CrowdStrike unveils ‘1-Click XDR’

CrowdStrike has unveiled new cloud security capabilities to deliver complete visibility into potential attack paths, from endpoint to cloud, and instantly secure vulnerable cloud workloads across build and runtime. As part of this, CrowdStrike announced a “1-Click XDR” capability that automatically identifies and secures unprotected cloud workloads by instantly deploying the CrowdStrike Falcon agent. These agent and agentless innovations empower customers to consolidate multiple cloud security point products into a single, unified platform for complete protection across the cloud security lifecycle.

“As a cloud provider specialized in supporting GPU-intensive applications such as generative AI, we need a partner to help make sure that our infrastructure is secure and that we have visibility into what we're running,” said Matt Bellingeri, CISO of CoreWeave and a CrowdStrike Falcon Security customer. “Having both agent and agentless capabilities in the same platform is extremely important to us. CrowdStrike gives us high confidence in our security with zero impact on performance. CrowdStrike enables us to see into every asset that we own – including endpoints, cloud nodes, which applications are installed, what services are running and more.”

According to the 2023 CrowdStrike Global Threat Report, cloud exploitation cases grew by 95%, over a third (36%) of cloud environments had insecure cloud service provider default settings and cases involving threat actors specifically targeting cloud environments have nearly tripled. To help organizations stop breaches from endpoint to cloud, CrowdStrike expanded its industry-leading platform with Falcon Cloud Security. 

CrowdStrike Falcon Cloud Security provides market-leading Cloud Native Application Protection Platform (CNAPP) capabilities that integrate Cloud Workload Protection (CWP), Cloud Security Posture Management (CSPM), Cloud Infrastructure Entitlement Management (CIEM) and container security – all in a single platform, extended with industry-leading managed services.

“Organizations clearly need complete visibility and protection into cloud workloads, no matter where they exist," said Raj Rajamani, chief product officer, DICE at CrowdStrike. “Preventing a breach requires the tight, native integration of agent and agentless capabilities across CWP, CSPM and CIEM to stop breaches from both adversaries and human error. The latest innovations from CrowdStrike enable DevSecOps teams to proactively understand adversaries, identify unprotected cloud workloads and deploy protection with one click of a button, and use snapshots to maintain visibility and protection when an asset can’t support an agent.”

New capabilities for CrowdStrike Falcon Cloud Security include: 

1-Click XDR: Organizations can sweep their cloud environment with native agentless visibility to identify unprotected workloads and automatically deploy the CrowdStrike Falcon agent for end-to-end runtime protection. 

Agentless Snapshot Scanning: When an agent can’t be installed, organizations can gain full visibility into cloud workload risk by detecting vulnerabilities and installed applications – starting with support for AWS.

Complete Cloud Attack Path Visualization: Organizations can see a unified view of the attack path, from host to cloud, to detect, prevent and remediate cloud threats, without the complexity of multiple consoles and agents.

Additional Updates Include: An updated Compliance Dashboard (now supporting CIS, NIST, PCI, SOC2 and custom frameworks), new Infrastructure as Code (IaC) Security, and an integrated Kubernetes Admission Controller.