CrowdStrike Falcon Cloud Workload Protection
Workload Protection

Vulnerability Scanning and Management

• Improve decision making: Gather insights and details about your cloud workload, and container - images, registries, libraries and containers spun from those images.


• Uncover hidden threats: Find hidden malware, embedded secrets, configuration issues and more in your images to help reduce the attack surface.


• Gain visibility into container environments: Get full visibility into running containers to uncover details surrounding file access, network communications and process activity.


• Identify vulnerabilities faster: Save valuable time with pre-built image scanning policies enabling you to quickly catch vulnerabilities, misconfigurations, and more.


• Eliminate threats prior to production: Block exploitable vulnerabilities based on IOAs before runtime, eliminating headaches for security teams.


• Continuously monitor: Identify new vulnerabilities at runtime, alert and take action without having to rescan images.

Multi-Cloud Worload Discovery

• Continuous resource discovery: Provides insight into your cloud footprint so you can secure all workloads, uncover and mitigate risks, and reduce the attack surface.


• Automate discovery: Automatically discovers existing cloud workload deployments - without installing an agent - by enumerating AWS EC2 instances, GCP Compute instances, and Azure VMs.


• Granular context and insights: Provides real-time information about workloads including context-rich metadata about system size and configuration, networking, and security group information for AWS, GCP, and Azure.


• Uncover unprotected resources: Identifies workloads that are not protected by the Falcon platform.

Automated CI/CD Pipeline Security

• Accelerate delivery: Create verified image policies to ensure that only approved images are allowed to progress through your pipeline and run in your hosts or Kubernetes clusters.


• Identify threats earlier: Continuously scan container images for known vulnerabilities, configuration issues, secrets/keys, and OSS licensing issues.


• Assess the vulnerability posture of your pipeline: Uncover malware missed by static scanners before containers are deployed.


• Improve security operations: Streamline visibility for security operations by providing insights and context for misconfigurations and compliance violations.


• Integrate with developer toolchains: Seamlessly integrate with Jenkins, Bamboo, GitLab, and more to remediate and respond faster within the DevOps tool sets you already use.


• Enable DevSecOps: Reporting and dashboards drive alignment and a shared understanding across security operations, DevOps and infrastructure teams.

Container Security

• Complete visibility into container environment: Provides complete visibility into container footprint includes on-premises and cloud deployments.


• Prevent attacks on container environments: Uncovers hidden threats in open source packages and 3rd party images, to prevent attacks on your container-based applications.


• Enforce container immutability: Ensures only secure images are allowed to progress through your pipeline and run in your Kubernetes clusters or hosts.


• Log everything: Captures container start, stop, image, runtime information and all events generated inside the container, even if it only runs for a few seconds.


• Easily view container usage: Includes trends and uptime, images used and configuration to identify risky and misconfigured containers.


• Secure hosts and containers: Via a single Falcon agent running on the host, and runtime protection defends containers against active attacks.


• Accelerate investigations: Investigate container incidents easily when detections are associated with the specific container and not bundled with the host events.

Runtime Protection

• Secure hosts and containers: Falcon runtime protection defends containers against active attacks.


• Broad container support: Supports Linux and Kubernetes environments, such as EKS. Offers container-as-a-service support, including Fargate, providing the same level of protection. Technology previews available for AKS, GKE and Red Hat OpenShift.


• Leverage market-leading protection technologies: Machine learning (ML), artificial intelligence (AI), indicators of attack (IOAs) and custom hash blocking automatically defend against malware and sophisticated threats targeting containers.


• Stop malicious behavior: Behavioral profiling enables you to block activities that violate policy with zero impact to legitimate container operation.


• Investigate container incidents faster: Easily investigate incidents when detections are associated with the specific container and not bundled with the host events.


• See everything: Capture container start, stop, image, runtime information and all events generated inside the container, even if it only runs for a few seconds.


• Deploy seamlessly with Kubernetes: Deploy easily at scale by including it as part of Kubernetes cluster.


