惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

U
Unit 42
N
News and Events Feed by Topic
S
Schneier on Security
G
GRAHAM CLULEY
Scott Helme
Scott Helme
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
GbyAI
GbyAI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
C
CERT Recently Published Vulnerability Notes
T
The Exploit Database - CXSecurity.com
C
Cisco Blogs
T
The Blog of Author Tim Ferriss
Cisco Talos Blog
Cisco Talos Blog
P
Privacy & Cybersecurity Law Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
博客园 - 司徒正美
Blog — PlanetScale
Blog — PlanetScale
Project Zero
Project Zero
MyScale Blog
MyScale Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Apple Machine Learning Research
Apple Machine Learning Research
小众软件
小众软件
The Last Watchdog
The Last Watchdog
Vercel News
Vercel News
The Cloudflare Blog
C
Check Point Blog
Help Net Security
Help Net Security
Microsoft Security Blog
Microsoft Security Blog
AI
AI
Simon Willison's Weblog
Simon Willison's Weblog
云风的 BLOG
云风的 BLOG
M
MIT News - Artificial intelligence
Stack Overflow Blog
Stack Overflow Blog
腾讯CDC
NISL@THU
NISL@THU
S
Security @ Cisco Blogs
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
S
SegmentFault 最新的问题
MongoDB | Blog
MongoDB | Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threatpost
AWS News Blog
AWS News Blog
Cloudbric
Cloudbric
N
News and Events Feed by Topic
PCI Perspectives
PCI Perspectives
S
Securelist
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V
Vulnerabilities – Threatpost
S
Secure Thoughts

Blog

CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike Why AI Projects Stall and How CIOs Can Respond | CrowdStrike CrowdStrike Leads 2026 Frost Radar for Cloud Runtime Security CrowdStrike Expands Identity Leadership with OpenID and IDPro CrowdStrike 2026 Report: China Fuels Attacks on Tech June 2026 Patch Tuesday: Updates and Analysis | CrowdStrike CrowdStrike and Zscaler Bring Continuous Identity Security to Zero Trust Access 3 Principles to Safely Scale Agentic AI | CrowdStrike ISO 42001:2023 and the New Reality of Cloud AI Data Risk How to Stop AI-Driven Data Loss | CrowdStrike CrowdStrike and NVIDIA Bring Enterprise-Grade Security to AI Factory CrowdStrike and NVIDIA Collaboration Scales AI-Native Agents Secure Shadow AI at the Control Plane with Falcon for IT CrowdStrike Named Leader in 2026 Gartner Magic Quadrant for Endpoint Protection Shadow AI: The Hidden Risk Expanding Across the Enterprise CrowdStrike Named a Leader in Identity Threat Detection and Response Inside CrowdStrike’s Takedown of a Developer-Targeting Botnet Measuring AI-Enabled Success: 3 Trackable KPIs New Claude Integration Brings Audit Data to Falcon Platform How to Protect Identities and Sessions from Infostealers Now Live: CrowdStrike 2026 Financial Services Threat Landscape Report Falcon AIDR Detects Threats at Prompt Layer in Kubernetes AI Apps May 2026 Patch Tuesday: Updates and Analysis | CrowdStrike AI Threat Detection with Automated Leads | CrowdStrike CrowdStrike Named a Leader in Gartner Magic Quadrant for Cyberthreat Intelligence CrowdStrike Launches Falcon OverWatch for Defender CrowdStrike Technical Risk Assessments Reveal Common Exposure Patterns Tune In: The Future of AI-Powered Vulnerability Discovery Defending Against CORDIAL SPIDER and SNARKY SPIDER CrowdStrike Expands ChatGPT Enterprise Integration CrowdStrike Named a Leader in 2026 Frost & Sullivan Radar for CNAPP CrowdStrike Expands Real-Time CDR to Google Cloud CrowdStrike Falcon Cloud Security Delivers 264% ROI CrowdStrike Falcon Platform Achieves 441% ROI in Three Years CrowdStrike Introduces Shadow AI Visibility Service How Defenders Must Respond to Frontier AI | CrowdStrike Frontier AI for Defenders: CrowdStrike and OpenAI TAC April 2026 Patch Tuesday: Updates and Analysis | CrowdStrike How CrowdStrike Accelerates Exposure Evaluation Against Threats | Blog STARDUST CHOLLIMA Likely Compromises Axios npm Package Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Detecting CVE-2026-20929: Kerberos Relay Attack via DNS CNAME Abuse How Charlotte AI Agentworks Fuels Security's Agentic Ecosystem CrowdStrike Flex for Services Expands Access to Elite Security Expertise Falcon Data Security Secures Data Wherever It Lives and Moves CrowdStrike Advances CNAPP with Adversary-Informed Risk Prioritization CrowdStrike Services and Agentic MDR Put Agentic SOC in Reach
CrowdStrike
Karishma Asthana · 2026-06-22 · via Blog

Organizations are struggling to detect, investigate, and contain cloud threats before adversaries achieve their goals. The new CrowdStrike State of Cloud Detection and Response (CDR) Survey highlights the primary challenges they face:

  • Incomplete visibility across cloud workloads, identities, APIs, and cloud control plane activity
  • Difficulty distinguishing malicious activity from legitimate cloud operations
  • Detection and response speeds that lag behind adversary speed
  • Fragmented security tools and workflows that hinder efficiency and scale

Together, these challenges are creating opportunities for threat actors to successfully breach cloud environments. 

