By now everyone knows Crowdstrike for its brilliant no-QA'ed BSOD update that took worldwide critical infrastructures by the balls. Not exactly a stock price booster, that one. But Crowdstrike isn't only doing Windows. Let's dive into their latest venture:
Entering the Serverless Space
Serverless functions are great for DevOps teams because they let developers build and run apps without worrying about the infrastructure. But like anything in tech, they come with their own security headaches.
The Bad of Serverless
Here are 3 security risks right off the top of my head:
Hard to Track: Serverless functions come and go quickly, versions get updated, making it tough to keep track of what's vulnerable when. It's like playing whack-a-mole with your codebase.
More Entry Points: Each function is a potential entry point for attackers. More functions? More ways for the bad guys to say "hello world".
Overwhelmed Teams: Dev teams are already swamped trying to fix vulnerabilities while still pushing out new features. Add serverless to the mix, and you've got a recipe for burnout.
CrowdStrike Steps Up
CrowdStrike has noticed these issues and added new features to their Falcon Cloud Security tool. It now covers serverless functions from the big three:
Amazon's Lambda
Google's Cloud Functions
Azure's Functions
What's this Crowdstrike Falcon, then?
Function Discovery: Falcon Cloud Security finds all your serverless functions and what they depend on, putting it all in one place. It's using cloud provider APIs to build a dependency graph, which is pretty neat.
Pre-Execution Scanning: It scans your code before it goes live, looking for weak spots and misconfigurations. We're talking static code analysis, dependency checks, and configuration audits. No runtime overhead here.
AI-Powered Prioritization: They're using AI (they call it ExPRT.AI) to figure out which problems you should fix first. It's not just CVSS scores; it's looking at real-world attack data and your specific setup.
Is the AI Thing Just Hype?
When companies talk about AI, it's easy to roll your eyes. But CrowdStrike might be onto something here. Regular vulnerability scores (like CVSS) don't always tell the whole story. An AI system that looks at real threats and your specific setup could actually be useful.
That said, don't treat AI like magic. It's a tool to help you make decisions, not make them for you. And remember, AI models can be biased or manipulated. Trust, but verify.
What This Means for Serverless
CrowdStrike adding these features is a sign that serverless security is growing up. It shows that big players are taking these risks seriously.
This will probably push other security companies to up their game too. That's good news for anyone using serverless functions - we'll likely see better, more tailored security options coming soon.
Expect to see:
- More focus on serverless-specific security standards
- Cloud providers beefing up their native security tools
- A push to integrate security earlier in the serverless development process
Three Alternatives to Crowdstrike Falcon Cloud Security
Falcon Cloud Security is aiming for an advanced position in the market with their ExPRT.AI. However, CrowdStrike doesn't have the only serverless security product on the market. If, for no reason in particular, you'd like to explore other options, we have listed the following alternatives:
Aqua Serverless Security
Integrations: AWS Lambda, Azure Functions, Google Cloud Functions
Key Features:
- Vulnerability scanning and compliance monitoring for serverless applications.
- Broader approach that includes both serverless and containerized environments, including Docker and Kubernetes
Snyk for Serverless
Integrations: AWS Lambda, Heroku
Key Features:
- Development-time vulnerability identification and remediation.
- Monitoring of Node.js dependencies for vulnerabilities with Serverless Snyk Plugin.
- Continuous monitoring similar to CrowdStrike’s threat prevention.
Sysdig Serverless Security
Integrations: AWS Lambda, Google Cloud Run, AWS Fargate
Key Features:
- Runtime protection through active monitoring of serverless functions.
- Continuous compliance monitoring for standards like PCI, NIST, and SOC2.
- Observability via AWS logs and full Prometheus compatibility for performance monitoring.
- Automated image scanning for vulnerabilities in serverless containers.
- Threat detection based on open-source Falco.
Wrapping Up
Serverless computing is cool, but it needs solid security. CrowdStrike's new features are a step in the right direction. They're trying to make it easier to spot and fix problems before they become real issues.
As serverless keeps growing, expect to see more focus on keeping it secure. For now, if you're using serverless functions, it's worth looking into tools that can protect your whole cloud setup.
We're not at perfect serverless security yet, but we're getting there. Keep an eye on this space - it's going to be an interesting ride. And maybe, just maybe, we'll make it through without too many security nightmares.
Read the crowdstrike post about Falcon here: Crowdstrike blog