Cloud security vendor says consolidation will help customers detect threats across workloads, identities, cloud services, and third-party applications. Cloud security firm Sysdig has embedded cloud detection and response (CDR) into its cloud-native application protection platform (CNAPP). The company claims to be the first vendor to offer this consolidation, a move that enables its CNAPP to detect threats with 360-degree visibility and correlation across workloads, identities, cloud services, and third-party applications. It leverages Falco, a widely adopted open-source standard for cloud threat detection governed by the Cloud Native Computing Foundation, in both agent and agentless deployment models, Sysdig said.As cloud adoption grows and organizations build out cloud environments, they face sprawling applications, services, and identities. Detecting and quickly responding to threats across these environments can be a significant challenge for businesses and their security teams, with vast amounts of cloud assets potentially vulnerable and going unchecked for significant periods of time.Security teams take an average of 145 hours to solve alerts, with 80% of cloud alerts triggered by just 5% of security rules in most environments, according to the Unit 42 Cloud Threat Report, Volume 7. Meanwhile, unpatched vulnerabilities pose significant security threat to organizations, exacerbated by open-source software (OSS) and the scale of what organizations need to manage in cloud environments. Nearly two-thirds (63%) of the cloud source-code repositories Unit 42 analyzed have high or critical vulnerabilities, with 51% of those at least two years old. Of the internet-facing services that host in public clouds, 11% contain high or critical vulnerabilities, 71% of which are at least two years old.Customers can access agentless deployment of Falco, detect GitHub vulnerabilitiesSysdig customers gain several benefits from new threat detection and response features added to its CNAPP, the firm said in a press release. Previously, to leverage Falco, organizations had to deploy it on their infrastructure, but now they can access an agentless deployment of Falco when processing cloud logs to detect threats across cloud, identity, and the software supply chain, Sysdig said. What’s more, with new Sysdig Okta detections, security teams can better protect against identity risks such as multi-factor authentication fatigue caused by spamming and account takeover. Meanwhile, new GitHub detections allow developers and security teams to be alerted in real time of critical events, such as when a secret is pushed into a repository, Sysdig said. From a response perspective, customers can use Sysdig Live to view their infrastructure and workloads, as well as the relationships between them, to speed up incident response, while Sysdig Process Tree unveils attack journeys including process lineage, container and host information, malicious user details, and impact, the firm stated. Curated threat dashboards provide a centralized view of critical security issues, spotlighting events across clouds, containers, Kubernetes, and hosts to enable threat prioritization in real time, according to Sysdig. MITRE framework mapping also helps security teams know what is happening across cloud-native environments, the company added.Effective cloud threat detection, response a significant challengeEffective cloud threat detection and response is a significant challenge for businesses operating in diverse cloud environments for various reasons, Sean Heide, technical research director, Cloud Security Alliance (CSA), tells CSO. These span factors including multi-cloud complexity, visibility and control, and insufficient security expertise, he says. “In multi-cloud environments, businesses use multiple cloud services from different providers, each with their own set of security controls and management tools. This leads to a complex security landscape where threats can be hard to detect.”Companies also often lack complete visibility into all their cloud resources, making it difficult to detect threats and respond in a timely manner, Heide adds. “This can be even more challenging in diverse cloud environments where different systems might not integrate well with each other, creating blind spots.”Many businesses lack the necessary expertise to effectively manage cloud security too, and this challenge is exacerbated in diverse cloud environments where different systems have unique security needs. “For example, securing an Amazon Web Services (AWS) environment requires different skills and knowledge compared to securing a Google Cloud Platform (GCP) environment,” Heide says.Threat detection and response integral to modern cloud securityAny product that aims to be a “one-stop shop” for all things cloud security needs to be able to handle detection and response workflows, Fernando Montenegro, senior principal analyst at Omdia, tells CSO. “This is one area that highlights the nuanced evolution of cloud security within organizations as well. For some, they will look to CNAPP to solve all things cloud, while other organizations will take their existing practices around security (be it network security, identity management) and expand them to cloud. There’s no one right answer, as it really depends on how the organization structures itself.” Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe