CrowdStrike has announced new Cloud Native Application Protection Platform (CNAPP) capabilities that build on its agent-based and agentless approach.

These enhancements to CrowdStrike Cloud Security extend support to Amazon Elastic Container Service (ECS) within AWS Fargate, expand image registry scanning for eight new container registries and enable Software Composition Analysis (SCA) for open source software.

According to CrowdStrike, containers have changed how applications are built, tested and used, enabling them to be instantly deployed at scale for any environment. As container adoption increases, it's critical that organisations have access to tools that provide greater visibility into their containerised applications so they can operate more securely.

With support for Amazon ECS alongside previously existing support for Amazon Elastic Kubernetes Service (Amazon EKS), organisations have access to more security tools to manage their AWS Fargate environment.

Amol Kulkarni, chief product and engineering officer at CrowdStrike, says, "By shifting left and proactively assessing containers, CrowdStrike customers will be able to identify any vulnerabilities, embedded malware, or stored secrets before they are deployed.

"Many of our customers rely on AWS as they modernise their IT infrastructure, making it critical to expand our support to services like Amazon ECS. We look forward to continuing to work with AWS to support our customers."

Only CrowdStrike delivers agent-based and agentless CNAPP capabilities through a unified, integrated platform.

With this release, CrowdStrike extends these capabilities to include:

Support for AWS Fargate with Amazon ECS: Bring additional security controls to container environments by identifying rogue containers and drift detection. This capability extends functionality already available for AWS Fargate with Amazon EKS.

Software composition analysis: Improve application security and compliance by detecting and remediating vulnerabilities in open source components in the application codebase. Open language support includes Go, JavaScript, Java, Python and Ruby.

Image registry scanning: For Docker Registry 2.0, IBM Cloud Container Registry, JFrog Artifactory, Oracle Container Registry, Red Hat OpenShift, Red Hat Quay, Sonatype Nexus Repository and VMware Harbor Registry.

To enable the identification of hidden threats and configuration issues in containers to reduce the attack surface and secure continuous integration (CI)/continuous delivery (CD) pipelines. This capability extends existing functionality for Amazon Elastic Container Registry (ECR), Docker Registry and additional cloud registries.

Doug Cahill, vice president, analyst services and senior analyst at Enterprise Strategy Group (ESG), says, "Given the growing adoption of open source and containers, organisations are seeking a CNAPP that enables them to gain full visibility into their development pipeline.

"It encourages a DevSecOps culture, where developers incorporate security as part of their daily workflow. The addition of SCA and the expansion of new container registries within its image registry scanning tool are compelling additions to CrowdStrike's CNAPP offering."

CrowdStrike's adversary-focused approach to CNAPP provides both agent-based (Falcon CWP) and agentless (Falcon Horizon - CSPM) solutions delivered from the Falcon platform.