CrowdStrike Falcon Cloud Workload Protection Complete
Managed Detection and Response for Cloud Workloads
Falcon Cloud Workload Protection (CWP) Complete
CrowdStrike's fully managed service stops cloud breaches every hour of every day, backed by CrowdStrike's industry-leading Breach Prevention Warranty.
The Need for Speed
- Adversaries have their heads in the clouds. The shift to cloud-native architectures and the adoption of DevOps have brought substantial changes to the attack surface. Adversaries have adapted their tactics to capitalize on the chaos.
- Skilled staff are scarce. The time frame to respond to attacks has shrunk to hours or minutes. Many organizations have insufficient skilled staff to reliably act on cloud threats, 24/7, in time to stop a breach.
- Security can slow transformation. Architecting, deploying and managing security can slow cloud transformation. Organizations are left with a no-win decision: slow down cloud rollouts to enable security architecture, staffing and processes to catch up, or move forward with unknown risks.
Key Benefits of Choosing Falcon Cloud Workload Protection Complete
First and only fully managed cloud workload protection
STOP CLOUD BREACHES
Moving to the cloud brings risk and uncertainties, and requires scarce, skilled staff to manage and keep it secure.
Falcon Cloud Workload Protection Complete brings you focused expertise to stop threats through continuous vigilance.
Expert Protection 24/7/365
BUILD FASTER AND MORE SECURELY IN THE CLOUD
The cloud brings the promise of infinite scalability and agility. Deploying and managing your security can introduce DevOps drag.
Falcon Cloud Workload Protection Complete deploys seamlessly and delivers frictionless protection for the cloud.
ELIMINATE UNCERTAINTY IN DEFENDING THE CLOUD
The cloud is dynamic and requires continuous monitoring. Mounting a proper cloud defense takes time and resources, stealing focus from your core mission
Falcon Cloud Workload Protection Complete delivers predictable security outcomes at a fraction of the cost.
Falcon Cloud Workload Protection Complete Features
People, process and technology are all key to stopping cloud breaches
24/7 Expertise to Defend the Cloud
The Falcon Complete team arms you with seasoned security professionals who have experience in cloud defense, incident handling and response, forensics, SOC analysis and IT administration. The team has a global footprint, allowing true 24/7 “follow the sun” coverage.
- Experts in the CrowdStrike Falcon platform. Our team ensures your environment is continuously optimized to combat the latest threats, enable DevOps, and achieve the best levels of performance and protection.
- Experts in incident response. Our team comes to you with multiple years of experience in digital forensics and incident response (DFIR).
- Experts in threat hunting. 24/7 human uncovers the faintest trace of malicious activity, in near real time.
- Experts in threat intelligence. CrowdStrike’s global threat intelligence team brings critical context to the response process.
Powered by Falcon Cloud Workload Protection
CrowdStrike Falcon Cloud Workload Protection provides comprehensive breach protection for workloads and containers, enabling you to build, run, and secure applications with speed and confidence.
- Multi-cloud. Falcon provides a single platform to protect AWS, Azure, and Google Cloud.
- Broad visibility. Uncover AWS EC2 instances, GCP Compute instances, and Azure virtual machines (VMs) without installing an agent.
- Secure hosts and containers. Falcon runtime protection defends containers against active attacks.
Continuous Human Threat Hunting
Falcon Cloud Workload Protection Complete includes 24/7 monitoring by the Falcon OverWatch team, CrowdStrike’s human threat detection engine that hunts relentlessly to see and stop the most sophisticated hidden threats.
- The SEARCH Methodology. OverWatch analysts leverage their proprietary SEARCH methodology to shine a light into the darkest corners - leaving adversaries with nowhere to hide.
- Cloud-scale data. Scalable and effective threat hunting requires access to vast amounts of data and the ability to mine that data in real time for signs of intrusions. CrowdStrike’s rich telemetry creates the foundation for OverWatch threat hunting.
When an intrusion is identified in a system protected by Falcon, the Falcon Complete team acts quickly and decisively. The team remotely accesses the affected system using native Falcon capabilities to surgically remove persistence mechanisms, stop active processes and clear other latent artifacts. The Falcon Complete team restores systems to their pre-intrusion state without the burden and disruption of reimaging.
