Octopus Deploy Scales Up Securely with CrowdStrike

Octopus Deploy (“Octopus”) is a global leader in software automation, with a best-of-breed continuous delivery (CD) platform known as Octopus Cloud. Utilising Kubernetes and cloud-based virtual machines, known as ‘Dynamic Workers’, Octopus Cloud runs deployments for organisations from small-to-medium businesses to enterprise level. Octopus provides automated software delivery at any scale to Kubernetes, multi-cloud and on-premise environments. Founded in Brisbane, over the last 10 years Octopus has grown from a small tech startup to now having over 300 employees. 

After experiencing such rapid growth, Octopus needed to take its security posture seriously in order to protect customer information and systems, particularly from malicious code and supply chain attacks. 

Prior to onboarding CrowdStrike, Octopus had implemented basic security measures, explained Chris van Dal, Senior Security Operations Manager at Octopus Deploy. Octopus’ security team had minimal visibility on vulnerabilities in its environment, and limited ability to identify any existing or emerging threats to its infrastructure.

After discovering that threat actors were exploiting free trials of the Octopus Cloud to mine cryptocurrency, Octopus successfully used CrowdStrike alongside our SIEM and internal processes to prevent such abuse.

Evaluating a number of potential endpoint detection and response (EDR) solutions, Octopus recognised that the cost, features and ease of use placed CrowdStrike way ahead of other security vendors. 

“We assessed a few different vendors at the time, and CrowdStrike came out on top. When we rolled out CrowdStrike, we immediately saw success in blocking would-be crypto miners on our Cloud Platform” said Chris.

After onboarding CrowdStrike, Octopus quickly gained a new level of visibility over its security landscape. The solution is protecting the organisation’s Windows and macOS workstations, as well as its Windows, Linux and Kubernetes clusters running on popular cloud service providers cloud infrastructure.

“We've got that single pane of glass now with CrowdStrike to look over all of our devices from any operating system across all of our environments,” said Chris.

Octopus' business structure presents unique security challenges. As part of its SaaS offering for its self-hosted product, Octopus manages automatic updates, upgrades, backups, and security for its customers. Organisations using Octopus Cloud are allowed to arbitrarily run code using their Dynamic Workers, so having a security provider that can instantly detect and shut down malicious activity is paramount.

By shipping CrowdStrike Falcon pre-installed with these Dynamic Workers, Octopus empowers customers to run their own code with full autonomy. At the same time, CrowdStrike ensures security by detecting and stopping any abnormal or malicious activity, striking a balance between freedom and protection.

“We rely heavily on CrowdStrike to ensure that our Dynamic Workers are secure,” said Chris.

CrowdStrike Falcon Complete has allowed for compartmentalised security for Octopus’ remote teams across all operating systems, viewed through a single pane of glass.

Security alerts are separated into individual security identifiers (SIDs), so each team within the company only has to address alerts that are directly related to their own infrastructure and nothing else. This creates a clear separation of duties, and allows each team to retain confidentiality and focus on their own areas.  

“Each team that has CrowdStrike running on infrastructure they're responsible for have their own SID. This boundary ensures that teams can access relevant insights and information themselves and work with the product safely. However, the Security Operations team has visibility into all SIDs to maintain oversight and security across the organization.” said Chris.

The security and privacy of its customers' personal, company, and intellectual property data are top priorities at Octopus, and the company leverages CrowdStrike to maintain and continuously improve its security and compliance programs. That includes compliance with ISO 27001:2022 and SOC 2 Type II, as well as with applicable legal and regulatory requirements in relation to handling personal data such as GDPR.

“We undergo regular third-party audits and technical assessments of our data security. Our auditors can see our policies and level of compliance using evidence sourced from the CrowdStrike dashboard,” said Chris.

More recently, Octopus has been using CrowdStrike as part of its pentesting and incident response programs. By pushing unusual but non-malicious code through its build pipeline and simulating attacks, the CrowdStrike agent is always able to quickly detect this activity, demonstrating its ability to prevent any potential malware from being released to customers. 

Overall, Octopus has seen a huge improvement in visibility over its security landscape since deploying CrowdStrike, as well as confidence that its data and systems, and their customers' systems and data, are protected. 

The biggest impact, said Chris, is the level of security awareness that CrowdStrike has brought to the table. “CrowdStrike’s alerts on abnormal activity and behaviour gives us that level of confidence that even though it might not be malicious, we understand what’s happening and we're not caught napping.”

Octopus plans to continue investing in its CrowdStrike platform, as the business continues to grow and diversify internationally.

”We really appreciate the CrowdStrike platform and see a lot of value in it.  It’s just a really good security product that I don't think we could live without.”