As we gather at Fal.Con 2024, we’re excited to unveil groundbreaking advancements in CrowdStrike Falcon® Cloud Security that are set to redefine cloud security. These innovations are more than just technical improvements—they’re a bold step toward a future where unified security posture management (USPM) across cloud infrastructure, applications, data, and AI becomes the new norm. With these updates, we’re empowering security teams to anticipate, understand, and neutralize threats faster than ever before.
Cloud adoption has revolutionized how business is done, but it has also opened up new avenues for adversaries. The numbers are staggering: Cloud breaches are set to increase 75% in 2023, according to CrowdStrike’s 2024 Global Threat Report. The report highlights a shift in the threat landscape, as adversaries expand their targets to include new and more sophisticated attack surfaces such as applications, data services, and AI models.
This rapidly evolving environment requires a unified, intelligent approach that can keep up with modern attacks. Traditional security tools, often fragmented and disconnected, simply can’t provide the comprehensive visibility and rapid response that security teams need. We’ve taken strategic steps to build a platform that not only detects threats, but fully understands them in context and stops them before they can cause damage.
Enhancing Cloud Security: Unifying Data, Applications, and AI to Completely Address Threats
As we move deeper into this new era of cloud security, it’s become clear that staying ahead of complex threats requires more than siloed defenses. A USPM approach, which provides a comprehensive view of infrastructure, applications, data, identity, and AI, is critical. Falcon Cloud Security’s latest advancements, powered by the acquisitions of Flow Security’s Data Security Posture Management (DSPM) and Bionic’s Application Security Posture Management (ASPM), unify DSPM, ASPM, and AI Security Posture Management (AI-SPM) to deliver comprehensive protection across every layer of your environment.
Powered by Flow Security, DSPM adds a transformational layer to Falcon Cloud Security by automatically scanning AWS S3 buckets for sensitive data such as protected health information (PHI), personally identifiable information (PII), and Payment Card Industry (PCI) data. This goes far beyond compliance — DSPM provides real-time, actionable insights into where your most valuable data is, how it’s being accessed, and what vulnerabilities exist. This rich data layer sharpens risk prioritization, enabling teams to accurately defend critical assets.
Figure 1. DSPM in Falcon Cloud Security's Asset Inventory
DSPM helps customers discover and classify sensitive data, providing visibility and prioritization within Falcon Cloud Security’s asset inventory for improved risk management. (Click to enlarge)
ASPM, recently integrated into Falcon Cloud Security, expands this capability by providing a complete view of your application’s security posture. It identifies misconfigurations and vulnerabilities in your application suite before they are exploited, closing critical vulnerabilities.
Figure 2. Falcon Cloud Security's ASPM implementation map
Falcon ASPM detects misconfigurations and vulnerabilities and provides each microservice with a risk score based on impact, importance, and exploitability. (Click to enlarge)
AI-SPM provides a foundational layer of protection for AI models, including hidden AI, by providing a complete view of their security posture. It detects misconfigurations and vulnerabilities across platforms like OpenAI, Amazon Bedrock, and Vertex AI, helping prevent AI-specific threats like model manipulation or poisoning. As AI becomes an increasingly integral part of enterprise operations, AI-SPM ensures that AI models remain compliant, secure, and resilient against emerging attacks.
Figure 3. General dashboard showing risks and discoveries for AI services
The dashboard provides customers with visibility and insights into the security risks associated with their AI workloads from build to runtime. (Click to enlarge)
Additionally, Falcon Cloud Security can monitor the runtime behavior of AI models, detecting and responding to potential threats in real time. This proactive approach allows customers to quickly identify and mitigate anomalies or threats, ensuring the continued and secure operation of their AI systems. Together, these innovations provide a unified, proactive approach to protecting your cloud environment, with the full context needed to stay ahead of emerging threats.
Expand your control: Real-time asset inventory and anomaly detection
As we expand controls with DSPM, ASPM, and AI-SPM, we’re also deepening them across existing assets. Falcon Cloud Security’s real-time asset inventory acts as a GPS, continuously tracking assets across AWS, Azure, Google Cloud, and VMware. This live monitoring, now generally available, provides an up-to-date view of misconfigurations and potential attack paths, enabling security teams to prioritize risks and respond quickly.
This control is complemented by our Asset Registry feature, which provides a detailed history of changes. This allows teams to identify unauthorized modifications and take immediate corrective action. With VMware integration, we’ve expanded our coverage to hybrid environments, ensuring comprehensive visibility and control across the entire cloud infrastructure.
Simplify detection and response: Analyze attack paths more intelligently
As we expand control, we also focus on simplifying it. Falcon Cloud Security simplifies attack path analysis by automatically creating a complete view of risk paths—with detections, problem descriptions, and remediation steps—all on one intuitive screen. This gives SOC teams the ability to quickly see the full picture, enabling quick, decisive action to neutralize threats.
Figure 4. Attack path analysis in Falcon Cloud Security
From a single screen, customers can view detections, attack paths, issue descriptions, and automatically generated remediation steps, reducing response time. (Click to enlarge)
Enable threat scanning: Direct access to cloud log
No cloud security story would be complete without addressing the critical need for effective threat hunting. Falcon Cloud Security’s new direct access to cloud logs feature, now generally available, allows analysts to query AWS CloudTrail and Azure activity logs directly within the console. This enables in-depth investigations into specific events without leaving the platform, ensuring faster detection and response to potential threats.
Redefining Cloud Security: The Falcon Advantage
By unifying these innovations, Falcon Cloud Security is not just evolving, it’s revolutionizing cloud security. Managing a unified security posture is our foundation, but the ultimate goal is clear: stop breaches before they happen. With real-time visibility, smarter risk prioritization, and AI-powered proactive protection, your teams gain the edge they need to stay ahead of threats.
More than just protection, Falcon Cloud Security strengthens your entire cloud environment for whatever comes next. As we push the boundaries, we’re committed to strengthening your cloud strategy and keeping you ahead of emerging threats. Stay tuned as Falcon Cloud Security drives the future of breach prevention.
