Sysdig report – container images have high risk of vulnerability

Looking at real-world data, the sixth annual report reveals how global companies of all sizes and industries are using and securing cloud and container environments. The data sets cover billions of containers, thousands of cloud accounts, and hundreds of thousands of applications that Sysdig customers operated over the course of the last year.

Report highlights
87% of container images have high or critical vulnerabilities: Due to the nature of modern design and the sharing of open source images, security teams face a large number of container vulnerabilities. The reality is that teams cannot fix everything, and they struggle with finding the right parameters to prioritise vulnerabilities and scale down their workload.

Giving teams hope, the report also found that only 15% of critical and high vulnerabilities with an available fix are in packages loaded at runtime. By filtering on those vulnerable packages that are actually in use, organisational teams can focus their efforts on a smaller fraction of the fixable vulnerabilities that represent true risk. Reducing the number of vulnerabilities by 85% down to 15% provides a more actionable number for cybersecurity teams.

90% of granted permissions are not used: Zero trust architecture principles stress that organisations should avoid granting overly permissive access. Data from the report shows that 90% of permissions are unused. If attackers compromise credentials from identities with privileged access or excessive permissions, they have the keys to the kingdom in a cloud environment.

59% of containers have no CPU limits defined, and 69% of requested CPU resources go unused: Without utilisation information for Kubernetes environments, developers are blind to where their cloud resources are over or under-allocated. Organisations of all sizes could be overspending by 40%, and for large deployments, optimising an environment could save an average of $10 million on cloud consumption bills.

72% of containers live less than five minutes: Gathering troubleshooting information after a container is gone is nearly impossible, and the life of a container got shorter this year by 28%. This decrease speaks to organisations maturing in their use of container orchestration, and reinforces the need for security that can keep pace with the ephemeral nature of the cloud.

“Looking back at last year’s report, container adoption continues to mature, which is evident by the decrease in container life spans. However, misconfigurations and vulnerabilities continue to plague cloud environments, and supply chains are amplifying how security problems manifest. Permissions management, for users and services alike, is another area I’d love to see people get stricter about,” said Michael Isbitski, director of cybersecurity strategy at Sysdig. “This year’s report shows great growth and also outlines best practices that I hope teams adopt by the 2024 report, such as looking at in-use exposure to understand real risk, and to prioritise the remediation of vulnerabilities that are truly impactful.”