Microsoft and CrowdStrike: Securing the Cloud Against APTs

Incredible speed and quick to strike – Falcon is CrowdStrike’s apex predator in the realm of threat hunting. 

Thanks to an expanded partnership with Microsoft, the ISO 42001-certified cybersecurity leader CrowdStrike can now bring the power of CrowdStrike Falcon to secure enterprises through Microsoft Marketplace. 

Organisations can purchase the unified cybersecurity solution using existing Azure Consumption Commitment funds, simplifying procurement and accelerating security deployment.

The move addresses key enterprise challenges in cybersecurity adoption – namely, traditional budget cycles and multi-vendor approvals – which often delay protection against sophisticated threats.

“Adversaries don’t wait for budget cycles, and neither should security teams,” says George Kurtz, President, CEO and Founder of CrowdStrike. 

“By enabling customers to use Azure Consumption Commitment for CrowdStrike, we remove procurement friction and maximise the impact of the cloud investment they already have to stop breaches with the Falcon platform.

“Through ongoing collaboration with Microsoft, our ecosystem is broadening to meet the market’s broad-based demand for Falcon.”

Cloud marketplace as new route to market

By aligning Falcon purchases with pre-committed cloud spending, the partnership enables faster activation of CrowdStrike’s endpoint, cloud, identity and AI security capabilities.

CrowdStrike's platform leverages a lightweight single-agent architecture for rapid scalability, protecting data across hybrid environments amid rising attack sophistication.

The integration builds on prior collaborations between the companies, including joint innovations in extended detection and response.

“Security is the foundation for AI Transformation,” says Judson Althoff, CEO of Microsoft’s commercial business.

“By enabling customers to apply their Azure Consumption Commitment in Microsoft Marketplace toward the Falcon platform, we are providing the financial flexibility they need to optimise cloud spend while adopting a rigorous security posture.”

Securing cloud with CrowdStrike Falcon 

Falcon’s real time cloud detection and response (CDR) helps secure cloud environments from cloud-conscious threat actors such as Scattered Spider and prevents them from establishing persistent access.

A common modus operandi of advanced persistent threat (APT) actors usually begins with compromising the cloud credentials of an employee using social engineering to gain initial access.

Taking an AWS cloud environment as an example, once bad actors gain access, they can use the cloud shell command line to generate an SSH key pair and establish an IAM (identity access management) role with administrative privileges.

After this, they can create an EC2 instance with the IAM role attached to it. This grants temporary security credentials to access other AWS services (like S3, DynamoDB) without storing long-term, hardcoded access keys and voila – there you have persistent administrative access.

With CrowdStrike Falcon’s CDR, this slight of hand doesn’t go unnoticed. This generation of new SSH keys and creation of unmanaged accounts with administrative access immediately gets flagged as suspicious.

This move – when cross verified against the asset inventory data, showing significant deviation from baseline behaviour – adds confirmation. Falcon is then able to stop the threat actor in their tracks by invoking workflows. 

Falcon also provides security teams a comprehensive view of threat actor movement.

Preventing AI weaponisation

AI and AI agents are becoming non-negotiable to businesses – and cybercriminals are coming up with inventive ways to use enterprise AI tools against them. 

CrowdStrike demonstrates how an initial access into an AI ecosystem like that of Claude allows bad actors to leave open backdoors that can establish persistent access. 

For example, once a threat actor gets into Claude through a software vulnerability, account compromise or through phishing emails, they can modify a Claude’s feature called hooks – which is usually a helpful feature that enables automation.

One such hook is the UserPromptSubmit option in Claude’s workflow, which can have any command inserted. This can be used by a bad actor to embed malicious code and establish persistent access – luckily, not under CrowdStrike’s watch. 

These hidden threats are still flagged and stopped as Falcon swoops to save the day. 

The partnership between CrowdStrike and Microsoft means this level of detection becomes much easier to access.

Tom Le, Chief Information Security Officer at Gap, explains: “In today's agentic world, security must move at the speed of innovation. 

“CrowdStrike and Microsoft are strategic pillars of our technology ecosystem. Azure drives our dynamic, digital-first retail ecosystem, and the Falcon platform delivers the protection we rely on to stay secure.

“Making Falcon available through Microsoft Marketplace gives us the agility to adapt to rapid shifts in technological change, supporting how we accelerate secure cloud and AI innovation worldwide.”