Sysdig, a cloud-based security company, claims to be the first to offer cloud detection and response (CDR) consolidation in its cloud-native application protection platform (CNAPP). This move allows the CNAPP to detect threats with full visibility across workloads, identities, cloud services, and third-party applications through 360-degree correlation. Sysdig uses Falco, a widely adopted open-source standard for cloud threat detection governed by the Cloud Native Computing Foundation. This standard is used in both agent and agentless deployment models.
Sysdig made this move because cloud adoption has grown significantly, resulting in sprawling applications, services, and identities that make it difficult to detect and respond to threats effectively. With numerous cloud assets potentially vulnerable, businesses and their security teams can face significant challenges when it comes to detecting and responding to threats. According to the Unit 42 Cloud Threat Report, Volume 7 report, security teams are taking an average of 145 hours to solve alerts, with 80% of cloud alerts triggered by just 5% of security rules across most environments. Thus, unpatched vulnerabilities pose significant threats to organizations that can be exacerbated by open-source software (OSS) and the scale of what companies need to manage in cloud environments.
In the recent press release, Sysdig’s CNAPP customers gain several benefits from the new threat detection and response features. Previously, to leverage Falco, organizations had to deploy it on their infrastructure. Still, now they can access an agentless deployment of Falco when processing cloud logs to detect threats, including cloud, identity, and the software supply chain, Sysdig said. Additionally, with new Sysdig Okta detections, security teams can have better protection against identity risks such as multi-factor authentication fatigue caused by spamming and account takeover. Meanwhile, new GitHub detections allow developers and security teams to be alerted in real-time of critical events.
From a response perspective, customers can use Sysdig Live to view their infrastructure and workloads’ relationships, accelerating incident response time. Additionally, Sysdig Process Tree uncovers attack journeys, including process lineage, container, and host information, malicious user details, and impact. Curated threat dashboards provide a centralized view of critical security problems, highlighting events across clouds, containers, Kubernetes, and hosts to enable threat prioritization in real-time. Sysdig also added that MITRE framework mapping helps security teams know what is happening across cloud-native environments.
Sean Heide, technical research director of Cloud Security Alliance (CSA), told CSO that effective cloud threat detection and response is a significant challenge for businesses operating in diverse cloud environments with multi-cloud complexity, visibility and control, and insufficient security expertise. These factors make it difficult to detect threats and respond to them in a timely manner, he added. Because businesses use multiple cloud services from different providers, each with their security controls and management tools, it leads to a complex security landscape where threats are hard to detect.
Additionally, companies often lack complete visibility into all their cloud resources, making it challenging to detect threats. This is even more difficult in diverse cloud environments where different systems do not integrate well with each other, creating blind spots. Lastly, many businesses lack the necessary expertise to manage cloud security effectively. This challenge is exacerbated in diverse cloud environments where different systems have unique security needs.
Fernando Montenegro, senior principal analyst at Omdia, said that any product that aims to be a “one-stop shop” for all things cloud security needs to be able to handle detection and response workflows. “This is one area that highlights the nuanced evolution of cloud security within organizations as well. There’s no one right answer, as it really depends on how the organization structures itself,” he said.