CrowdStrike Empowers DevSecOps Teams to Strengthen and Streamline Cloud Security

Enhancements to Falcon Cloud Security reduce the complexities of securing code and enable organizations to more rapidly detect and remediate potential threats and vulnerabilities

Over the last decade, the swift adoption of cloud technology has heightened the complexity of IT environments and broadened the enterprise attack surface. To protect this growing infrastructure, organizations have adopted disparate cloud security solutions such as identity and access management (IAM) tools, application security tools and endpoint protection tools.

Unfortunately, this influx of point products only further complicates the IT environment and impedes visibility. Further, these solutions require manual correlation, which often leads to undetected misconfigurations and code vulnerabilities that expose cloud environments to attack.

Today’s threat actors are constantly seeking the easiest ways to infiltrate organizations. They are eager to exploit these security gaps and can quickly move laterally in cloud environments. Businesses need a complete cloud security solution to protect code from build to runtime so they can detect and respond to cyberattacks.

Recent updates to CrowdStrike Falcon® Cloud Security accelerate vulnerability detection, improve open source integrations and simplify collaboration across DevSecOps — all capabilities organizations need to stop modern attacks targeting the cloud.

Let’s take a closer look at them.

 

Faster Vulnerability Detection

On-premises registry scanner: The new on-premises registry scanner in Falcon Cloud Security allows local scans for registries that cannot connect to the CrowdStrike Falcon® cybersecurity platform. This may happen, for example, if there are security policies that prohibit source code from leaving the customer’s environment. This enables coverage across a customer’s entire infrastructure.

Graphs and charts showing scanned registry list Figure 1. Scanned registry list in Falcon Cloud Security

 

ExPRT.AI ratings: Our groundbreaking ExPRT.AI model combines our threat intelligence with real-time, AI-powered analysis to provide deep insight into vulnerabilities and critical areas of risk. With ExPRT.AI, only a small percentage of CVEs are assigned critical and high ratings, while the rest receive lower ratings for later remediation. This automated risk prioritization helps eliminate the toil of manually correlating vulnerability data with telemetry from other security tooling or manually checking the number of instances of a vulnerability in production to determine risk.

ExPRT.AI rating showing high-priority vulnerabilities Figure 2. Falcon Cloud Security’s ExPRT.AI rating shows high-priority vulnerabilities

 

Container image assessment for vulnerabilities: This capability enables teams to continuously scan all container images, both within registry containers and during the build process, thanks to the integration between Falcon Cloud Security and CrowdStrike Falcon® Exposure Management. This integration helps ensure no vulnerabilities go undetected.

Enhanced supply chain security with new malware detections for the CI/CD pipeline: New malware detections for the CI/CD pipeline leverage highly trained, proprietary machine learning models to identify the presence of malicious files in container images before they are deployed.

Screen showing enhanced malware detections dashboard Figure 3. Enhanced malware detections dashboard

 

To see additional recent feature releases supporting serverless, read this CrowdStrike blog.

 

Enhanced Open Source Integrations

New integrations with GitHub Action: To strengthen our many capabilities with GitHub, we’ve recently added new integrations with GitHub Action. These integrations reduce manual security efforts and automate detections of misconfigurations, tightening security while streamlining build.

Screenshot of webpage showing CrowdStrike integration with GitHub Action Figure 4. CrowdStrike integration with GitHub Action

 

New integration with Terraform: DevSecOps teams can now benefit from our integration with Terraform — the newest in a long list of compatible integrations. Our integration with Terraform allows for automated, consistent and efficient deployment, seamlessly building security detections into the development process.

Screenshot of webpage showing Terraform integration page Figure 5. Terraform integration page

 

We believe security should never break the stride of innovation, which is why we make it our mission to provide security tools that seamlessly work within existing engineering workstreams — that's why CrowdStrike offers a breadth of registry integrations.

 

Simplified Collaboration

New role-based access controls for cloud teams: CrowdStrike now provides DevSecOps teams with new role-based access control (RBAC) for cloud teams. We provide full transparency and enhance strategic communication across DevSecOps with RBAC that enforces the principle of least privilege and offers detailed logs of all access activity.

Screenshot showing role-based access control Figure 6. New RBAC ensures minimal access and full visibility

 

Teams for CrowdStrike Falcon® Application Security Posture Management: Building secure applications requires shifting left to secure the code pipeline in production. The key to maintaining secure applications after deployment is visibility and control provided by application security posture management (ASPM). With Teams for ASPM, customers can efficiently manage access and improve collaboration across their organization. Teams for ASPM delivers greater control and flexibility to DevSecOps teams and Falcon administrators, allowing them to provide access to only the business applications and microservices that an individual or team is responsible for. Teams can access all of the data needed to do their jobs while staying within their defined scope of work — fostering collaboration among those working to secure applications.

CrowdStrike Falcon® Fusion SOAR workflows for infrastructure as code (IaC): Powered by CrowdStrike Falcon® Next-Gen SIEM, Falcon Fusion SOAR workflows for IaC enable organizations to build automated remediation flows with insight into the owner of an IaC template, as well as notification mechanisms that integrate into existing DevOps processes.

Screenshot showing workflows in Falcon Fusion SOAR Figure 7. Falcon Fusion SOAR workflows allows tagging and visibility into the project owner

 

Support for cloud security posture management (CSPM) misconfigurations: Our enhanced CSPM tools vigilantly monitor cloud infrastructures for misconfigurations, compliance violation and security gaps, providing complete visibility into security posture early in the development cycle and saving SecOps teams time.

Taking the Fight to the Adversary

Defeating modern adversaries requires close collaboration across development, operations and security teams. These innovations to Falcon Cloud Security address the needs of all parties to surgically detect and remediate vulnerabilities, while ensuring fast innovation.

Additional Resources

Breaches Stop Here