CrowdStrike has announced new real-time Cloud Detection and Response (CDR) capabilities designed to stop cloud attacks within seconds, introducing a detection engine, expanded Indicators of Attack (IOAs) and automated response workflows aimed at improving security across hybrid and multi-cloud environments. The enhancements were unveiled at AWS re:Invent 2025 in Las Vegas.
The company said traditional CDR approaches relying on batch log processing can take 15 minutes or more to surface a single detection — a delay that adversaries increasingly exploit as they use AI to accelerate attacks and move laterally across cloud systems. CrowdStrike’s new CDR engine applies streaming technology used by its Falcon Adversary OverWatch team to process cloud events in real time, surfacing high-confidence alerts seconds after suspicious activity occurs.
Chief technology officer Elia Zaitsev said real-time visibility is now essential to preventing breaches, as modern attackers move too quickly for delayed detection methods. The company said its new engine reduces noise, increases precision and shortens response times by eliminating latency inherent in cloud log aggregation.
The expanded cloud IOAs are designed to detect behaviours unique to cloud environments, using AI-driven correlation of live activity with contextual data about identities and cloud assets. CrowdStrike said this enables early detection of advanced attack techniques, including privilege escalation and abuse of cloud-native tools such as CloudShell.
CrowdStrike has also introduced automated response actions built on Falcon Fusion SOAR, allowing security teams to trigger workflows that disrupt threats immediately without waiting for manual intervention. The company said this closes visibility and protection gaps between cloud workload protection and cloud security posture management by providing runtime defence at the control-plane level.
The new capabilities form part of CrowdStrike’s Falcon Cloud Security suite, which delivers unified CNAPP coverage across cloud configurations, identities, workloads and runtime environments. The company said the enhancements bring cloud security closer to real-time operation, aligning detection and response speed with the pace of modern threats.
