Sysdig continues its legacy of industry-leading cloud security powered by runtime insights with its recent announcement of end-to-end detection and response embedded in its Cloud-Native Application Protection Platform (CNAPP).
This announcement makes Sysdig the first vendor to consolidate cloud detection and response (CDR) and CNAPP, leveraging open source Falco in both agent and agentless deployment models. As a result, Sysdig is the only CNAPP platform that can immediately detect threats anywhere in the cloud with 360-degree visibility and correlation across identities, workloads, cloud services, and third-party applications.
Enterprises migrating to cloud environments can face sprawl, with hundreds of unchecked and potentially vulnerable identities, services, and applications. Cloud security tools tend to be slow to recognize and flag suspicious behavior, and upon being alerted, it can take security teams hours, or even days, to comb through snapshots and put together a comprehensive report. This gives bad actors plenty of time to cause havoc or steal secrets, with some enterprises being none the wiser.
CDR Embedded in CNAPP
The new offering gives teams a CNAPP that instantly and continuously understand the full context of the entire cloud environment. By consolidating CDR and CNAPP, Sysdig offers teams a single platform that understands the entire application life cycle, centers the application, and consolidates security tools around it. Through the use of runtime insights, which offers teams knowledge about what is in use at production, Sysdig empowers teams to make better-informed decisions across the application life cycle.
End-to-End Threat Detection to Immediately Remediate Breaches
Agentless cloud detection: Enterprises can reap the benefits of agentless cloud detection in CNAPP based on Falco. Falco is an open-source project created by Sysdig for cloud threat detection, which has been brought under the Cloud Native Computing Foundation. Previously, organizations had to deploy Falco on their infrastructure to leverage its power within Sysdig. The new release gives customers access to an agentless deployment of Falco when processing cloud logs, which detect threats across a variety of sources, including cloud, identity, and the software supply chain.
Identity threat detection: New Sysdig Okta detections empower security teams to mitigate identity attacks, such as multifactor authentication fatigue caused by spamming and account takeover. Sysdig details the entire breach from user to impact by combining Okta events with real-time cloud and container activity.
Software supply chain detection: New Sysdig GitHub detections cover the software supply chain, alerting developers and security teams in real time of critical events, such as when a secret is pushed into a repository.
Improved Drift Control: Common runtime attacks can be prevented by dynamically blocking executables that were not in the original container.
Faster Real-Time Cloud Investigations and Incident Response
Live mapping: Sysdig offers an endpoint detection and response (EDR)-like approach of assembling all relevant real-time events into one view after an attack. Kubernetes Live allows teams to dynamically see their live infrastructure and workloads, as well as the relationships between them, to accelerate incident response.
Attack lineage with context: Sysdig Process Tree provides rapid identification and eradication of threats by describing the attack journey from user to process, including process lineage, malicious user details, container and host information, and impact.
Curated threat dashboards: Dashboards offer a centralized view of critical security issues, highlighting events across clouds, hosts, containers, and Kubernetes to enable the prioritization of threats in real time. Sysdig also offers dynamic mapping against the MITRE framework for cloud-native environments, giving security teams insight into what is happening at any given moment.
“In the cloud, everything happens fast. Time is of the essence when stopping attacks. Breaches can be very costly,” says Karl Maire, Platform Tech Team Lead at Fuel50, a Sysdig customer. “Sysdig enables us to quickly detect and respond to cloud attacks at cloud speed by knowing what is happening, the exact container or location in the cloud, and what is causing it, versus hours to detect and understand what needs to be done.”