- <60 minutes: Average time to perform surgical remediation. The Falcon Complete team executes surgical remediation remotely in minutes, eliminating the cost and burden of reimaging.
- Zero impact to DevOps. The Falcon Complete team can often perform remediation without impacting the underlying applications.
Breach Prevention Warranty
CrowdStrike stands strongly behind its breach protection capabilities. Falcon Complete Workload Protection Complete comes with a Breach Prevention Warranty to cover costs should a breach occur within the protected environment.
CrowdStrike Named a Leader
- IDC MarketScape: US MDR Services 2021 Vendor Assessment
Industry Experts recognize CrowdStrike as a leader In managed detection and response
- Forrester Wave: Managed Detection and Response, Q1 2021
Read the report to learn the key capabilities that Forrester recommends organizations demand when looking for an MDR provider.
Vulnerability Scanning and Management
Gain complete visibility into workloads, containers and hosts - on premises and in the cloud.
- Improve decision-making: Gather insights and details about your cloud workloads and containers - images, registries, libraries and containers spun from those images.
- Uncover hidden threats: Find hidden malware, embedded secrets, configuration issues and more in your images to help reduce the attack surface.
- Gain visibility into container environments: Get full visibility into running containers to uncover details surrounding file access, network communications and process activity.
- Identify vulnerabilities faster: Save valuable time with pre-built image scanning policies enabling you to quickly catch vulnerabilities, misconfigurations and more.
- Identify risky container configurations: Quickly identify risky and misconfigured containers such as those with rare mount points or links that can indicate compromise.
- Eliminate threats prior to production: Block exploitable vulnerabilities based on indicators of attack (IOAs) before runtime, eliminating headaches for security teams.
- Continuously monitor: Identify new vulnerabilities at runtime, alert and take action without having to rescan images.
Automated CI/CD Pipeline Security
Integrate security as part of the CI/CD pipeline.
- Accelerate delivery: Create verified image policies to ensure that only approved images are allowed to progress through your pipeline and run in your hosts or Kubernetes clusters.
- Identify threats earlier: Continuously scan container images for known vulnerabilities, configuration issues, secrets/keys and OSS licensing issues.
- Assess the vulnerability posture of your pipeline: Uncover malware missed by static scanners before containers are deployed.
- Improve security operations: Streamline visibility for security operations by providing insights and context for misconfigurations and compliance violations.
- Integrate with developer toolchains: Seamlessly integrate with Jenkins, Bamboo, GitLab and more to remediate and respond faster within the DevOps toolsets you already use.
- Enable DevSecOps: Reporting and dashboards drive alignment and a shared understanding across security operations, DevOps and infrastructure teams.
Protect cloud workloads and containers wherever they reside.
- Secure hosts and containers: CrowdStrike Falcon runtime protection defends containers against active attacks.
- Gain broad container support: Falcon supports containers running on Linux and is deployable across Kubernetes environments such as EKS. It also supports container as a service (CaaS) such as Fargate, providing the same level of protection. Technology previews are available for AKS, GKE and Red Hat OpenShift.
- Leverage market-leading protection technologies: Machine learning (ML), artificial intelligence (AI), IOAs and custom hash blocking automatically defend against malware and sophisticated threats targeting containers:
- ML and AI: Falcon leverages ML and AI to detect known and unknown malware within containers without requiring scanning or signatures.
- IOAs: Falcon uses IOAs to identify threats based on behavior. Understanding the sequences of behavior allows Falcon to stop attacks that go beyond malware, including fileless attacks.
- Stop malicious behavior: Behavioral profiling enables you to block activities that violate policy with zero impact to legitimate container operation.
- Investigate container incidents faster: Easily investigate incidents when detections are associated with the specific container and not bundled with the host events.
- See everything: Capture container start, stop, image and runtime information, and all events generated inside the container even if it only runs for a few seconds.
- Deploy seamlessly with Kubernetes: Deploy easily at scale by including Falcon as part of a Kubernetes cluster.
