Traditional Cloud Workload Protection (CWP) stops at the workload

CrowdStrike has launched an enhanced version of SaaS Quick Launch in the AWS Marketplace, offering a fully integrated Falcon Next-Gen SIEM solution with new consumption options and streamlined onboarding for organisations deploying on Amazon Web Services (AWS).

Simplified deployment

The updated offering introduces a single location and guided setup for Falcon Next-Gen SIEM, directly linking to core AWS security services such as AWS CloudTrail, AWS Security Hub, and Amazon GuardDuty. This approach automatically detects data sources and begins ingesting telemetry within minutes, reducing manual configuration requirements. The aim is to unify organisational data from endpoints, cloud workloads, and identities with AWS telemetry for broader threat detection and response functions.

As part of Falcon® Cloud Security's unified CNAPP securing every layer of hybrid cloud risk, CrowdStrike delivers the next evolution of CDR built on three key innovations:

Real-Time Detection Engine: Built on event streaming technology from the world’s top threat hunters, this real-time detection engine analyzes cloud logs as they stream in, applying detections instantly to eliminate latency and false positives.

Expanded Cloud Indicators of Attack: New out-of-the-box real-time detections engineered specifically for cloud adversary behavior leverage AI and machine learning to correlate live activity with cloud asset and identity context to expose advanced attacks – from stealthy privilege escalation to CloudShell abuse – in real time.

Automated Cloud Response Actions and Workflows: Traditional Cloud Workload Protection (CWP) stops at the workload, leaving the cloud control plane exposed, while Cloud Security Posture Management (CSPM) only shows what could go wrong without providing runtime protection. Built on Falcon® Fusion SOAR, new customizable, out-of-the-box workflows close this gap, triggering the instant that threats are detected to automatically disrupt adversaries without waiting for manual SOC intervention.

By enabling “in-pipeline analysis,” Onum allows for AI-powered detections to occur at the data source, even before the data enters the Falcon platform.

This innovative approach promises up to 70 percent faster incident response times with 40 percent less ingestion overhead. Furthermore, its smart filtering capabilities can reduce data storage costs by as much as 50 percent.

Historically, migrating data into a new SIEM has been a major bottleneck for security teams, often requiring complex third-party tools and significant effort.

This acquisition is designed to eliminate that friction by making data streaming and in-pipeline detection a native function within the Falcon platform, accelerating SOC transformation for customers.

 By - Aaradhay Sharma