Stopping cloud breaches: CrowdStrike combines agent-based and agentless methods to ensure data security

Adversaries view the cloud as a soft target, riddled with vulnerabilities and misconfigurations to exploit. Ending cloud breaches requires covering the entire spectrum.

Since CrowdStrike Inc. is primarily focused stopping breaches, the company offers a more comprehensive cloud-native application protection platform solution by tying identity pieces and runtime protection using both agent-based and agentless methods, according to Raj Rajamani (pictured), chief product officer of data, identity, cloud and endpoint at CrowdStrike.

“We embrace both agent and agentless approaches,” Rajamani said. “In our case, we have a sensor that also offers runtime protection, which is absolutely critical to preventing breaches. However, there are many, many instances where the sensor is just not supported. If you look at functions, you know, Lambda or Google functions or Azure functions, those do not have a sensor concept. We effectively would use an agentless approach.”

Rajamani spoke with theCUBE industry analyst Dave Vellante at the RSA Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the state of cloud security, CNAPP and why CrowdStrike uses both agent and agentless approaches. (* Disclosure below.)

There is more than meets the eye in cloud security

Runtime protection is required because there is more to cloud security than just misconfigurations, exposures and vulnerabilities. For instance, there has been a 95% increase in the number of cloud-based exploits year-over-year, as well as heightened identity-based attacks, according to Rajamani.

“You need runtime protection,” he stated. “If you look at the most common reasons why cloud security gets compromised, the number one reason is misplaced or lost credentials. Number two are various misconfigurations, and number three is classic exploit of the vulnerabilities.”

To cover the whole cloud security spectrum, CrowdStrike leaves no stone unturned by scanning the code, sealing backdoors and unveiling hidden secrets and malware. As a result, protection against runtime attacks, credential theft and the lateral movement of attacks is beefed up, according to Rajamani.

“We come in by pulling all of these things together into a single platform, which is our Falcon Platform,” he noted. “The beauty of this whole solution is that every piece of data that we collect essentially goes into three different places. If it’s thread related, it goes into a thread graph. If it’s asset related, it goes into an asset graph. And if it’s an activity log, it goes into our XDR back plane or data plane.”

Defense in layers is a game-changer

Understanding attacker activity requires a holistic approach. Digging up misconfigurations is not enough, and that’s why defense in layers is needed, according to Rajamani.

“We believe in defense in depth or defense in layers, because no one solution is going to stop all kinds of attacks,” he explained. “I think this is what the CSPM vendors are starting to realize … while it’s great to identify all the misconfigurations and vulnerabilities, that by itself is not enough to prevent breaches.”

The proliferation of point products and solutions has been caused by the fact that protecting applications is difficult based on reasons, such as deployment of multicloud strategies. As a result, CrowdStrike boosts cloud security by scanning code before it gets deployed, according to Rajamani.

“We have one of the best code repository scanning technologies in the market today, Rajamani said. “We integrate with 16 different repositories, whether Docker Hub, GitHub, Amazon’s ECR, the Google Azure versions. If you can prevent something that has a known backdoor from even getting deployed, that is the best time to stop the attack.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference:

(* Disclosure: CrowdStrike Inc. sponsored this segment of theCUBE. Neither CrowdStrike nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE