AWS re:Invent 2023
Unify Cloud Security from Code to Runtime with Crowdstrike and Bionic Sec212

Title

AWS re:Invent 2023 - Unify cloud security from code to runtime with CrowdStrike and Bionic (SEC212)

Summary

  • Rob Solomon, a Solution Architect at CrowdStrike, discusses cloud security challenges and solutions.
  • CrowdStrike's annual cloud threat report indicates a 95% year-over-year increase in cloud threats and a 288% increase in specific attacks.
  • The average time for lateral movement by attackers post-breach is 79 minutes, down from 95 minutes the previous year.
  • Many organizations have siloed security solutions, leading to gaps that adversaries exploit.
  • CrowdStrike focuses on adversary behavior rather than just malware signatures, analyzing trillions of events daily.
  • Attackers often use stolen credentials, with 60% of cloud workloads improperly configured and 28% operating as root.
  • Common cloud attack tactics include phishing, MFA fatigue, brute force attacks, and disabling logging.
  • Challenges include a lack of cloud security expertise, inadequate MFA and access policies, and insufficient security logging.
  • CrowdStrike's Falcon platform offers automated detection and proactive security improvement.
  • The demo showcases an attack on a vulnerable cloud resource and how Falcon responds and improves security.
  • CrowdStrike's cloud security is comprehensive, including agent-based protection, agentless cloud security posture management, and cloud infrastructure entitlement management.
  • Bionic, recently acquired by CrowdStrike, provides application security posture management by reverse-engineering compiled code to map application dependencies.
  • Key recommendations for cloud defense include basic cloud hygiene, prioritizing identity, and endpoint-to-cloud protection.
  • CrowdStrike's Falcon Cloud Security has been recognized for its effectiveness in accelerating cloud detection and response, saving time and costs.
  • Attendees are encouraged to learn more about Falcon Cloud Security, participate in the cloud security challenge, and attend hands-on labs.

Insights

  • The reduction in time for lateral movement from 95 to 79 minutes indicates that attackers are becoming more efficient, and organizations must respond faster to breaches.
  • The prevalence of improperly configured cloud workloads and the operation of many as root highlight a significant need for better cloud security practices and education.
  • The use of generative AI by adversaries to create attack scripts suggests that AI technologies can be a double-edged sword, aiding both security and cybercrime.
  • CrowdStrike's focus on adversary behavior and integration of machine learning models for detection suggests a shift from traditional signature-based security approaches to more dynamic and predictive methods.
  • The demonstration of the Falcon platform's capabilities in real-time attack scenarios emphasizes the importance of automated and proactive security measures in cloud environments.
  • The acquisition of Bionic by CrowdStrike and its integration into the Falcon platform indicates a trend towards consolidation in the cybersecurity industry, aiming to provide more comprehensive security solutions.
  • The emphasis on cloud security posture management and application security posture management underscores the need for continuous monitoring and assessment of cloud environments to prevent misconfigurations and vulnerabilities.
  • CrowdStrike's offering of AWS service credits for participating in the cloud security challenge is a strategic move to encourage potential customers to experience their platform's capabilities.
Unified and Integrated near Real Time Analytics with Zero Etl Ant218Unleash Your Selling Potential with Aws Marketplace Mkt104