CrowdStrike Falcon for AWS in AWS Marketplace is a pay-as-you-go offering AWS customers can use to help protect their cloud workloads using the CrowdStrike Falcon platform and only pay for what they use. The Falcon platform on Amazon Web Services (AWS) is a unified security platform for enterprise-grade security solutions at scale. This offering includes security information event management (SIEM) and cloud security modules, CrowdStrike Falcon Next-Gen SIEM and CrowdStrike Falcon Cloud Security. Falcon Next-Gen SIEM includes a new automation experience that simplifies the onboarding of the complex configurations of AWS Organizations to provide visibility and security monitoring, analysis, detection, and response all within one platform. It does this by using AWS Identity and Access Management (IAM) cross-account read-only asset discovery roles using AWS CloudFormation. In addition to IAM, AWS Marketplace deploys the Falcon Next-Gen SIEM connectors for AWS CloudTrail, Amazon GuardDuty and AWS Security Hub.
In this post, we show you how to use the automation experience in AWS Marketplace to deploy Falcon Next-Gen SIEM for AWS across all AWS Accounts in your AWS Organization. We then demonstrate how to connect AWS CloudTrail, AWS Security Hub, and Amazon GuardDuty.
CrowdStrike and AWS have created an enhanced version of SaaS Quick Launch for Falcon Next-Gen SIEM in AWS Marketplace, delivering a streamlined deployment experience so customers can quickly deploy and access Falcon Next-Gen SIEM for AWS in minutes.
Falcon Next-Gen SIEM is a security software-as-a-service (SaaS) hosted on AWS. It uses AWS services running in a customer’s AWS accounts to deploy customer data connectors using Amazon EventBridge, Amazon Simple Notification Service (Amazon SNS), and Amazon Simple Queue Service (Amazon SQS) to send AWS event and security data to Falcon Next-Gen SIEM. The customer’s Falcon Next-Gen SIEM infrastructure is fully managed by CrowdStrike using IAM using cross-account roles and AWS CloudFormation.
The following diagram shows the solution architecture.
Figure 1: CrowdStrike Falcon Next-Gen SIEM for AWS architecture
In the following steps, we show you how to subscribe to CrowdStrike Falcon for AWS in AWS Marketplace. We then use the new launch experience to deploy Falcon Next-Gen SIEM. The solution follows a two-step process:
Follow these steps to subscribe to CrowdStrike Falcon for AWS in AWS Marketplace:
Figure 2: Set up your account redirect
You will be taken to the new streamlined experience that will guide you through CrowdStrike authentication, Falcon Next-Gen SIEM for AWS configuration, and launch. Follow these steps:
Figure 3: CrowdStrike account linking confirmation message
Figure 4: CrowdStrike Falcon Next-Gen SIEM quick start connectors page
In this post, we demonstrated how to subscribe to and use CrowdStrike Next-Gen SIEM for AWS available in AWS Marketplace. For more information, visit CrowdStrike Falcon for AWS.
Jenn Reed is a Global Principal Security Solutions Architect at AWS with over 25 years of deep experience working in cyber security and software development. She is based out of Ann Arbor MI. At AWS, she is focused on helping customers build securely with AWS.
Kunjal Botadra is a Senior Product Manager at Amazon Web Services (AWS), focusing on software delivery and procurement solutions. He drives the strategy and roadmap for enterprise software deployment. Previously at Akamai Technologies, Kunjal developed web performance optimization products and services. He specializes in customer-centric product development and building high-performing cross-functional teams.
