CrowdStrike enhances container visibility and threat hunting capabilities

Cloud-native security company CrowdStrike has introduced a cloud threat searching services identified as Falcon Overwatch, although also including greater container visibility capabilities to its Cloud Native Application Defense System (CNAPP).

Falcon Overwatch features agent and agentless danger looking

Falcon Overwatch is a standalone threat searching support that makes use of CrowdStrike’s cloud-oriented indicators of attack to acquire visibility into evolved and innovative cloud threats throughout the whole manage plane, which includes the community parts and functions made use of for cloud workloads.

The assistance leverages both the CrowdStrike CNAPP’s agent-centered (Falcon cloud workload security) and agentless (Falcon Horizon cloud stability posture administration) solutions, to supply increased visibility throughout various clouds, together with Amazon World wide web Solutions, Azure, and Google Cloud.

“On a single facet, we receive agentless details from over 1.2 billion containers applying Falcon Horizon,” says Param Singh, vice president for Falcon Overwatch. “On the other side, we have details from our brokers mounted by distinctive companies for their endpoints, this kind of as Linux servers operating in the cloud. By combining these alongside one another, we are in a position to provide additional helpful risk hunting.”

CNAPP updates increase container visibility 

Somewhere else, CrowdStrike needs to make improvements to purchaser visibility into software containers to assistance place vulnerabilities, embedded malware, or stored strategies ahead of a certain container is deployed. It achieves this by identifying and remediating rogue containers, or by correcting all those which have drifted from their excellent configuration.

Responding to client demand, CrowdStrike is growing these capabilties to work with Amazon’s managed, serverless Elastic Container Products and services (ECS) Fargate, on prime of present assistance for its Elastic Kubernetes Providers (EKS) Fargate provider.

CrowdStrike has also extended its picture registry scanning abilities to eight new container registries, which include: Docker Registry 2., IBM Cloud Container Registry, JFrog Artifactory, Oracle Container Registry, Purple Hat OpenShift, Red Hat Quay, Sonatype Nexus Repository, and VMware Harbor Registry.

Lastly, CrowdStrike is including software program element assessment abilities for detecting and remediating vulnerabilities in well-known open up resource elements, such as Go, JavaScript, Java, Python, or Ruby dependencies in a customer’s codebase.

Bringing container image scanning capabilities to a growing assortment of registries and managed solutions really should support recognize extra threats and misconfigurations in containerized environments, and assist protected continuous integration, steady shipping (CI/CD) pipelines.