Title

AWS re:Invent 2022 - Innovate with AWS and secure with CrowdStrike (PRT275)

Summary

• Presenters: Rob Solomon and Sam Harath, Cloud Solutions Architects at CrowdStrike.
• Topic: Cloud Native Application Protection Platform (CNAP) by CrowdStrike for AWS infrastructure and application security.
• Evolution: Transition from IT SecOps to DevSecOps, highlighting the shift from data center security to cloud-native applications using Kubernetes, GitOps, and Infrastructure as Code.
• Challenges: Shadow IT, misconfigurations, security inconsistencies, runtime threats, skill shortages, and the complexity of cloud environments.
• Threat Landscape: Misconfigurations, supply chain vulnerabilities, and runtime threats.
• AWS Shared Security Model: AWS secures the cloud infrastructure, while customers are responsible for securing their data and applications in the cloud.
• CrowdStrike Solutions: Falcon platform, endpoint protection, cloud workload protection, and security for containerized environments.
• Data Processing: CrowdStrike processes massive data sets on AWS, using machine learning and behavioral analytics to identify threats.
• Security Strategy: Combination of agent-based and agentless security, along with shift-left strategies for image and registry scanning.
• Integrations: Deep integration with AWS services, including AWS Control Tower, EventBridge, GuardDuty, ECR, CodePipeline, Systems Manager, and Security Hub.
• CrowdStrike's CNAP: Includes CSPM, CIEM, Discovery, and is available on AWS Marketplace.
• Response and Remediation: Integrations with AWS services for threat intelligence, network firewall, and S3 object store.
• Key Takeaways: CrowdStrike provides comprehensive security across the cloud lifecycle, leveraging AWS's well-architected framework and CrowdStrike's expertise in threat detection and response.

Insights

• Shift in Security Paradigm: The transition from perimeter-based security in traditional data centers to DevSecOps in the cloud environment reflects a significant shift in the security paradigm, emphasizing the need for security to be integrated throughout the development lifecycle.
• Complexity of Cloud Security: The cloud environment's complexity and rapid pace of AWS service introductions highlight the importance of specialized security solutions like CrowdStrike's CNAP to manage and secure cloud workloads effectively.
• Importance of Real-Time Protection: The discussion on runtime threats and the need for real-time vulnerability detection and response underscores the importance of continuous monitoring and adaptive security measures in the cloud.
• Agent-Based and Agentless Security: CrowdStrike's approach to combining agent-based and agentless security provides a comprehensive strategy that caters to different cloud assets and deployment models, ensuring broad and deep security coverage.
• Integration with AWS Services: CrowdStrike's deep integration with AWS services demonstrates the potential for third-party security solutions to enhance the native security capabilities of cloud providers, offering customers a more robust and layered security posture.
• CrowdStrike's Use of AWS: The fact that CrowdStrike itself is deployed on AWS and utilizes AWS's scalability and data processing capabilities is a testament to the symbiotic relationship between cloud providers and security vendors, where each leverages the other's strengths to deliver better services.
• Shared Responsibility Model: The presentation reinforces the shared responsibility model in cloud security, where cloud providers like AWS secure the infrastructure, and customers are responsible for securing their data and applications, with CrowdStrike providing the tools to assist in this endeavor.
• CrowdStrike's Threat Intelligence: The mention of CrowdStrike's threat intelligence contributions to AWS GuardDuty and the ability to process massive amounts of telemetry data for threat detection highlights the company's role in the broader cybersecurity ecosystem and its contributions to collective security intelligence.