with Amazon GuardDuty — which protects against vulnerabilities, malicious activity and unauthorized behavior — and participated in the launch of AWS Security Hub for aggregating and managing security alerts across AWS accounts. CrowdStrike is an APN Advanced Technology Partner and has achieved AWS Security Competency status. CrowdStrike product offerings are available in the AWS Marketplace.

Additional Resources