New Sysdig cloud security software prioritizes risk, cuts remediation time

Unified container and cloud security firm Sysdig on Wednesday launched its cloud security posture management (CSPM) offering, which aggregates security findings by root cause and prioritizes remediation based on impact. The new offering consists of  ToDo, an actionable checklist showing prioritized risks, and Remediation Guru, which offers guided remediation at the source. 

“We consistently hear from prospects that the cloud security tools they are familiar with inundate teams with alerts and findings. Compounding the issue is cutting through the noise to know where to devote resources,” said Maya Levine, product manager at Sysdig. 

Enterprises often have hundreds of cloud accounts and services spread across multiple cloud environments. They often automate the deployment of cloud services using infrastructure as code (IaC). If the IaC template has a configuration error, the same error can get replicated across cloud environments, generating multiple alerts and overwhelming security teams. 

Compounding the problem, policies and controls often cannot be applied across environments. This results in inconsistent policies across the organization for different parts of the software delivery pipeline. The lack of agnostic controls across the technology stack increases management complexity, according to the company.

“The data we have around this is qualitative, this is a pain point that is repeatedly shared in feedback sessions,” Levine said. “The challenge is two-fold. First, of all the alerts and findings a security team deals with, how many of those are actionable? For example, does a vulnerability in an image have a fix yet? Second, how to prioritize what to focus on first?”

ToDo is expected to save time during investigations and Remediation Guru could allow security and DevOps teams to fix issues in seconds with just a few clicks, the company said in a statement. 

Cloud security tool aims to reduce investigation time

ToDo aggregates risks that have the same root cause and provides opinionated prioritization that reduces time spent on the investigation. Along with the help in identifying the risk it also implements fixes through Remediation Guru. 

Remediation Guru automatically generates the suggested change to IaC templates that can be applied with a single click. Because Sysdig has a shared policy model, teams can enforce policy across multiple clouds and Kubernetes environments. 

“ToDo guides users to take the actions that will have the highest impact. It does the work of aggregating resources with similar problems, prioritizing the most impactful actions, and guiding users to take meaningful remediations. This creates a streamlined process for security teams to view all the pressing issues in their environment grouped logically,” Levine said. 

Remediation Guru is available as a tech preview to all existing Sysdig Secure customers. ToDo on the other hand is available only on request. New customers however can access ToDo and Remediation Guru when they purchase Sysdig Secure. 

The company claims customers have been receptive to ToDo, which is currently in a controlled availability (CA) launch. 

“Sysdig has conducted feedback sessions with every customer that has ToDo enabled. The response has been overwhelmingly positive. Customers have stated that they expect to use it frequently and that they see the value in all that it offers,” Levine said.