CrowdStrike unveils instant cloud threat detection for hybrid systems

CrowdStrike has introduced a suite of Cloud Detection and Response (CDR) capabilities designed to speed up threat detection and response in hybrid and multi-cloud environments. The enhancements aim to address the increasing pace at which cyber adversaries are utilising AI and lateral movement techniques to target cloud assets.

Detection time

The new CDR engine leverages real-time event streaming technology to analyse cloud activity as it happens. This is a departure from legacy CDR systems that depend on batched log processing, which can introduce significant delays, sometimes taking 15 minutes or more from the moment a breach occurs to initial detection.

CrowdStrike's new approach is intended to cut response times down to seconds, attempting to halt cloud threats before they can proliferate across systems. The company has incorporated detection technology developed by its Falcon Adversary OverWatch team, a group dedicated to threat hunting at scale across large enterprises.

Behavioural detection

In addition to the streaming detection engine, the platform features new cloud Indicators of Attack (IOAs). These IOAs are out-of-the-box detections built specifically to identify behavioural patterns linked with cloud-based attackers. They employ AI and machine learning to correlate live user activity with cloud asset and identity data.

This enables the system to detect advanced attack techniques, such as unauthorised privilege escalation or CloudShell abuse, with a focus on identifying threats that may bypass traditional security controls.

Automated response

CrowdStrike has also added automated response actions through Falcon Fusion, its Security Orchestration, Automation and Response (SOAR) framework. These pre-built workflows are designed to respond instantly to detected threats, taking immediate steps to disrupt attacker activity without requiring immediate human intervention from a security operations centre (SOC).

This is positioned as addressing a shortcoming in more traditional offerings. While Cloud Workload Protection tools may block issues at the workload level, they often leave broader cloud infrastructure or control planes exposed. Similarly, Cloud Security Posture Management is limited to highlighting potential risks rather than providing active runtime defence.

Unified platform

The new CDR features are integrated as part of the Falcon Cloud Security platform. CrowdStrike describes this as a unified Cloud-Native Application Protection Platform (CNAPP) aimed at securing risks across all layers of hybrid cloud infrastructure, including workloads, identities and data.

The enhancements are available as a built-in feature set within the existing Falcon environment, built around the company's single lightweight-agent model designed to minimise deployment complexity.

Industry context

The changes come as security teams face mounting pressure to keep pace with attackers increasingly making use of large-scale automation and AI tools. Fast-moving cloud threats, especially those moving laterally between systems, challenge defenders to reduce the time it takes from initial attack to detection and containment.

"Real-time security is the difference between stopping a breach and needing incident response - every second counts. Today's adversary moves fast and across domains, and defenders can't afford to waste time waiting for cloud logs to process or detections to populate," said Elia Zaitsev, Chief Technology Officer, CrowdStrike.