Title: AWS re:Inforce 2024 - Secure your container environment with CrowdStrike Falcon security (TDR203-S)

Insights:

• Introduction and Speakers: The session was led by Brett Shaw from CrowdStrike's product marketing team and Rob Solomon, a Senior Solution Architect at CrowdStrike. The focus was on securing container environments using CrowdStrike Falcon Security.
• Cloud and Container Challenges: Organizations face numerous challenges as they migrate to the cloud, including increased complexity and the need for multiple security solutions. The threat landscape is evolving with new technologies like virtual machines, containers, and serverless functions.
• Threat Landscape: There has been a significant increase in cloud exploitation (75% increase) and cloud-conscious threat actors (110% increase). Adversaries are becoming more sophisticated and faster, with the average breakout time dropping to 62 minutes.
• Anatomy of an Attack: Adversaries gain access, move laterally, and target high-profile assets. A case study showed an attack thwarted by CrowdStrike Falcon, which detected and isolated the threat before it could cause damage.
• Container Security Challenges: Containers introduce a new level of scale and complexity. Maintaining visibility and ensuring proper configuration and permissions are critical to prevent lateral movement and unauthorized access.
• Best Practices for Kubernetes Security: AWS's EKS best practices guide emphasizes securing container images, encrypting data, managing access controls, and ensuring runtime security.
• CrowdStrike Falcon Cloud Security: The platform offers a unified solution for cloud security, integrating various tools and providing comprehensive visibility and threat detection. It focuses on pre-runtime, runtime, and overall cloud visibility.
• Image Security and Policy Enforcement: CrowdStrike provides tools for image vulnerability analysis, dynamic container analysis, and continuous registry scanning. Policies can be set to prevent the deployment of vulnerable containers.
• Deployment and Automation: CrowdStrike's solutions can be deployed at scale using AWS tools like CloudFormation stack sets and SSM systems manager. GitOps practices ensure secure and automated deployment of infrastructure and application code.
• Real-time Threat Detection: Using EventBridge, CrowdStrike can detect suspicious activity in near real-time, providing faster response times compared to traditional methods.
• Customer Benefits and ROI: Customers using Falcon Cloud Security report significant savings in time and money, improved threat detection, and faster response times. The platform is recognized by third-party analysts like Gartner and Forrester.
• Hands-on Labs and Trials: CrowdStrike offers hands-on labs, a cloud security health check, and a 15-day free trial for organizations to experience the platform's capabilities.

Quotes:

• "Regardless of where y'all are at in your cloud journey... there are new threats. It's inevitable."
• "The average breakout time is 62 minutes. This has dropped from 84 minutes just this last year."
• "The fastest recorded time of breakout time that we recorded was just over two minutes. It was two minutes and seven seconds."
• "AWS publishes an EKS best practices security guide that I think really gives you a sense of the scope and scale of what needs to be addressed to secure your container environment."
• "With Falcon Cloud Security, we can bring all those under a single, again, a single platform to manage everything that you have and to see and detect what's running and have that visibility."
• "We reassess the severity so your operations team can focus on the top priorities."
• "At this massive scale, you're not going to be able to respond to all these attacks. So it's critical that your security controls are able to take independent action when they identify that there's an attack in progress."
• "How confident are you in your current cloud security?"