Cybersecurity firm enhances cloud-native platform after rise in ransomware data leaks

September 23, 2022 - 12:36 PM
Cloud technology
Illustration by kreatikar via Pixabay

A global cybersecurity leader expanded the capabilities of its cloud-native software platform with new features to prevent identity-based threats.

This came after the reported 82% increase in ransomware-related data leaks in 2021, which saw 2,686 attacks compared to 2020’s 1,474 figure, according to CrowdStrike.

Ransomware refers to a type of malicious software designed to prevent or limit users from accessing their system by locking its screen or the user’s files until a ransom is paid.

CrowdStrike‘s Falcon OverWatch Threat Hunting Report for 2022 showed that there was approximately one potential intrusion every seven minutes.

It also said that attackers sharpened their tradecraft since the “breakout time” has fallen to one hour and 24 minutes, compared to the previous record of one hour and 38 minutes.

Breakout time refers to “the time an adversary takes to move laterally from an initially compromised host to another host within the victim environment.”

To address such attacks, the tech company has expanded the capabilities of its Cloud Native Application Protection Platform (CNAPP) with the introduction of Cloud Infrastructure Entitlement Management (CIEM).

CNAPP is an all-in-one cloud-native software platform that simplifies monitoring, detecting and acting on potential cloud security threats and vulnerabilities.

The company said that CIEM enables organizations to prevent identity-based threats resulting from improperly configured cloud entitlements across cloud service providers like Amazon Web Services.

“Existing cloud security tools address specific aspects of cloud infrastructure security, but they generally lack identity and access controls. Manual methods to ensure a least-privilege approach to security just don’t scale in an environment with so many identities and entitlements,” Amol Kulkarni, chief product and engineering officer at CrowdStrike, said.

“By extending our CNAPP capabilities to include CIEM, we are enabling organizations to gain access to their full inventory of permissions, detect overly permissive accounts, continuously monitor activity and ensure least-privilege enforcement,” he added.

The company said that organizations can do the following features with the CrowdStrike Cloud Security:

  • Unify visibility and least-privilege enforcement in public and multi-cloud environments
  • Continuously detect and remediate identity-based threats in public and multi-cloud environments
  • Gain access to CrowdStrike’s Breach Prevention Engine
  • Get rich cloud asset visualization powered by CrowdStrike Asset Graph

“The one-click remediation testing feature stands out amongst the new CIEM capabilities for CrowdStrike Cloud Security,” Frank Dickson, group vice president, security and trust at IDC, said.

“Ransomware continues to plague cloud environments. Defending against this cyber plague is much more than stopping malware execution. It is stopping the attacker that compromises credentials, moves across cloud environments, escalates privileges and exfiltrates data,” he added.