RSAC 2024: Crowdstrike Falcon Cloud Security enhanced for cloud asset visualization

Last week at the RSA Conference 2024 (RSAC), cybersecurity firm Crowdstrike announced enhanced capabilities for its Falcon Cloud Security platform: Asset Graph and Query Builder. Falcon Cloud Security is Crowdstrike’s cloud-native application protection platform (CNAPP). The new capabilities provide more robust cloud asset visualization so enterprise customers can better understand risks and vulnerabilities.

The platform also uses the company’s previously announced Charlotte AI for generative artificial intelligence-powered cybersecurity analysis and response.

Falcon Cloud Security supports new AWS services, including EC2, S3, IAM, RDS, and container images. CrowdStrike customers can quickly understand where their cloud weaknesses would allow adversaries to:

• Gain initial access to their AWS environment
• Move laterally to access vital cloud computing resources
• Extract data from storage buckets

Crowdstrike Falcon Asset Graph

The Crowdstrike Asset Graph allows customers to investigate security incidents and cyberattacks quickly and proactively resolve cloud vulnerabilities.

Crowdstrike elaborates in their press release that Asset Graph will assist security operations center analysts with faster time to detection and remediation.

“Both indicators of attack (IOAs) and indicators of misconfiguration (IOMs) are available for each managed cloud asset. With this knowledge, security teams can quickly identify each asset that allows for initial access to their cloud. Furthermore, sensitive compute and storage assets are automatically traced to upstream security groups and network access lists that allow for initial access. Using Falcon’s attack path analysis, security teams quickly see the remediation steps required to protect their cloud from adversaries.”

Crowdstrike Falcon Query Builder

The Crowdstrike Query Builder will allow SOC analysts to further investigate findings using natural language prompts. Analysts can use Query Builder to answer questions such as, “which EC2 instances are internet-facing and contain critical security risks?”

Crowdstrike Falcon, Query Builder, and Asset Graph support hybrid and multi-cloud architectures. Existing and new Crowdstrike customers can contact the company to test the upgraded CNAPP platform today or request a free cybersecurity health check.

Crowdstrike and Google Cloud agree to new strategic partnership

Finally, the company announced an expanded strategic partnership with Google Cloud for AI-native cybersecurity. According to the press release, the expanded partnership will “power Mandiant’s Incident Response (IR) and Managed Detection and Response (MDR) services leveraging the CrowdStrike Falcon platform and the Google Cloud Security Operations platform.”

CrowdStrike’s Endpoint Detection and Response (EDR), Identity Threat Detection and Response (ITDR), and Exposure Management solutions will optionally integrate with the Google Cloud Security Operations platform.