CrowdStrike launches cloud-based threat hunting service

CrowdStrike on Tuesday launched Falcon OverWatch Cloud Threat Hunting, a new standalone service dedicated to detecting advanced threats to cloud security.

The new threat hunting service, which was showcased at AWS re:Inforce 2022 in Boston, is the latest offering from Falcon OverWatch, CrowdStrike’s managed threat hunting service.

CrowdStrike described Cloud Threat Hunting as “the industry’s first standalone threat hunting service for hidden and advanced threats originating, operating, or persisting in cloud environments.”

“Leveraging the capabilities of CrowdStrike’s agent-based and agentless cloud-native application protection platform (CNAPP), Falcon OverWatch cloud threat hunters investigate suspicious and anomalous behavior and attacker new occupations. “, said the company in a press release. “Falcon OverWatch Cloud Threat Hunting operates 24x7x365 and can prevent incidents and breaches while proactively alerting customers to cloud-based attacks.”

The vendor-neutral service is designed to hunt threats in AWS, Microsoft Azure, and Google Cloud Platform as well as other popular cloud services. CrowdStrike said the service will have Indicators of Attack (IOAs) for specific cloud threats such as control plane attacks and container leaks.

In an email to SearchSecurity, Param Singh, vice president of Falcon OverWatch’s CrowdStrike, asserted the idea that the service was the first of its kind, despite other cloud threat hunting services already in existence.

“Many ‘threat hunting’ offerings on the market simply offer insights from automation and advanced analytics – capabilities already built into CrowdStrike’s core technology solutions by default,” he said. . “Falcon OverWatch is truly a unique and differentiated proactive service, driven by its highly skilled human operations and unparalleled CrowdStrike Security Cloud telemetry and visibility.”

CrowdStrike offered several examples of activities the service is designed to prevent, including exploits resulting from zero-day vulnerabilities that compromise cloud workloads and attacks that exploit IT assets in order to failover to cloud systems.

Singh said two main factors drove the need for an autonomous cloud threat hunting service. “The security industry lacks skills and organizations have increasingly complex cloud environments,” he said, adding that cloud threat operations are increasingly outpacing the efforts of the security industry. security.

CrowdStrike has also introduced enhancements to its CNAPP offering, CrowdStrike Cloud Security. New features include support for Amazon Elastic Container Service in AWS Fargate, software composition analysis and image registry analysis for IBM Cloud Container Registry, JFrog Artifactory, Oracle Container Registry, Red Hat OpenShift , Red Hat Quay, Sonatype Nexus Repository and VMware Harbor Registry.

On the customer side, Singh said Cloud Threat Hunting can either act as a standalone capability for organizations or augment existing resources already in place in the customer’s environment.

Alexander Culafi is a Boston-based writer, journalist, and podcaster.

Comments are closed.