CrowdStrike has announced an extension of its Falcon Data Protection for Cloud, incorporating runtime visibility and protection for data within cloud environments. This development evolves the platform’s Data Security Posture Management (DSPM) capabilities from static, point-in-time assessments to addressing active threats against cloud data.

The updated solution provides continuous visibility into data interactions, aiming to detect and stop data breaches in real-time. By integrating runtime protection directly into its cloud security offerings, CrowdStrike addresses the gap between identifying where sensitive data resides and protecting it from active threats as it is being used.

Unifying DSPM with Real-Time Cloud Workload Protection

The core of this enhancement is the unification of DSPM with Cloud Workload Protection (CWP) on the single CrowdStrike Falcon platform. This integrated approach utilizes a single agent for both data discovery and runtime protection, providing a consolidated solution for cloud security. This eliminates the need for organizations to deploy and manage separate tools for data posture and real-time threat detection.

By combining data-centric insights from DSPM with the runtime context provided by CWP, the platform delivers a comprehensive view of how sensitive data is accessed and used. This allows security teams to understand not only the potential risk based on data location and permissions but also the active threats targeting that data.

Key Features of Runtime Data Protection

The new runtime capabilities are designed to detect real-time threats involving sensitive data. The system identifies activities such as malicious processes accessing critical files, data exfiltration attempts, and unauthorized access to managed and unmanaged data stores. The platform provides detailed context for each alert, correlating runtime events with data classification and sensitivity.

This contextualization enables security teams to prioritize the most critical risks based on both the sensitivity of the data involved and the severity of the runtime threat. The solution leverages both agentless discovery for broad visibility across multi-cloud environments and agent-based enforcement for deep, real-time protection on the workload itself.

Source: https://www.crowdstrike.com/en-us/blog/falcon-data-protection-for-cloud-extends-dspm-into-runtime/