CrowdStrike (NASDAQ: CRWD) has introduced new Cloud Detection and Response (CDR) innovations, enhancing real-time protection across hybrid and multi-cloud environments through a new real-time detection engine.

The enhanced CDR capabilities leverage a real-time detection engine built on streaming technology, designed to eliminate detection delays and surface high-fidelity alerts within seconds. These advancements, combined with expanded cloud Indicators of Attack (IOAs) and new automated response actions, aim to provide defenders with the necessary speed and precision to mitigate cloud attacks as they emerge.

Elia Zaitsev, chief technology officer at CrowdStrike, emphasized the urgency of real-time security, stating, “Real-time security is the difference between stopping a breach and needing incident response – every second counts. Today’s adversary moves fast and across domains, and defenders can’t afford to waste time waiting for cloud logs to process or detections to populate.” Zaitsev added that CrowdStrike’s new real-time CDR is intended to reduce response time to seconds, aiming to stop cloud threats before they proliferate.

Traditional CDR methods, which often rely on log batch processing, can take 15 minutes or more to detect threats, a timeframe deemed insufficient as adversaries increasingly utilize AI to accelerate cloud attacks and move laterally across systems. CrowdStrike’s approach processes logs in real time using event streaming technology, which has been applied at scale by Falcon® Adversary OverWatch, to instantly generate high-fidelity alerts.

These enhancements, part of Falcon® Cloud Security’s unified CNAPP, address detection delays, alert noise, and manual bottlenecks. The innovations are structured around three key components:

The Real-Time Detection Engine, based on event streaming technology, analyzes cloud logs as they stream in, applying detections instantly to reduce latency and false positives. Expanded Cloud Indicators of Attack include new out-of-the-box real-time detections specifically engineered for cloud adversary behavior, utilizing AI and machine learning to correlate live activity with cloud asset and identity context. This aims to expose advanced attacks, from privilege escalation to CloudShell abuse, in real time.

Furthermore, new customizable, out-of-box workflows built on Falcon® Fusion SOAR are designed to close the gap left by traditional Cloud Workload Protection (CWP) and Cloud Security Posture Management (CSPM) solutions. These workflows trigger automatically upon threat detection to disrupt adversaries without requiring manual Security Operations Center (SOC) intervention.