- Improve container orchestration: Capture Kubernetes namespace, pod metadata, process, file and network events.
Threat Graph Breach Prevention Engine
Predict and prevent modern threats in real time through the industry’s most comprehensive set of endpoint, cloud workload, and container telemetry; threat intelligence; and AI-powered analytics.
- Integrated market-leading threat intelligence: Falcon leverages enriched threat intelligence to deliver a visual representation of relationships across account roles, workloads and APIs to provide deeper context for faster, more effective response.
- Automate threat prevention: Deep AI and behavioral analysis identify new and unusual threats in real time and take the appropriate action, saving valuable time for security teams.
- Accelerate response: CrowdStrike Threat Graph puts this body of knowledge at the responder’s fingertips in real time, empowering responders to understand threats immediately and act decisively.
- Reduce alert fatigue: The targeted threat identification and management approach cuts through the noise of multi-cloud environment security alerts, reducing alert fatigue.
- Unravel attacks and improve response: CrowdStrike’s CrowdScore Incident Workbench helps unravel attacks and improve response time by distilling and correlating security alerts into incidents, automatically triaging, prioritizing and highlighting those that deserve urgent attention.
Single Source of Truth with Powerful APIs
A single data source gives security teams fast access to everything they need to respond and investigate.
- Benefit from DevOps-ready automation: Powerful APIs allow automation of CrowdStrike Falcon functionality, including detection, management, response and intelligence.
- Optimize business performance: Unlock security orchestration, automation and other advanced workflows to optimize business performance.
- Integrate with CI/CD pipelines: Chef, Puppet and AWS Terraform integrations support CI/ CD workflows.
- Get protection at the speed of DevOps: Falcon protects immediately and matches the speed of DevOps, adapting to the dynamic scalability of containers in real time with CI/CD integration via API and pre-boot scripts.
Managed Detection and Response for the Cloud
The first and only fully managed cloud workload protection solution delivers 24/7 expert security management, threat hunting, monitoring and response for cloud workloads - backed by CrowdStrike’s industry-leading Breach Prevention Warranty.
- 24/7 expertise to defend the cloud: Arms you with seasoned security professionals who have experience in cloud defense, incident handling and response, forensics, SOC analysis and IT administration. The team has a global footprint, allowing true 24/7 “follow the sun” coverage.
- Powered by Falcon Cloud Workload Protection: Provides comprehensive breach protection for workloads and containers, enabling you to build, run and secure applications with speed and confidence.
- Continuous human threat hunting: Includes 24/7 monitoring by the Falcon OverWatch™ team, CrowdStrike’s human threat detection engine that hunts relentlessly to see and stop the most sophisticated hidden threats.
- Surgical remediation: The team remotely accesses the affected system to surgically remove persistence mechanisms, stop active processes, clear other latent artifacts and restore workloads to their pre-intrusion state without the burden and disruption of reimaging.
- Breach prevention warranty: CrowdStrike stands strongly behind its breach protection capabilities by providing a Breach Prevention Warranty to cover costs in the event a breach occurs within the protected environment. (Breach Prevention Warranty not available in all regions.)
Simplicity and Performance
Use one platform for all workloads and containers - it works everywhere: private, public and hybrid cloud environments.
- Simplifies DevSecOps adoption: Reduce the overhead, friction and complexity associated with protecting cloud workloads, containers and serverless environments.
- Provides a single pane of glass: One console provides central visibility over cloud security posture, workloads and containers, regardless of their location.
- Offers complete policy flexibility: Apply at the individual workload, container, group or higher level, and unify policies across both on-premises and multi-cloud deployments.
- Scales at will: No rearchitecting or additional infrastructure is required.
- Provides broad platform support: The Falcon platform supports Open Container Initiative (OCI)-based containers such as Docker and Kubernetes and also selfmanaged and hosted orchestration platforms such as GKE (Google Kubernetes Engine), EKS (Amazon Elastic Kubernetes Service), ECS (Amazon Elastic Container Service), AKS (Azure Kubernetes Service) and OpenShift.
Download the CrowdStrike Falcon Cloud Workload Protection Complete Datasheet (.PDF)