The consequences of poor cloud security are difficult to ignore: 94% of organizations report experiencing cloud intrusions that resulted in data exposure or exfiltration. 

73% of Organizations Cannot Consistently Guarantee Cloud Intrusion Detection

Understanding cloud risk is not the same as detecting active adversaries. While visibility into configurations, permissions, and exposed resources helps organizations understand potential exposure, detecting threats requires visibility into what is happening across both the cloud control plane and workloads, and the ability to correlate activity across both layers. 

Yet many organizations lack complete coverage across either. More than half (56%) report that gaps in cloud control plane visibility negatively impact their ability to detect adversaries, while 95% say not all cloud workloads and instances are covered by security sensors or agents. As a result, 73% of organizations cannot consistently guarantee detection of cloud intrusions, highlighting how visibility gaps directly translate into detection gaps.

These visibility challenges are becoming more difficult as AI adoption accelerates cloud growth, increasing both the scale of environments that must be monitored and the number of opportunities for adversaries to operate. Today, 83% of organizations run AI/ML workloads in the cloud, and 81% have experienced incidents targeting those environments. As organizations expand their cloud footprint, maintaining complete visibility becomes more difficult, and reliable threat detection becomes harder to achieve.

But visibility alone does not solve the problem. The sheer volume of cloud activity makes it difficult to determine which signals indicate real threats and which represent normal operations.

78% of Respondents Can't Distinguish Real from Malicious Activity

Cloud environments are built on trusted relationships between identities, services, and APIs, and adversaries are increasingly exploiting this model to blend into legitimate activity. As a result, malicious behavior can appear nearly indistinguishable from normal cloud operations. 

In fact, 78% of organizations report they cannot reliably distinguish legitimate activity from malicious behavior, forcing analysts to spend valuable time validating activity that often turns out to be benign. The result is an overwhelming volume of alerts: 79% say their tools generate too many alerts, and teams spend roughly 77% of their triage time investigating false positives and low-priority alerts.

The consequences extend beyond analyst fatigue. Faced with overwhelming volumes of activity and limited context, organizations are increasingly forced to make trade-offs. Nearly all (98%) report they do not remediate every identified threat, meaning many detections are ultimately deprioritized or ignored.

Identifying a threat is only part of the battle. Organizations must also detect and respond before adversaries can achieve their objectives.

68% of Organizations Take 15+ Minutes to Detect Cloud Intrusions

Cloud detections are frequently delayed by how telemetry is collected and processed, forcing organizations to respond to activity that has already occurred rather than activity unfolding in real time. More than two-thirds (68%) of organizations take 15 minutes or more to detect a cloud intrusion, and over half (51%) require at least an hour. By the time detections are surfaced, adversaries may have already established persistence, moved laterally, or escalated access.

Even when organizations identify malicious activity, containing it before impact remains difficult: 91% of organizations report they are unable to contain all cloud intrusions in real time, highlighting a significant gap between detection and response.

This gap is exacerbated when detection, investigation, and response actions are spread across disconnected systems — another challenge organizations face. Organizations use an average of three tools to detect cloud breaches, while 67% report significant or moderate gaps in integrating cloud detections into their SOC or security information and event management (SIEM) workflows.

This fragmentation forces teams to slow down. Nearly 80% of organizations rely heavily on manual investigations when responding to cloud threats. This requires analysts to stitch together context across multiple systems before they can act.

These inefficiencies have real consequences. Among organizations that experienced breaches, 38% cite tool fragmentation as a contributing factor in intrusions escalating. When detections, investigations, and response workflows are spread across disconnected systems, operational friction creates additional opportunities for adversaries to succeed.

What These Findings Mean for Security Teams

The findings reveal that cloud breaches are rarely the result of a single failure. Instead, they emerge from a series of interconnected gaps across the detection and response lifecycle.

Incomplete visibility obscures attacker activity. Alert noise and limited context make it difficult to determine what matters. Delays in detection and response give adversaries time to achieve their objectives, while fragmented tools and workflows slow efforts to investigate and contain threats.

Individually, each challenge creates risk. Together, they create opportunities for adversaries to move undetected, achieve their objectives, and turn cloud intrusions into breaches.

  • Organizations that lack visibility across the cloud control plane and workloads struggle to reliably detect active threats.
  • As adversaries increasingly abuse legitimate identities, APIs, and services, distinguishing malicious activity from routine cloud operations has become one of the biggest challenges facing security teams.
  • The speed of cloud attacks continues to outpace the speed of detection and response, shrinking the window that organizations have to contain threats before impact occurs.
  • Fragmented tools and workflows compound every stage of the detection and response lifecycle, increasing operational friction and slowing investigations.

Explore the full CrowdStrike State of CDR Survey for a deeper analysis of the CDR gaps impacting teams today.

Additional Resources