CrowdStrike Doubling Down On AI Security For AWS: CBO Daniel Bernard

The cybersecurity giant has expanded its Falcon Cloud Security offering to provide scanning capabilities for AI containers and enhanced support for Amazon SageMaker, CrowdStrike Chief Business Officer Daniel Bernard tells CRN.

CrowdStrike has expanded its Falcon Cloud Security offering to provide broader protections for AI usage on AWS, enabling partners and customers to secure AI technologies “at the source,” CrowdStrike Chief Business Officer Daniel Bernard told CRN.

The cybersecurity giant announced the expansion Wednesday with the introduction of scanning capabilities for AI containers on AWS and enhanced support for Amazon SageMaker, via Falcon Cloud Security.

The announcement came in connection with AWS re:Invent 2024 in Las Vegas, where AWS also recognized CrowdStrike with several partnership awards including Global Security Partner of the Year.

In an interview with CRN, Bernard said that CrowdStrike and AWS are jointly doubling down on providing security for AI/ML usage including through the expanded support for Amazon SageMaker. The enhanced support for the AWS machine-learning service follows previously announced CrowdStrike Falcon support Amazon Bedrock, AWS’ service for building GenAI applications.

With the enhanced SageMaker support, “we secure [AI] at the source together with AWS in a very integrated, completely native fashion,” Bernard said.

Meanwhile, CrowdStrike announced Wednesday that its AI container scanning capabilities for AWS will enable detection of misconfigurations and vulnerabilities in AI workloads while in the build phase, prior to deployment.

Additionally, CrowdStrike disclosed that it has expanded its Falcon Identity Protection offering through a new integration with AWS IAM Identity Center. The move unifies the visibility that partners and customers have into identities while also providing detection and response capabilities to protect against identity attacks in the cloud, the company said.

Ultimately, “as organizations of all sizes start to build their own AI stacks — which will be transformative, as well as an integral part of the IT environment for the foreseeable future — being able to secure that environment with CrowdStrike is paramount,” Bernard said. “And that's exactly what we're doing by releasing these innovations ahead of really where the puck is going.”

What follows is an edited portion of CRN’s interview with Bernard.

How are you enabling a greater level of AI security on AWS with this announcement?

With tens of thousands of customers using AWS and CrowdStrike, so many of our joint customers are taking their first steps into their own AI development in AWS, using AWS-native services. This announcement is all about articulating how the Falcon Cloud Security portfolio has expanded — and expanded specifically to secure their AI journeys on AWS. So natively, you can use Falcon Cloud Security and have it protect not only your Bedrock, but also your SageMaker and the whole range of AWS’ services. And this is not theory — this is also what is happening in real time with what AWS is doing internally for their own AI development using CrowdStrike. It's also something that many customers, such as Anthropic, are using.

How does this build upon your existing, long-running partnership with AWS?

[CrowdStrike has been] leveraging the scale of the cloud from the very start of the company, building on AWS. That partnership has expanded as organizations have shifted their software experiences from boxes and on-prem to the cloud. In the early days, there was so much hesitancy around, “Should we move to the cloud or not?” Well, the whole world moved to the cloud, and we took cybersecurity to the cloud. This is just a natural extension — as our customers do more in not only the cloud, but also with AI, how do you secure that experience? And we secure it at the source together with AWS in a very integrated, completely native fashion. That's No. 1. But No. 2, both companies are using these technologies internally themselves. And then No. 3 is the market impact we can create together. As organizations of all sizes start to build their own AI stacks — which will be transformative, as well as an integral part of the IT environment for the foreseeable future — being able to secure that environment with CrowdStrike is paramount. And that's exactly what we're doing by releasing these innovations ahead of really where the puck is going.

What are some of the AI security risks that you're trying to prevent with doing this?

When people are thinking about software development and DevOps and writing code, security isn't the first thing they're thinking about. Historically, that's been because either there weren't security tools that could safeguard those processes or workflows — or if there were tools, they got in the way of the innovation. I think we're at this really unique part of the market — that we've helped bring about — where security doesn't get in the way of productivity. That's a core element of CrowdStrike. Our world of security is about removing friction, getting out of the way, keeping it super light on the device or in the workload or in the container, and having it be highly performant. So taking the operational friction out of this workflow is the foundation. And I think we're at a point where we've done that. So that's No. 1. No. 2 is, protecting the cloud is a different use case than protecting a server or a device. This is really where our expertise in Falcon Cloud Security comes to life — going from code development to runtime protection to posture management. Posture wasn't as big of a deal in some of these other attack surfaces. But in the cloud environment, each one of those things that I mentioned is really a different axis of protection.

Protecting the cloud is really protecting a workflow, and you need To be able to protect things pre-, on- and post-execution. What we've seen time and time again in different parts of the market is, when you have different vendors for those different stages, the customer doesn't get the best outcome, and it really benefits the adversary. And so, while there's certainly folks that do a great job on posture, and just do posture, you really need this entire workflow. I think that's been a very integral part of the evolution of cloud security, and frankly, in cloud and AI adoption.

Attackers are also increasingly going after the AI models themselves, as well?

Yes. Cloud security, and doing AI in the cloud or even in an on-prem data center, brings a whole new level of risk from really every vector. We've long talked about how cloud intrusions are up. The cloud as an attack surface is really one of the new hotbeds of the attack landscape. AI only accelerates that. It accelerates it in terms of interest in gaining access to models and the underlying data for the models — but also the ability to use AI to wage a cyberattack. It accelerates the whole kill chain. We need to secure how we use AI. We need to secure the supply chain around AI. And we need to secure where it lives, where it's created, as well as who's able to work on and create and curate and innovate using AI. It’s a topic that not only partners are focused on — with being super-responsive to market needs — but frankly, your average CISO or your average IT team is now thinking about these things much more critically than they were a year or two years ago.

Why is this so important for partners?

When I talk to partners, I’ve been a proponent of saying that if you're not talking about AI, if you're not talking about cloud security with your customers, you're really leaving a big opportunity on the table, and it's actually creating risk. If you look at partners of all types, they've all made very interesting forays into cloud security. And I put AI security as really a subset of cloud security. My take is, the more expertise that partners have in cloud security, and specifically AI security, that's a net benefit for customers of all sizes. Some say the arc of cybersecurity trails the arc of technology. I think that's really more of a legacy way of looking at cybersecurity. When it's done properly, it goes into lockstep with the arc of technology. If you're doing it right, it's all part of a platform so that you're not always having to deploy a new thing over here and a new thing over there. There's no stitching required. It's not disjointed. Your security platform is able to keep up, or sometimes even outpace your organization's level of innovation. And so by the time you're innovating on Bedrock, or you're utilizing SageMaker, the security solution that you have that you've trusted is already there for you to secure your innovation before you’ve even started your innovation. I think that's really the paradigm and the framework that cybersecurity needs to live in to be successful in the AI era — it’s not trailing the curve of innovation, but really being in lockstep, if not being there before the customer is already ready to innovate.