Sysdig adds “end-to-end” detection and response to CNAPP

Cloud security firm Sysdig has embedded cloud detection and response (CDR) into its cloud-native application protection platform (CNAPP). The company claims to be the first vendor to offer this consolidation, a move that enables its CNAPP to detect threats with 360-degree visibility and correlation across workloads, identities, cloud services, and third-party applications. It leverages Falco, a widely adopted open-source standard for cloud threat detection governed by the Cloud Native Computing Foundation, in both agent and agentless deployment models, Sysdig said.

As cloud adoption grows and organizations build out cloud environments, they face sprawling applications, services, and identities. Detecting and quickly responding to threats across these environments can be a significant challenge for businesses and their security teams, with vast amounts of cloud assets potentially vulnerable and going unchecked for significant periods of time.

Security teams take an average of 145 hours to solve alerts, with 80% of cloud alerts triggered by just 5% of security rules in most environments, according to the Unit 42 Cloud Threat Report, Volume 7. Meanwhile, unpatched vulnerabilities pose significant security threat to organizations, exacerbated by open-source software (OSS) and the scale of what organizations need to manage in cloud environments. Nearly two-thirds (63%) of the cloud source-code repositories Unit 42 analyzed have high or critical vulnerabilities, with 51% of those at least two years old. Of the internet-facing services that host in public clouds, 11% contain high or critical vulnerabilities, 71% of which are at least two years old.

Customers can access agentless deployment of Falco, detect GitHub vulnerabilities

Sysdig customers gain several benefits from new threat detection and response features added to its CNAPP, the firm said in a press release. Previously, to leverage Falco, organizations had to deploy it on their infrastructure, but now they can access an agentless deployment of Falco when processing cloud logs to detect threats across cloud, identity, and the software supply chain, Sysdig said. What’s more, with new Sysdig Okta detections, security teams can better protect against identity risks such as multi-factor authentication fatigue caused by spamming and account takeover. Meanwhile, new GitHub detections allow developers and security teams to be alerted in real time of critical events, such as when a secret is pushed into a repository, Sysdig said.

From a response perspective, customers can use Sysdig Live to view their infrastructure and workloads, as well as the relationships between them, to speed up incident response, while Sysdig Process Tree unveils attack journeys including process lineage, container and host information, malicious user details, and impact, the firm stated. Curated threat dashboards provide a centralized view of critical security issues, spotlighting events across clouds, containers, Kubernetes, and hosts to enable threat prioritization in real time, according to Sysdig. MITRE framework mapping also helps security teams know what is happening across cloud-native environments, the company added.

Effective cloud threat detection, response a significant challenge

Effective cloud threat detection and response is a significant challenge for businesses operating in diverse cloud environments for various reasons, Sean Heide, technical research director, Cloud Security Alliance (CSA), tells CSO. These span factors including multi-cloud complexity, visibility and control, and insufficient security expertise, he says.

“In multi-cloud environments, businesses use multiple cloud services from different providers, each with their own set of security controls and management tools. This leads to a complex security landscape where threats can be hard to detect.”

Companies also often lack complete visibility into all their cloud resources, making it difficult to detect threats and respond in a timely manner, Heide adds. “This can be even more challenging in diverse cloud environments where different systems might not integrate well with each other, creating blind spots.”

Many businesses lack the necessary expertise to effectively manage cloud security too, and this challenge is exacerbated in diverse cloud environments where different systems have unique security needs. “For example, securing an Amazon Web Services (AWS) environment requires different skills and knowledge compared to securing a Google Cloud Platform (GCP) environment,” Heide says.

Threat detection and response integral to modern cloud security

Any product that aims to be a “one-stop shop” for all things cloud security needs to be able to handle detection and response workflows, Fernando Montenegro, senior principal analyst at Omdia, tells CSO. “This is one area that highlights the nuanced evolution of cloud security within organizations as well. For some, they will look to CNAPP to solve all things cloud, while other organizations will take their existing practices around security (be it network security, identity management) and expand them to cloud. There’s no one right answer, as it really depends on how the organization structures itself.”