About the Falcon: How CrowdStrike Stops Cloud Threats

Swift, intelligent and engineered for precision – Falcon is CrowdStrike’s apex predator in modern cyber defence.

Through an expanded collaboration with Microsoft, the ISO 42001-certified cybersecurity leader CrowdStrike is now extending the reach of its Falcon platform to enterprises via Microsoft Marketplace.

This integration enables organisations to harness CrowdStrike’s unified security architecture directly through existing Azure Consumption Commitment funds, streamlining procurement while accelerating time-to-protection.

By doing so, it tackles long-standing enterprise pain points around cybersecurity adoption – from rigid procurement cycles to multi-vendor complexity – helping security leaders move faster against increasingly advanced digital threats.

“Adversaries don’t wait for budget cycles, and neither should security teams,” says George Kurtz, President, CEO and Founder of CrowdStrike. 

“By enabling customers to use Azure Consumption Commitment for CrowdStrike, we remove procurement friction and maximise the impact of the cloud investment they already have to stop breaches with the Falcon platform.

“Through ongoing collaboration with Microsoft, our ecosystem is broadening to meet the market’s broad-based demand for Falcon.”

Cloud marketplace as new route to market

By linking Falcon adoption to existing cloud commitments, the partnership accelerates enterprise access to CrowdStrike’s full suite of endpoint, cloud, identity and AI-driven security capabilities.

The CrowdStrike platform operates on a lightweight, single-agent architecture designed for seamless scalability across hybrid and multi-cloud environments – delivering real-time protection as adversaries grow more sophisticated.

This latest integration builds on the companies’ history of joint innovation, particularly in advancing extended detection and response (XDR) technologies to unify visibility and defence across the entire IT estate.

“Security is the foundation for AI Transformation,” says Judson Althoff, CEO of Microsoft’s commercial business.

“By enabling customers to apply their Azure Consumption Commitment in Microsoft Marketplace toward the Falcon platform, we are providing the financial flexibility they need to optimise cloud spend while adopting a rigorous security posture.”

Securing cloud with CrowdStrike Falcon 

Falcon’s real-time Cloud Detection and Response (CDR) capability strengthens cloud environments against cloud-savvy threat actors such as Scattered Spider, stopping them from establishing persistent access before critical resources are compromised.

Typically, advanced persistent threat (APT) actors begin their campaigns by stealing an employee’s cloud credentials through targeted social engineering, granting an initial foothold into the environment.

In an AWS scenario, once intruders gain entry, they can exploit the cloud shell to generate an SSH key pair and create an Identity and Access Management (IAM) role with administrative privileges.

From there, spinning up an EC2 instance with that IAM role attached provides temporary credentials for accessing other AWS services – such as S3 or DynamoDB – without using long-term, hardcoded keys.

The result: persistent, high-level access masked as legitimate activity.

With CrowdStrike Falcon’s CDR, such stealth tactics don’t slip through the cracks.

The generation of new SSH keys or creation of unmanaged accounts with elevated privileges is instantly flagged as anomalous activity.

When this behaviour is cross-checked against asset inventory data and baseline telemetry, the deviation provides clear confirmation of compromise.

Falcon then neutralises the intrusion in real time by triggering automated response workflows designed to contain the threat actor’s movement.

Beyond response, Falcon equips security teams with full visibility into the adversary’s activity trail, enabling rapid investigation and continuous improvement of cloud defences.

Preventing AI weaponisation

AI and autonomous agents are now indispensable to business operations – but cybercriminals are rapidly devising new methods to weaponise enterprise AI platforms against their creators.

As CrowdStrike illustrates, even a single point of initial access into an AI ecosystem such as Claude can enable attackers to implant covert backdoors, maintaining persistent footholds within the system long after detection barriers are bypassed.

For instance, if a threat actor breaches Claude through a software vulnerability, compromised credentials or targeted phishing, they can exploit one of its automation features known as hooks.

A specific example is the UserPromptSubmit hook within Claude’s workflow, which can execute inserted commands.

In the wrong hands, this functionality can be manipulated to embed malicious code and create persistent access – though not when CrowdStrike is on watch.

Falcon’s advanced detection quickly identifies such covert behaviour, intercepting it before persistence takes hold and ensuring the platform remains secure.

The collaboration between CrowdStrike and Microsoft makes this advanced level of detection and response more accessible than ever, enabling organisations to integrate Falcon’s security intelligence directly within their existing cloud ecosystems.

Tom Le, Chief Information Security Officer at Gap, explains: “In today's agentic world, security must move at the speed of innovation. 

“CrowdStrike and Microsoft are strategic pillars of our technology ecosystem. Azure drives our dynamic, digital-first retail ecosystem, and the Falcon platform delivers the protection we rely on to stay secure.

“Making Falcon available through Microsoft Marketplace gives us the agility to adapt to rapid shifts in technological change, supporting how we accelerate secure cloud and AI innovation worldwide.”