CrowdStrike Extends CNAPP Capabilities to Secure Containers and Assist Developers Rapidly Identify and Remediate Cloud Vulnerabilities

CrowdStrike, a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, announced powerful new Cloud Native Application Protection Platform (CNAPP) capabilities that build on its leading agent-based and agentless approach. These enhancements to CrowdStrike Cloud Security extend support to Amazon Elastic Container Service (ECS) within AWS Fargate, expand image registry scanning for eight new container registries and enable Software Composition Analysis (SCA) for open-source software.

Containers have changed how applications are built, tested and used, enabling them to be instantly deployed at scale for any environment. As container adoption increases, it’s critical that organizations have access to tools that provide greater visibility into their containerized applications so they can operate more secure. With support for Amazon ECS alongside previously existing support for Amazon Elastic Kubernetes Service (Amazon EKS), organizations have access to more security tools to manage their AWS Fargate environment.

“By shifting left and proactively assessing containers, CrowdStrike customers will be able to identify any vulnerabilities, embedded malware, or stored secrets before they are deployed. Many of our customers rely on AWS as they modernize their IT infrastructure, making it critical to expand our support to services like Amazon ECS,” said Amol Kulkarni, chief product and engineering officer at CrowdStrike. “We look forward to continuing to work with AWS to support our customer.”

Only CrowdStrike delivers agentless and agent-based CNAPP capabilities through a unified, integrated platform. With this release, CrowdStrike extends these capabilities to include:

• Support for AWS Fargate with Amazon ECS: Bring additional security controls to container environments by identifying rogue containers and drift detection. This capability extends functionality already available for AWS Fargate with Amazon EKS.
• Software composition analysis: Improve application security and compliance by detecting and remediating vulnerabilities in open source components in the application codebase. Open language support includes Go, JavaScript, Java, Python and Ruby.
• Image registry scanning for Docker Registry 2.0, IBM Cloud Container Registry, JFrog Artifactory, Oracle Container Registry, Red Hat OpenShift, Red Hat Quay, Sonatype Nexus Repository and VMware Harbor Registry: Enable the identification of hidden threats and configuration issues in containers to reduce the attack surface and secure continuous integration (CI)/continuous delivery (CD) pipelines. This capability extends existing functionality for Amazon Elastic Container Registry (ECR), Docker Registry and additional cloud registries.

“Given the growing adoption of open source and containers, organizations are seeking a CNAPP that enables them to gain full visibility into their development pipeline. It encourages a DevSecOps culture, where developers incorporate security as part of their daily workflow,” said Doug Cahill, vice president, analyst services and senior analyst at Enterprise Strategy Group (ESG). “The addition of SCA and the expansion of new container registries within its image registry scanning tool are compelling additions to Crowdstrike’s CNAPP offering.”

CrowdStrike’s adversary-focused approach to CNAPP provides both agent-based (Falcon CWP) and agentless (Falcon Horizon – CSPM) solutions delivered from the Falcon platform. This gives organizations the flexibility necessary to determine how best to secure their cloud applications across the continuous integration/continuous delivery (CI/CD) pipeline and cloud infrastructure across AWS and other cloud providers. The added benefit of an agent-based CWP solution is that it enables pre[1]runtime and runtime protection, compared to agentless-only solutions that only offer partial visibility and lack remediation capabilities.