Falcon Cloud Workload Protection

VULNERABILITY SCANNING AND MANAGEMENT

• Improve decision making: Gather insights and details about your cloud workload, and container — images, registries, libraries and containers spun from those images.
• Uncover hidden threats: Find hidden malware, embedded secrets, configuration issues and more in your images to help reduce the attack surface.
• Gain visibility into container environments: Get full visibility into running containers to uncover details surrounding file access, network communications and process activity.
• Identify vulnerabilities faster: Save valuable time with pre-built image scanning policies enabling you to quickly catch vulnerabilities, misconfigurations, and more.
• Eliminate threats prior to production: Block exploitable vulnerabilities based on IOAs before runtime, eliminating headaches for security teams.
• Continuously monitor: Identify new vulnerabilities at runtime, alert and take action without having to rescan images.

Demo: How CrowdStrike Increases Container Visibility

AUTOMATED CI/CD PIPELINE SECURITY

• Accelerate delivery: Create verified image policies to ensure that only approved images are allowed to progress through your pipeline and run in your hosts or Kubernetes clusters.
• Identify threats earlier: Continuously scan container images for known vulnerabilities, secrets/keys, and configuration issues.
• Assess the vulnerability posture of your pipeline: Uncover malware missed by static scanners before containers are deployed.
• Improve security operations: Streamline visibility for security operations by providing insights and context for misconfigurations and compliance violations.
• Integrate with developer toolchains: Seamlessly integrate with Jenkins, Bamboo, GitLab, and more to remediate and respond faster within the DevOps tool sets you already use.
• Enable DevSecOps: Reporting and dashboards drive alignment and a shared understanding across security operations, DevOps and infrastructure teams.

Read Blog

RUNTIME PROTECTION

• Secure hosts and containers: Falcon runtime protection defends containers against active attacks.
• Broad container support: Supports Linux and Kubernetes environments, such as EKS. Offers container-as-a-service support, including Fargate, providing the same level of protection. Technology previews available for AKS, GKE and Red Hat OpenShift.
• Leverage market-leading protection technologies: Machine learning (ML), artificial intelligence (AI), indicators of attack (IOAs) and custom hash blocking automatically defend against malware and sophisticated threats targeting containers.
• Stop malicious behavior: Behavioral profiling enables you to block activities that violate policy with zero impact to legitimate container operation.
• Investigate container incidents faster: Easily investigate incidents when detections are associated with the specific container and not bundled with the host events.
• See everything: Capture container start, stop, image, runtime information and all events generated inside the container, even if it only runs for a few seconds.
• Deploy seamlessly with Kubernetes: Deploy easily at scale by including it as part of Kubernetes cluster.
• Improve container orchestration: Capture Kubernetes namespace, pod meta data, process, file and network events.

How CrowdStrike Protects Linux Hosts

SINGLE SOURCE OF TRUTH WITH POWERFUL APIs

• Single data source: Enables security teams with fast access to everything they need to respond and investigate.
• DevOps-ready Automation: Powerful APIs allow automation of CrowdStrike Falcon functionality, including detection, management, response and intelligence.
• Optimize business performance: Unlock security orchestration, automation and other advanced workflows to optimize business performance.
• Integrate with CI/CD pipelines: Chef, Puppet and AWS Terraform integrations support CI/CD workflows.
• Protection at the speed of DevOps: Falcon protects immediately and matches the speed of DevOps, adapting to the dynamic scalability of containers in real time with CI/CD integration via API and pre-boot scripts.

SIMPLICITY AND PERFORMANCE

• Simplifies DevSecOps adoption: Reduces the overhead, friction and complexity associated with protecting cloud workloads, containers, and serverless environments.
• Single-pane of glass: One console provides central visibility over cloud security posture, workloads, and containers regardless of their location.
• Complete policy flexibility: Apply at individual workload, container, group or higher level and unify policies across both on-premises and multi-cloud deployments.
• Scales at will: No rearchitecting or additional infrastructure required.
• Broad platform support: The Falcon platform supports Open Container Initiative (OCI)-based containers such as Docker and Kubernetes and also self-managed and hosted orchestration platforms such as GKE (Google Kubernetes Engine), EKS (Amazon Elastic Kubernetes Service), ECS (Amazon Elastic Container Service), AKS (Azure Kubernetes Service) and OpenShift.

DevOps & Cloud-Native

Click the links below to visit the CrowdStrike Integration Center

• Go Falcon CS GoLang OAuth2 API SDK
• Falcon Py CS Python OAuth2 API SDK
• PS Falcon CS Powershell OAUTH2 API SDK
• Kubectl-Falcon: Plug-in to kubectl command-line tool
• Falcon Helm: Falcon Helm Chart and the Helm Operator are designed to deploy and manage the Falcon sensor
• Falcon Operator: Simplifies building container applications
• AWS Guard Duty