CrowdStrike Simplifies Procurement via Microsoft Marketplace

The cybersecurity landscape requires speed and rapid response times, with CrowdStrike positioning its Falcon platform as a primary tool for threat hunting. Through an expanded partnership with Microsoft, the ISO 42001-certified cybersecurity company brings the capabilities of CrowdStrike Falcon to secure enterprises via the Microsoft Marketplace.

Organisations can purchase this unified cybersecurity solution using their existing Azure Consumption Commitment funds. This approach simplifies the procurement process and accelerates the deployment of security measures.

The strategic move addresses key challenges enterprises face regarding cybersecurity adoption. Specifically, it limits the impact of traditional budget cycles and multi-vendor approvals which often delay protection against threats.

“Adversaries don’t wait for budget cycles, and neither should security teams,” says George Kurtz, President, CEO and Founder of CrowdStrike.

“By enabling customers to use Azure Consumption Commitment for CrowdStrike, we remove procurement friction and maximise the impact of the cloud investment they already have to stop breaches with the Falcon platform. Through ongoing collaboration with Microsoft, our ecosystem is broadening to meet the market’s broad-based demand for Falcon.”

Streamlining procurement through Marketplace

By aligning Falcon purchases with pre-committed cloud spending, the partnership allows for faster activation of CrowdStrike’s endpoint, cloud, identity and AI security capabilities.

The platform uses a lightweight single-agent architecture intended for rapid scalability. This protects data across hybrid environments while attack methods become more complex.

This integration builds upon prior collaborations between the two companies, which includes joint innovations in extended detection and response.

“Security is the foundation for AI Transformation,” says Judson Althoff, CEO of Microsoft’s Commercial Business.

“By enabling customers to apply their Azure Consumption Commitment in Microsoft Marketplace toward the Falcon platform, we are providing the financial flexibility they need to optimise cloud spend while adopting a rigorous security posture.”

Securing hybrid cloud environments

Real-time cloud detection and response (CDR) from Falcon helps secure cloud environments from cloud-conscious threat actors, such as Scattered Spider, and prevents them from establishing persistent access.

According to CrowdStrike, a common modus operandi for advanced persistent threat (APT) actors begins with compromising the cloud credentials of an employee using social engineering to gain initial access.

Taking an Amazon Web Services (AWS) cloud environment as an example, once bad actors gain access, they could use the cloud shell command line to generate a Secure Shell (SSH) key pair. They can then establish an IAM (identity access management) role with administrative privileges.

Following this, they could create an Elastic Compute Cloud (EC2) instance with the IAM role attached to it. This grants temporary security credentials to access other AWS services without storing long-term, hard-coded access keys, which could result in persistent administrative access.

With CrowdStrike Falcon’s CDR, these actions are monitored. The generation of new SSH keys and the creation of unmanaged accounts with administrative access gets flagged as suspicious. When cross-verified against asset inventory data showing significant deviation from baseline behaviour, the system adds confirmation.

Mitigating risks in AI

Artificial intelligence and AI agents are becoming essential to businesses, yet cybercriminals are developing ways to use enterprise AI tools against them. CrowdStrike data suggests how initial access into an AI ecosystem like that of Claude allows bad actors to leave open backdoors that could establish persistent access.

For example, once a threat actor enters Claude through a software vulnerability, account compromise or phishing emails, they could modify a Claude feature called hooks.

While usually a helpful feature that enables automation, one such hook is the UserPromptSubmit option in Claude’s workflow. This can have any command inserted, which could be used by a bad actor to embed malicious code and establish persistent access.

The partnership between CrowdStrike and Microsoft ensures this level of detection becomes easier to access for procurement leaders looking to secure their infrastructure.

Tom Le, Chief Information Security Officer at Gap, said in a statement: “In today's agentic world, security must move at the speed of innovation. CrowdStrike and Microsoft are strategic pillars of our technology ecosystem.

“Azure drives our dynamic, digital-first retail ecosystem, and the Falcon platform delivers the protection we rely on to stay secure. Making Falcon available through Microsoft Marketplace gives us the agility to adapt to rapid shifts in technological change, supporting how we accelerate secure cloud and AI innovation worldwide.”