CrowdStrike has added new capabilities to its Falcon Cloud Security platform, aimed at helping organisations prioritise and eliminate cloud risk based on real-world adversary behaviour.
The update centres on what the company describes as an “adversary-informed” approach to cloud security, combining application context, threat intelligence, and root-cause analysis to identify which vulnerabilities are most likely to be exploited and enable faster remediation.
“Cloud security isn’t about generating more alerts, it’s about understanding how risk forms and which exposures adversaries will actually target,” Elia Zaitsev, chief technology officer at CrowdStrike, said in a 24 March statement.
“Our latest innovations are the industry’s first to connect application behaviour and adversary tradecraft into a single operating model, delivering the context and prioritisation that teams need to eliminate noise and remediate critical exposures with speed and precision.”
The move comes as organisations face increasingly dynamic cloud environments, where configurations, permissions and workloads are constantly changing. At the same time, attackers are leveraging AI to identify and exploit weaknesses at speed, exposing the limitations of traditional cloud security tools that assess risk in isolation.
CrowdStrike believes these legacy approaches generate large volumes of disconnected alerts without providing clear guidance on which risks should be addressed first.
To address this, the company has introduced a set of capabilities designed to provide a more contextual and actionable view of cloud risk. These include tools that map how application behaviour influences risk in real time, visualise how vulnerabilities evolve over time, and align identified exposures with active adversary tactics observed in the wild.
By correlating these signals, CrowdStrike aims to give security teams a clearer understanding of how risks develop and which attack paths are most likely to be exploited, enabling more targeted remediation.
The platform also integrates runtime protection and cloud detection and response (CDR) capabilities, allowing organisations to move from identifying risk to actively blocking malicious activity. This includes isolating compromised workloads and stopping threats in real time, rather than relying solely on preventative controls.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.