CrowdStrike enhances container visibility and threat hunting capabilities

Cloud-indigenous security service provider CrowdStrike has launched a cloud menace hunting company referred to as Falcon Overwatch, while also incorporating higher container visibility abilities to its Cloud Native Application Protection System (CNAPP).

Falcon Overwatch features agent and agentless threat looking

Falcon Overwatch is a standalone danger looking service that makes use of CrowdStrike’s cloud-oriented indicators of attack to obtain visibility into advanced and subtle cloud threats across the entire command airplane, which features the network factors and features employed for cloud workloads.

The company leverages the two the CrowdStrike CNAPP’s agent-primarily based (Falcon cloud workload defense) and agentless (Falcon Horizon cloud security posture administration) remedies, to deliver increased visibility across several clouds, like Amazon Internet Solutions, Azure, and Google Cloud.

“On one particular aspect, we get agentless data from over 1.2 billion containers employing Falcon Horizon,” suggests Param Singh, vice president for Falcon Overwatch. “On the other side, we have information from our agents put in by unique businesses for their endpoints, these kinds of as Linux servers functioning in the cloud. By combining these alongside one another, we are able to provide more effective danger looking.”

CNAPP upgrades strengthen container visibility 

Elsewhere, CrowdStrike would like to enhance consumer visibility into application containers to assist location vulnerabilities, embedded malware, or stored secrets ahead of a particular container is deployed. It achieves this by identifying and remediating rogue containers, or by correcting those which have drifted from their suitable configuration.

Responding to purchaser desire, CrowdStrike is expanding these capabilties to operate with Amazon’s managed, serverless Elastic Container Solutions (ECS) Fargate, on top of current assistance for its Elastic Kubernetes Expert services (EKS) Fargate support.

CrowdStrike has also extended its graphic registry scanning capabilities to 8 new container registries, like: Docker Registry 2., IBM Cloud Container Registry, JFrog Artifactory, Oracle Container Registry, Purple Hat OpenShift, Crimson Hat Quay, Sonatype Nexus Repository, and VMware Harbor Registry.

Lastly, CrowdStrike is adding application element investigation abilities for detecting and remediating vulnerabilities in well-liked open supply parts, which includes Go, JavaScript, Java, Python, or Ruby dependencies in a customer’s codebase.

Bringing container graphic scanning capabilities to a growing array of registries and managed companies really should assist identify extra threats and misconfigurations within just containerized environments, and assistance protected steady integration, steady delivery (CI/CD) pipelines.