Cloud security vendor says consolidation will help customers detect threats across workloads, identities, cloud services, and third-party applications. Cloud security firm Sysdig has embedded cloud detection and response (CDR) into its cloud-native application protection platform (CNAPP). The company claims to be the first vendor to offer this consolidation, a move that enables its CNAPP to detect threats with 360-degree visibility and correlation across workloads, identities, cloud services, and third-party applications. It leverages Falco, a widely adopted open-source standard for cloud threat detection governed by the Cloud Native Computing Foundation, in both agent and agentless deployment models, Sysdig said.As cloud adoption grows and organizations build out cloud environments, they face sprawling applications, services, and identities. Detecting and quickly responding to threats across these environments can be a significant challenge for businesses and their security teams, with vast amounts of cloud assets potentially vulnerable and going unchecked for significant periods of time.Security teams take an average of 145 hours to solve alerts, with 80% of cloud alerts triggered by just 5% of security rules in most environments, according to the Unit 42 Cloud Threat Report, Volume 7. Meanwhile, unpatched vulnerabilities pose significant security threat to organizations, exacerbated by open-source software (OSS) and the scale of what organizations need to manage in cloud environments. Nearly two-thirds (63%) of the cloud source-code repositories Unit 42 analyzed have high or critical vulnerabilities, with 51% of those at least two years old. Of the internet-facing services that host in public clouds, 11% contain high or critical vulnerabilities, 71% of which are at least two years old.Customers can access agentless deployment of Falco, detect GitHub vulnerabilitiesSysdig customers gain several benefits from new threat detection and response features added to its CNAPP, the firm said in a press release. Previously, to leverage Falco, organizations had to deploy it on their infrastructure, but now they can access an agentless deployment of Falco when processing cloud logs to detect threats across cloud, identity, and the software supply chain, Sysdig said. What’s more, with new Sysdig Okta detections, security teams can better protect against identity risks such as multi-factor authentication fatigue caused by spamming and account takeover. Meanwhile, new GitHub detections allow developers and security teams to be alerted in real time of critical events, such as when a secret is pushed into a repository, Sysdig said. From a response perspective, customers can use Sysdig Live to view their infrastructure and workloads, as well as the relationships between them, to speed up incident response, while Sysdig Process Tree unveils attack journeys including process lineage, container and host information, malicious user details, and impact, the firm stated. Curated threat dashboards provide a centralized view of critical security issues, spotlighting events across clouds, containers, Kubernetes, and hosts to enable threat prioritization in real time, according to Sysdig. MITRE framework mapping also helps security teams know what is happening across cloud-native environments, the company added.Effective cloud threat detection, response a significant challengeEffective cloud threat detection and response is a significant challenge for businesses operating in diverse cloud environments for various reasons, Sean Heide, technical research director, Cloud Security Alliance (CSA), tells CSO. These span factors including multi-cloud complexity, visibility and control, and insufficient security expertise, he says. “In multi-cloud environments, businesses use multiple cloud services from different providers, each with their own set of security controls and management tools. This leads to a complex security landscape where threats can be hard to detect.”Companies also often lack complete visibility into all their cloud resources, making it difficult to detect threats and respond in a timely manner, Heide adds. “This can be even more challenging in diverse cloud environments where different systems might not integrate well with each other, creating blind spots.”Many businesses lack the necessary expertise to effectively manage cloud security too, and this challenge is exacerbated in diverse cloud environments where different systems have unique security needs. “For example, securing an Amazon Web Services (AWS) environment requires different skills and knowledge compared to securing a Google Cloud Platform (GCP) environment,” Heide says.Threat detection and response integral to modern cloud securityAny product that aims to be a “one-stop shop” for all things cloud security needs to be able to handle detection and response workflows, Fernando Montenegro, senior principal analyst at Omdia, tells CSO. “This is one area that highlights the nuanced evolution of cloud security within organizations as well. For some, they will look to CNAPP to solve all things cloud, while other organizations will take their existing practices around security (be it network security, identity management) and expand them to cloud. There’s no one right answer, as it really depends on how the organization structures itself.” Related content news Amazon debuts biometric security device, updates Detective and GuardDuty Amazon’s latest security offerings, announced at its re:Invent conference, cover everything from advanced biometrics to new tools for defeating runtime and cloud threats, including identity and access management (IAM) capabilities. By Jon Gold Nov 29, 2023 3 mins Biometrics Security Monitoring Software Threat and Vulnerability Management news Almost all developers are using AI despite security concerns, survey suggests About 96% of developers are using AI tools and nearly eight out of 10 coders are bypassing security policies to use them, while placing unfounded trust into AI’s competence and security, according to the report by Snyk. By John Mello Jr. Nov 29, 2023 4 mins Development Tools Security Practices Supply Chain news FBI probes Pennsylvanian water utility hack by pro-Iran group Federal and state investigations are underway for the recent pro-Iran hack into a Pennsylvania-based water utility targeting Israel-made equipment. By Shweta Sharma Nov 29, 2023 4 mins Cyberattacks Utilities Industry feature 3 ways to fix old, unsafe code that lingers from open-source and legacy programs Code vulnerability is not only a risk of open-source code, with many legacy systems still in use — whether out of necessity or lack of visibility — the truth is that cybersecurity teams will inevitably need to address the problem. By Maria Korolov Nov 29, 2023 9 mins Security Practices Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe