CrowdStrike Expands CNAPP Capabilities to Secure Containers and Help Developers Rapidly Identify and Remediate Cloud Vulnerabilities

Expansion of agent-based and agentless protection provides support for Amazon ECS allowing DevSecOps teams to build even more securely on AWS environments

AUSTIN, Texas & BOSTON–(BUSINESS WIRE)–AWS re:Inforce 2022CrowdStrike (Nasdaq: CRWD), a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, today announced powerful new Cloud Native Application Protection Platform (CNAPP) capabilities that build on its leading agent-based and agentless approach. These enhancements to CrowdStrike Cloud Security extend support to Amazon Elastic Container Service (ECS) within AWS Fargate, expand image registry scanning for eight new container registries and enable Software Composition Analysis (SCA) for open source software.

Containers have changed how applications are built, tested and used, enabling them to be instantly deployed at scale for any environment. As container adoption increases, it’s critical that organizations have access to tools that provide greater visibility into their containerized applications so they can operate more securely. With support for Amazon ECS alongside previously existing support for Amazon Elastic Kubernetes Service (Amazon EKS), organizations have access to more security tools to manage their AWS Fargate environment.

“By shifting left and proactively assessing containers, CrowdStrike customers will be able to identify any vulnerabilities, embedded malware, or stored secrets before they are deployed. Many of our customers rely on AWS as they modernize their IT infrastructure, making it critical to expand our support to services like Amazon ECS,” said Amol Kulkarni, chief product and engineering officer at CrowdStrike. “We look forward to continuing to work with AWS to support our customers.”

Only CrowdStrike delivers agent-based and agentless CNAPP capabilities through a unified, integrated platform. With this release, CrowdStrike extends these capabilities to include:

  • Support for AWS Fargate with Amazon ECS: Bring additional security controls to container environments by identifying rogue containers and drift detection. This capability extends functionality already available for AWS Fargate with Amazon EKS.
  • Software composition analysis: Improve application security and compliance by detecting and remediating vulnerabilities in open source components in the application codebase. Open language support includes Go, JavaScript, Java, Python and Ruby.
  • Image registry scanning for Docker Registry 2.0, IBM Cloud Container Registry, JFrog Artifactory, Oracle Container Registry, Red Hat OpenShift, Red Hat Quay, Sonatype Nexus Repository and VMware Harbor Registry: Enable the identification of hidden threats and configuration issues in containers to reduce the attack surface and secure continuous integration (CI)/continuous delivery (CD) pipelines. This capability extends existing functionality for Amazon Elastic Container Registry (ECR), Docker Registry and additional cloud registries.

“Given the growing adoption of open source and containers, organizations are seeking a CNAPP that enables them to gain full visibility into their development pipeline. It encourages a DevSecOps culture, where developers incorporate security as part of their daily workflow,” said Doug Cahill, vice president, analyst services and senior analyst at Enterprise Strategy Group (ESG). “The addition of SCA and the expansion of new container registries within its image registry scanning tool are compelling additions to CrowdStrike’s CNAPP offering.”

CrowdStrike’s adversary-focused approach to CNAPP provides both agent-based (Falcon CWP) and agentless (Falcon Horizon – CSPM) solutions delivered from the Falcon platform. This gives organizations the flexibility necessary to determine how best to secure their cloud applications across the continuous integration/continuous delivery (CI/CD) pipeline and cloud infrastructure across AWS and other cloud providers. The added benefit of an agent-based CWP solution is that it enables pre-runtime and runtime protection, compared to agentless-only solutions that only offer partial visibility and lack remediation capabilities.

Additional Resources

  • CrowdStrike was named a Strong Performer in The Forrester Wave™: Cloud Workload Security, Q1 2022 report.1

About CrowdStrike

CrowdStrike (Nasdaq: CRWD), a global cybersecurity leader, has redefined modern security with one of the world’s most advanced cloud-native platforms for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data.

Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.

Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.

CrowdStrike: We stop breaches.

Learn more:
Follow us: Blog | Twitter | LinkedIn | Facebook | Instagram
Start a free trial today:

© 2022 CrowdStrike, Inc. All rights reserved. CrowdStrike, the falcon logo, CrowdStrike Falcon and CrowdStrike Threat Graph are marks owned by CrowdStrike, Inc. and registered with the United States Patent and Trademark Office, and in other countries. CrowdStrike owns other trademarks and service marks, and may use the brands of third parties to identify their products and services.

1 The Forrester Wave™: Cloud Workload Security, Q1 2022


Kevin Benacci

CrowdStrike Corporate Communications

error: Content is protected !!