CrowdStrike launches unified data protection for AI & cloud

Techday NZ

30-04-2025

CrowdStrike has introduced a collection of new capabilities aimed at providing real-time data protection across cloud infrastructures, AI models, endpoints, and SaaS applications.
The set of products and features includes Falcon Cloud Security AI Model Scanning and AI Security Dashboard, Falcon Data Protection for Cloud and Endpoint, and a new range of SaaS Threat Services. These are designed to address the evolving methods by which adversaries target and extract sensitive information.
One of the key advances highlighted by CrowdStrike is Falcon Cloud Security's ability to inspect AI models for malware, backdoors, and other alterations before they are deployed in production environments. Security teams will receive real-time visibility into all AI workloads within the cloud, supporting proactive risk management in an area seeing rapid growth and increasing interest from threat actors.
The Falcon Data Protection for Cloud and Endpoint feature seeks to address security gaps by offering runtime data protection for both cloud and endpoint environments. This enables organisations to prevent the exfiltration of encrypted files and mitigates risks related to generative AI–led data leaks as they occur, according to the firm.
CrowdStrike also announced SaaS Threat Services that include expert-led assessments and proactive threat detection and response, with the goal of helping organisations identify and mitigate risks stemming from SaaS application misuse or misconfiguration. These services have been designed in response to the growing prevalence of cloud-based attacks which target user identities and enterprise data.
Recent cyber incidents have illustrated an adversarial shift from causing disruption to systematically stealing data, typically through exploitation of misconfigured systems and legitimate user credentials. CrowdStrike points to groups such as SCATTERED SPIDER and FAMOUS CHOLLIMA who have used compromised SSO accounts or insider access to extract internal documents, credentials, and intellectual property for extortion or further attack. As generative AI solutions are adopted more widely without adequate security controls, new points of exposure for sensitive data emerge within organisations.
"In today's threat landscape, your data isn't just an asset – it's the primary target," said Elia Zaitsev, Chief Technology Officer at CrowdStrike. "Legacy data protection approaches fail because they're fragmented across environments, blind to encrypted exfiltration and incapable of stopping threats in real time. Today, businesses must also contend with employees inadvertently leaking sensitive data to unapproved or misused GenAI tools, adding new layers of risk. With Falcon Data Protection, we are the next chapter of data protection: unified visibility and control across your entire data ecosystem with the real-time protection needed to stop data theft before it happens."
The Falcon Data Protection platform is promoted as a way to forgo a patchwork approach that often requires separate endpoint, cloud, and SaaS security solutions. Instead, it delivers comprehensive data protection from a single platform. Among the features are runtime data protection for cloud data at rest and in transit, which uses eBPF technology to identify and prevent unauthorised data movement in real-time across multi-cloud and on-premises environments.
The Endpoint – Encryption Detection capability is intended to identify and block unauthorised attempts to archive and exfiltrate sensitive data within encrypted files, including 7zip formats, ahead of their encryption and movement. This, CrowdStrike asserts, helps prevent data theft regardless of the method used by attackers.
For generative AI applications, Falcon Data Protection includes GenAI Data Leak Prevention, which applies proprietary Similarity Detection DNA technology. This approach detects sensitive material even if altered or disguised for input into GenAI tools. Enforcement policies can be tailored by content type and data sensitivity label, restricting the flow of sensitive data into both authorised and unauthorised GenAI platforms.
Additional enhancements extend protection to macOS environments, aiming for consistent oversight and controls across varied device deployments. Just-in-Time Privileged Access and Identity-Based Threat Detection provide dynamic and situational access controls, as well as integration with broader threat intelligence, to address insider threats and external actors that exploit identity weaknesses.
With identity-based attacks and SaaS vulnerabilities increasingly exploited for malicious gain, SaaS Threat Services cover incident response, risk assessments, and tailored guidance to shore up organisational defences for both on-premises and cloud-based data assets.