• Improve container orchestration: Capture Kubernetes namespace, pod meta data, process, file and network events.

Single Source of Truth with Powerful APIs

• Single data source: Enables security teams with fast access to everything they need to respond and investigate.


• DevOps-ready Automation: Powerful APIs allow automation of CrowdStrike Falcon functionality, including detection, management, response and intelligence.


• Optimize business performance: Unlock security orchestration, automation and other advanced workflows to optimize business performance.


• Integrate with CI/CD pipelines: Chef, Puppet and AWS Terraform integrations support CI/CD workflows.


• Protection at the speed of DevOps: Falcon protects immediately and matches the speed of DevOps, adapting to the dynamic scalability of containers in real time with CI/CD integration via API and pre-boot scripts.

Threat Graph Breach Prevention Engine

• Predict and prevent modern threats: Ensures real-time protection via CrowdStrike Threat Graph®, the industry's most comprehensive sets of endpoint and workload telemetry, threat intelligence and AI-powered analytics.


• Access enriched threat intelligence: Delivers a visual representation of relationships across account roles, workloads and APIs to provide deeper context for faster more effective response.


• Deep AI and behavioral analysis: Identify new and unusual threats in real time and take the appropriate action, saving security teams valuable time.


• Accelerate response: Arms your responders in real time via Threat Graph, empowering them to understand threats immediately and act decisively.


• Targeted threat identification and management: Cuts through the noise of multi-cloud environment security alerts reducing alert fatigue.

MDR for the Cloud

The first and only fully-managed CWP solution, delivering 24/7 expert security management, threat hunting, monitoring, and response for cloud workloads, backed by CrowdStrike’s industry-leading Breach Prevention Warranty.

• 24/7 Expertise to Defend the Cloud: Arms you with seasoned security professionals who have experience in cloud defense, incident handling and response, forensics, SOC analysis and IT administration


• Continuous Human Threat Hunting: Includes 24/7 monitoring by the Falcon OverWatch team, CrowdStrike's human threat detection engine that hunts relentlessly to see and stop the most sophisticated hidden threats.


• Surgical Remediation: The team remotely accesses the affected system to surgically remove persistence mechanisms, stop active processes, clear other latent artifact, and restores workloads to their pre-intrusion state without the burden and disruption of reimaging.


• Breach Prevention Warranty: CrowdStrike stands strongly behind its breach protection capabilities by providing a Breach Prevention Warranty* to cover costs should a breach occur within the protected environment.

Simplicity and Performance

• Simplifies DevSecOps adoption: Reduces the overhead, friction and complexity associated with protecting cloud workloads, containers, and serverless environments.


• Single-pane of glass: One console provides central visibility over cloud security posture, workloads, and containers regardless of their location.


• Complete policy flexibility: Apply at individual workload, container, group or higher level and unify policies across both on-premises and multi-cloud deployments.


• Scales at will: No rearchitecting or additional infrastructure required.


• Broad platform support: The Falcon platform supports Open Container Initiative (OCI)-based containers such as Docker and Kubernetes and also self-managed and hosted orchestration platforms such as GKE (Google Kubernetes Engine), EKS (Amazon Elastic Kubernetes Service), ECS (Amazon Elastic Container Service), AKS (Azure Kubernetes Service) and OpenShift.

Cloud Workload Protection:

• AWS Control Tower
• AWS Systems Mgr
• AWS sensor bootstrapping
• Azure extensions(Sensor boot strapping)
• AWS Security Hub: Falcon Integration Gateway
• AWS Network FW Service
• Container Security (EKS, GKE, Fargate)

DevOps & Cloud-Native

• Go Falcon CS GoLang OAuth2 API SDK
• Falcon Py CS Python OAuth2 API SDK
• PS Falcon CS Powershell OAUTH2 API SDK
• Kubectl-Falcon: Plug-in to kubectl command-line tool
• Falcon Helm: Falcon Helm Chart and the Helm Operator are designed to deploy and manage the Falcon sensor
• Falcon Operator: Simplifies building container applications
• AWS Guard Duty