Cloud Threats Hunted by CrowdStrike Service

It’s been an unprecedented couple of years for the cloud industry.  Digital transformation acceleration, largely driven by the global pandemic and the need to support widespread remote workers, caused the rapid adoption of cloud-native architectures.

Though the benefits have been many, and unintended side effect was the opening of broader attack surfaces, leaving security teams vulnerable without the requisite skill sets to hunt continuously for sophisticated threats across complex cloud environments. As a result, adversaries are finding cloud assets and exploiting them faster than security teams can discover them.

CrowdStrike, a provider of cloud-delivered endpoint, cloud workload, identity and data protection, introduced a standalone threat hunting service for hidden and advanced threats originating, operating or persisting in cloud environments with Falcon OverWatch Cloud Threat Hunting.

Falcon OverWatch Cloud Threat Hunting, with cloud-oriented indicators of attack for the control plane, conducts 24/7 operations. As Falcon OverWatch cloud threat hunters investigate suspicious behaviors and novel attacker tradecraft, the service will prevent incidents and breaches while proactively alerting customers to cloud-based attacks, including:

• Adversary activity taking place within and across cloud infrastructure for Amazon Web Services, Google Cloud Platform, Microsoft Azure and other cloud service providers.
• Sophisticated hands-on-keyboard activity and zero-days that take advantage and compromise cloud workloads and containers in production.
• Cloud-based IOAs, such as control plane and serverless vulnerabilities, misconfigurations, application behavior anomalies, container escapes, privilege escalations and node compromises.
• Attack paths that first exploit traditional IT assets to gain initial entry and pivot to applications, systems and data in the cloud.

“CrowdStrike pioneered the concept of blending technology with proactive threat hunting to deliver truly comprehensive protection that closes the gap between detection and response,” said Shawn Henry, CrowdStrike chief security officer and president of CrowdStrike Services. “We’re bringing that same leadership to Falcon OverWatch Cloud Threat Hunting.”

OverWatch delivers results for organizations of all sizes, operating as a seamless extension of the team — minimizing overhead, complexity and cost.