CrowdStrike Secures Cloud Workloads

Jun 14, 2020 by iHash Leave a Comment

Table of Contents

Introduction

The CrowdStrike solution has been designed to provide proven endpoint protection to all workloads, regardless of their location. CrowdStrike Falcon protects physical servers and virtual machines in private data centers as well as instances running in public clouds including AWS, GCP and Azure. In this article and demo, we will see how CrowdStrike identifies, manages and protects cloud workloads.

Video

https://www.youtube.com/watch?v=656fCkEF1DU

Cloud Workload Reporting

The Cloud and Container workload dashboard provides an overview of all cloud instances across different providers with charts that illustrate state and type as well as statistics regarding storage and instances by provider. This level of reporting helps organizations understand how they are using cloud resources and identify coverage and security gaps.

The menu at the top provides quick access to drill down on a specific provider like Azure.

Identifying Issues in Cloud Workloads

Looking at a specific provider, there are additional options to filter the available data to identify potential security issues. The ability to filter by attributes like ID, tag, state, management, zone and type can help isolate issues. In the example below for AWS, a search for running systems in an unmanaged state provides a list of systems where CrowdStrike is not installed. Using the AMI information, we can follow up to ensure those images are correctly built with the Falcon agent.

To see another use case, we will shift to the Azure Workloads and additional network security filter options. For this example, we will look for any workloads where port 25 for email is open to the internet. With one system returned, we can follow up and get that issue resolved.

Understanding the Usage of Container Workloads

In addition to reporting by cloud provider, CrowdStrike also delivers dashboards specific to container workloads – an important aspect of many cloud strategies. As containers tend to have short lifespans, having this sustained visibility is an important security tool. As an example, the usage dashboard gives an overview of the containers and hosts in the environment with useful information around runtime. Seeing a spike in how many containers are running or containers running for an abnormal period of time would indicate cause for investigation.

Important information like privilege and interactive mode are highlighted on the container configurations dashboard. It also highlights user accounts and detections per host and container with clickable options to see the supporting details. By drilling down on a specific container ID, we can view the related detections for that container.

Other container dashboards include information about container images and containers by host. More detailed information on those can be found in the container visibility blog.

Closing

CrowdStrike delivers a unique, cloud workload security solution across multiple providers and platforms. Along with that, the CrowdStrike solution offers a number of dashboards to help organizations understand and monitor these rapidly evolving and dynamic workloads. The CrowdStrike Falcon Platform offers proven protection, unparalleled visibility, container awareness and reporting to help organizations secure cloud workloads without compromising performance.

More resources

Source link

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

Nov 23, 2024Ravie LakshmananArtificial Intelligence / Cryptocurrency The North Korea-linked threat actor known as Sapphire Sleet is estimated to have stolen more than $10 million worth of cryptocurrency as part of social engineering campaigns orchestrated over a six-month period. These findings come from Microsoft, which said that multiple threat activity clusters with ties to the […]

Gulf Bank Saves Time and Money with CrowdStrike

The Middle East’s financial sector, particularly in Kuwait, faced a surge of sophisticated cyberattacks starting in 2018. For Gulf Bank, a leading financial institution in Kuwait, this wave of attacks was a wakeup call that spurred a pivotal shift in its cybersecurity strategy. Enter Ross McNaughton. Hired by Gulf Bank as CISO in 2019, […]

Transform Troubleshooting with Logz.io’s AI Agent

As Gartner predicts, AI will support up to 70% of performance monitoring and troubleshooting tasks in the next few years. The Logz.io AI Agent helps teams get ahead of this curve today. Too much time spent troubleshooting? You’re not alone. Manual investigation, jumping between dashboards, and piecing together scattered data are time-consuming and frustrating. That’s […]

Harnessing AI in Agriculture – insideAI News

Conversations about artificial intelligence (AI) are everywhere – and for good reason. AI is rapidly becoming a solution that boosts efficiency and productivity across industries, offering support to workers whether they’re in the office or at a remote jobsite. While AI offers many benefits, its success hinges on aligning solutions with customer needs and thoughtful […]

Assessing the Efficacy of Application Security in the Age of CI/CD

But application security is a tricky process to navigate for many DevOps and DevSecOps teams. Today’s applications are constantly evolving with new features and updates, continuously introducing the possibility of vulnerabilities and misconfigurations that could heighten risk. Further, organizations navigating the transition from DevOps to DevSecOps may lack the metrics needed to effectively track and […]

Billie Eilish is Apple Music’s Artist of the Year for 2024

Billie Eilish was announced today as Apple Music’s Artist of the Year, recognizing the singer-songwriter’s extraordinary impact throughout 2024. Following a historic second Academy Award win and two additional GRAMMY Awards for her contribution to Greta Gerwig’s feature-length film Barbie, “What Was I Made For?,” Billie released her third full-length album, HIT ME HARD AND […]

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.2.0

Pangu has updated its jailbreak utility for iOS 9.0 to 9.0.2 with a fix for the manage storage bug and the latest version of Cydia. Change log V1.2.0 (2015-10-27) 1. Bundle latest Cydia with new Patcyh which fixed failure to open url scheme in MobileSafari 2. Fixed the bug that “preferences -> Storage&iCloud Usage -> […]

Apple Blocks Pangu Jailbreak Exploits With Release of iOS 9.1

Apple has blocked exploits used by the Pangu Jailbreak with the release of iOS 9.1. Pangu was able to jailbreak iOS 9.0 to 9.0.2; however, in Apple’s document on the security content of iOS 9.1, PanguTeam is credited with discovering two vulnerabilities that have been patched.

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.1.0

Pangu has released an update to its jailbreak utility for iOS 9 that improves its reliability and success rate. Change log V1.1.0 (2015-10-21) 1. Improve the success rate and reliability of jailbreak program for 64bit devices 2. Optimize backup process and improve jailbreak speed, and fix an issue that leads to fail to […]

Activator 1.9.6 Released With Support for iOS 9, 3D Touch

Ryan Petrich has released Activator 1.9.6, an update to the centralized gesture, button, and shortcut manager, that brings support for iOS 9 and 3D Touch.

JBL Flip 6 Portable Bluetooth Speaker (Open Box) for $74

Navee V25 300W Foldable e-Scooter for $299

Smart Tracker Includes Key Ring – Works with Apple Find My App (2-Pack) for $34

Harmony Premium Plan Lifetime Subscription for $99

Lenovo 11.6" 100e Chromebook 2nd Gen (2019) MediaTek MT8173C 4GB RAM 16GB eMMC (Refurbished) for $54