CrowdStrike Unveils Native Visibility And Threat Detection For ChromeOS

CrowdStrike announced the first native XDR (extended detection and response) offering for Google’s ChromeOS. This is a significant announcement as it strengthens CrowdStrike’s partnership with Google and addresses a long-standing challenge for IT security teams who have struggled to monitor and defend ChromeOS devices due to their unique architecture and the lack of native security tools.

Google ChromeOS

ChromeOS is a lightweight operating system developed by Google that is designed to be used with cloud-based applications and services. The use of ChromeBooks and ChromeOS is still small by comparison with the traditional Windows and MacOS-based PCs in businesses, but the footprint is growing in enterprise environments as it offers several advantages, including easy management and low costs. It has gained momentum and reached a point where organizations need to ensure ChromeOS devices are secure, but traditional security solutions are often ill-suited for ChromeOS devices.

CrowdStrike’s press release quotes Michael Suby, Research VP at IDC, stating, “Across all verticals, Chromebooks are part of organizations’ PC fleets. In fact, our recent research shows that 16% of North American organizations have Chromebooks and we expect this percentage to increase. Lacking visibility into Chromebooks represents open invitation to bad actors.”

One of the biggest challenges of monitoring and defending ChromeOS devices is the lack of visibility. ChromeOS devices operate in a sandboxed environment that isolates applications and data from each other. This makes it difficult for traditional security solutions to detect threats as they may be contained within a single application or user account. In addition, ChromeOS devices often do not have the same level of access to system resources as traditional operating systems, which further complicates the detection of threats.

Too Many Agents, Too Few Resources

Another challenge of defending ChromeOS devices is the complexity introduced when IT security teams have to manage multiple agents and monitor multiple tools and platforms. Traditional security solutions require the installation of multiple agents on each device, which can create conflicts and impact device performance. IT security teams are then tasked with the burden of monitoring multiple tools and platforms, which can lead to alert fatigue and make it difficult to prioritize and respond to threats.

CrowdStrike’s Falcon Insight XDR solution addresses these challenges by providing a native XDR solution that is purpose-built for ChromeOS devices. XDR solutions are designed to provide comprehensive visibility and detection capabilities across all endpoints, networks, and cloud environments, enabling IT security teams to detect and respond to threats quickly and efficiently.

CrowdStrike and Google

I had an opportunity to speak with Raj Rajamani, Chief Product Officer-DICE for CrowdStrike, and Tony Ureche, Director of Product Management for ChromeOS at Google, about the partnership between the two companies and the ChromeOS news.

Raj explained that the most secure operating system is one that actually is not connected to the internet—from which no data is being extracted. “If you can lock everything down, then I’m sure every enterprise will be super secure. Despite the best design—whether it is Chrome OS, MacOS or Windows doesn’t really matter—what we are dealing with is a very dynamic environment where users are receiving emails, they’re clicking on links, they’re going to websites, and each one of these actions has a certain amount of inherent risk.”

He talked about a phishing scenario that results in an employee sharing their credentials, and how threat actors can use those compromised credentials to infiltrate and move laterally within an environment. “We are dealing with entirely different levels of abstraction here, which is why I believe this partnership is one of the best ways to improve the security. It’s defense in depth, right? We are adding one additional layer of security where we are taking the information that Google is providing us and marrying it with all the other information that we have collected, whether it is from our own modules or third-party modules that are part of our exterior ecosystem and providing something that’s very intelligible as well as actionable for our customers.”

Tony shared the importance of visibility and the ability to monitor and analyze signals of a device at any given time to understand its security posture. “The way Chrome OS has approached security is this sort of from chipsets to cloud, vertically integrated security. Security starts even before the OS has loaded.”

He described the verified boot process and stressed, “The point is, you can’t insert anything in the sequence. That’s critical because—as you probably know—malware wants to be inserted as soon as possible. If I can sit below the AV agent, I can lie. But because we’re making sure we don’t allow that, nothing can be inserted.”

That is why it is often challenging for security tools to effectively manage ChromeOS and why the partnership between CrowdStrike and Google is crucial. The tight integration of the CrowdStrike agent ensures that it what the IT security admin sees in the console is the actual reality at that given moment inside their deployment.

Defending and Protecting ChromeOS

With the increasing adoption of ChromeOS devices in enterprise environments, it is essential that IT security teams have the tools they need to protect their organization’s data and devices. CrowdStrike’s partnership with Google and the CrowdStrike Falcon Insight XDR solution provides native, purpose-built protection, offering improved visibility, threat detection capabilities, and incident response workflows to address the unique cybersecurity challenges of monitoring and defending ChromeOS devices.