CrowdStrike enhances container visibility and threat hunting capabilities

Cloud-native security provider CrowdStrike has launched a cloud threat hunting service called Falcon Overwatch, while also adding greater container visibility capabilities to its Cloud Native Application Protection Platform (CNAPP).

Falcon Overwatch includes agent and agentless threat hunting

Falcon Overwatch is a standalone threat hunting service that uses CrowdStrike’s cloud-oriented indicators of attack to gain visibility into evolved and sophisticated cloud threats across the entire control plane, which includes the network components and functions used for cloud workloads.

The service leverages both the CrowdStrike CNAPP’s agent-based (Falcon cloud workload protection) and agentless (Falcon Horizon cloud security posture management) solutions, to provide greater visibility across multiple clouds, including Amazon Web Services, Azure, and Google Cloud.

“On one side, we receive agentless data from over 1.2 billion containers using Falcon Horizon,” says Param Singh, vice president for Falcon Overwatch. “On the other side, we have data from our agents installed by different organizations for their endpoints, such as Linux servers running in the cloud. By combining these together, we are able to deliver more effective threat hunting.”

CNAPP upgrades improve container visibility 

Elsewhere, CrowdStrike wants to improve customer visibility into software containers to help spot vulnerabilities, embedded malware, or stored secrets before a specific container is deployed. It achieves this by identifying and remediating rogue containers, or by correcting those which have drifted from their ideal configuration.

Responding to customer demand, CrowdStrike is expanding these capabilties to work with Amazon’s managed, serverless Elastic Container Services (ECS) Fargate, on top of existing support for its Elastic Kubernetes Services (EKS) Fargate service.

CrowdStrike has also extended its image registry scanning capabilities to eight new container registries, including: Docker Registry 2.0, IBM Cloud Container Registry, JFrog Artifactory, Oracle Container Registry, Red Hat OpenShift, Red Hat Quay, Sonatype Nexus Repository, and VMware Harbor Registry.

Finally, CrowdStrike is adding software component analysis capabilities for detecting and remediating vulnerabilities in popular open source components, including Go, JavaScript, Java, Python, or Ruby dependencies in a customer’s codebase.

Bringing container image scanning capabilities to a growing range of registries and managed services should help identify more threats and misconfigurations within containerized environments, and help secure continuous integration, continuous delivery (CI/CD) pipelines.