As the Need for Real-Time CDR Grows, Sysdig Launches Cloud Identity Insights to Stop Attacks at the First Sign of Compromise
August 07 2024 - 10:00AM
Business Wire
Powered by Falco, Sysdig identifies attacks in
motion by correlating identity behavior with workload activity
across private, hybrid, and public clouds
Black Hat USA – Sysdig, the leader in real-time cloud
security, today announced the launch of Cloud Identity Insights, an
expansion of its cloud detection and response (CDR) capabilities
designed to correlate identity behavior with workload activity and
cloud resources. Cloud Identity Insights can instantly detect
compromised identities, help contain them in real time, and
leverage smart policy optimization to prevent future breaches. This
deep and broad coverage is made possible by the next generation of
Sysdig’s proven enterprise-ready agent, launched today. This
next-gen agent builds on the company’s lightweight instrumentation
to use 50% fewer resources and is supported by both a universally
compliant second-generation eBPF probe and open source Falco.
“Identity is the connective tissue between detection and
prevention,” said Shantanu Gattani, Vice President of Product
Management at Sysdig. “Quarantining compromised identities is
critical for both containing attacks in motion and stopping them in
the future, but with a 240% upsurge in human and machine identities
over the last year [1], understanding which identities are
compromised is a challenge in and of itself. Identity abuse informs
everything from an immediate and targeted threat response to a
comprehensive and effective Zero Trust cloud strategy – that’s
exactly where we enable security teams with Cloud Identity
Insights.”
Sysdig Cloud Identity Insights
When it comes to cloud attacks, nearly 40% of breaches start
with exploited credentials [2] – this makes them the most common
entry point for attackers. Cloud defenders, however, face a
distinct lack of insight into identities, their associated
behavior, and their relation to other cloud activities. Identity
insights are often decoupled from workloads, a fatal flaw that
empowers attackers to stay hidden as they move quietly across the
cloud.
- Detect compromise in seconds to preempt attacks:
Suspicious user activity is often the first indicator of a breach.
Cloud Identity Insights immediately alerts users to reconnaissance
actions and privileged user creation, often early indicators of a
breach. By automatically correlating events to identities in real
time, Sysdig enables teams to comply with the 555 Benchmark for
cloud detection and response.
- Contain compromised identities: Once a compromised
account has been detected, security teams have seconds to contain
it before the attack escalates. With Sysdig Cloud Identity
Insights, teams can outpace attackers by swiftly prioritizing and
responding with suggested containment actions that range in
severity from forced password resets to user deactivation or
deletion.
- Prevent future attacks: Each identity remediation gives
security analysts the opportunity to prevent future identity abuse
with insightful context. Cloud Identity Insights automatically
recommends smart policy optimization by evaluating the permissions
exploited by a compromised account during the incident, and
highlights the riskiest roles and users in the environment.
Expanded Coverage Across Private, Public, and Hybrid Clouds
Stopping unknown threats early in the attack chain requires
comprehensive coverage across private and public clouds, as well as
correlation between workloads, identities, platform as a service
(PaaS), and cloud activity. With this new release, Sysdig is
expanding its leadership in agent and agentless cloud-native
application protection platform (CNAPP) instrumentation to help
security teams detect and respond at cloud speed.
- Gain universal compatibility with eBPF: Building on the
company’s extensive contributions to eBPF, the universally
compliant second-generation eBPF probe further simplifies
deployment and gives organizations greater flexibility regarding
where and how they develop cloud-native applications. This eBPF
update offers extensive coverage of Linux and Windows hosts and
Kubernetes nodes to deliver kernel-level visibility into workloads
without cumbersome administrator privileges.
- Scale confidently with the next-generation agent:
Sysdig’s next-generation agent delivers the comprehensive
visibility of a mature agent with the resource requirement of a
lightweight sensor. It uses 50% fewer resources than the company’s
already resource-light instrumentation while delivering real-time
threat detection at the edge. Finally, it provides a unified agent
experience across clusters and hosts, both in private cloud
(OpenShift, VMware, etc.) and public cloud environments, providing
comprehensive protection from uncovering vulnerabilities to
identifying live attacks.
- Unify threat detection with Falco: With this new
release, Sysdig extends Falco to assess cloud and PaaS activity
along with host, container, and Kubernetes activity. This unifies
threat detection in a single language and allows defenders to spot
sophisticated attacks that originate outside the customer’s cloud
and ultimately make their way into the cloud estate.
Cloud Identity Insights and all mentioned features are available
now. Interested customers should reach out to their Sysdig
representative to learn more.
Resources
- Read “Introducing Cloud Identity Insights for Sysdig
Secure.”
- Learn about “Evolving Cloud Security: Why Identity Infused CDR
is the Key.”
- Explore the “2024 Gartner® CNAPP Market Guide.”
[1] CyberArk, “2023 Identity Security Threat Landscape Report,”
June 2023. [2] Verizon Business, “2024 Data Breach Investigations
Report,” April 2024.
About Sysdig
In the cloud, every second counts. Attacks move at warp speed,
and security teams must protect the business without slowing it
down. Sysdig stops cloud attacks in real time, instantly detecting
changes in risk with runtime insights and open source Falco.
Sysdig, rated No. 1 for cloud security posture management (CSPM) in
the Gartner Peer Insights “Voice of a Customer” report, correlates
signals across cloud workloads, identities, and services to uncover
hidden attack paths and prioritize real risk. From prevention to
defense, Sysdig helps enterprises focus on what matters:
innovation.
Sysdig. Secure Every Second.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240807487761/en/
Damon Weinhold damon.weinhold@sysdig.com +1 (415) 873-4772