CrowdStrike Holdings, Inc., a leader in cloud-delivered endpoint and workload protection, announced it is a Launch Partner for AWS Network Firewall, a managed service that makes it easy to deploy essential network protections for all of a customer’s Amazon Virtual Private Clouds (Amazon VPCs). This integration enables customers to leverage the CrowdStrike Falcon® platform capabilities by extending threat intelligence and deployment automation for streamlined incident response and simplified operations. This development further deepens the technical collaboration between Amazon Web Services (AWS) and CrowdStrike, a pioneer of the security cloud, to offer customers enhanced solutions that protect workloads from the network to the endpoint.
An increasingly complex threat environment coupled with the widespread digital transformation that organisations have undergone has made it necessary to institute multi-layered risk-mitigation strategies to secure cloud workloads and endpoints. This latest integration from CrowdStrike for AWS allows organisations to implement a modern enterprise security approach where network-layer protection works in conjunction with cloud workload protection controls to defend against sophisticated threat activity. This allows customers to build a seamless line of defence across cloud workloads hosted in Amazon VPCs across multiple AWS accounts.
“Through our growing collaboration with AWS, CrowdStrike continues to meet the needs of today’s cloud-first businesses by providing critical security capabilities that leverage intelligence feeds, threat hunting, policy controls and streamlined incident management - all critical components of a robust cyber defence strategy,” said Michael Sentonas, CrowdStrike’s chief technology officer. “By integrating with AWS Network Firewall, we are enabling organisations to implement a holistic enterprise security strategy that provides comprehensive visibility, automation of policy and operations and shortened time to detection, from the network to the workload.”
“Organisations must deploy a multi-layered security strategy in order to fortify their security posture against advanced threats from the multiple attack vectors that target their corporate networks,” said Andrew Thomas, general manager, Perimeter Protection, Amazon Web Services, Inc. “The integration of CrowdStrike Falcon intelligence feeds and automation capabilities for AWS Network Firewall advances protections for our joint customers across their AWS footprint, by providing a continuous line of defence from the network to the workload.”
The CrowdStrike Falcon integration with AWS Network Firewall offers customers the ability to export domain-based indicators of compromise (IoCs) identified through threat intelligence feeds from the CrowdStrike Falcon platform to block nefarious network activity related to malicious domains and domain-based exploitation techniques. As a result, customers can accelerate their incident response with dynamic policy creation that quickly blocks access to known compromised domains across their AWS footprint. The integration also enables users to proactively hunt for suspicious activity based on specific criteria, such as industry, threat actor or tactics, techniques and procedures (TTPs), across their Falcon managed hosts and AWS networks.
Capabilities for AWS Network Firewall:
Dynamic Policy Creation: Leverage threat detections from the CrowdStrike Falcon platform to construct policies that secure AWS network traffic against known domain-based threats, based on industry vertical, a specific threat actor or exploitation techniques.
Streamlined Incident Response: Create domain filtering policies based on alerts from Falcon managed hosts to secure an organisation’s entire AWS footprint.
Proactive Threat Hunting: Proactively hunt for threat activity across Falcon managed and unmanaged workloads in AWS accounts by creating firewall policies.
Amazon Linux 2 Ready designation
CrowdStrike, an AWS Advanced Technology Partner, has also achieved the Amazon Linux 2 Ready designation, part of the AWS Service Ready Program. This designation recognises that the CrowdStrike Falcon platform has been validated to run on and support Amazon Linux 2. Shared customers can seamlessly deploy Falcon sensor and secure AWS workloads running on Linux 2 with Falcon Cloud Workload Protection product suite.
In addition to the integration for AWS Network Firewall, and the Amazon Linux 2 Ready designation, CrowdStrike recently announced expanded support for AWS Workloads and Container Deployments, including compute services AWS Graviton, Amazon Workspaces, Bottlerocket, and cloud services AWS PrivateLink and AWS Control Tower. CrowdStrike also introduced Falcon Horizon and Falcon for AWS, which provides cloud security posture management and cloud workload protection, an integration with Amazon GuardDuty, which protects against vulnerabilities, malicious activity, and unauthorised behaviour, and participated in the launch of AWS Security Hub. CrowdStrike has also achieved AWS Security Competency status and is available in the AWS Marketplace.