Sysdig creates industry-first detection and response feature in cloud-native platform

The new offering introduces agentless cloud detection based on open source Falco, extending CDR beyond workload agents to Cloud, GitHub, and Okta logs 

 Sysdig an industry leader in cloud security and powered by runtime insights, has announced end-to-end detection and response embedded in its CNAPP.

The company is the first vendor to deliver the consolidation of cloud detection and response (CDR) and Cloud-Native Application Protection Platforms (CNAPP), leveraging the power of open source Falco in both agent and agentless deployment models.

This approach enables Sysdig to be the only CNAPP platform that can detect threats instantly anywhere in the cloud with 360-degree visibility and correlation across workloads, identities, cloud services, and third-party applications.

“Due to the nature of our product, Noteable is a target for crypto-jacking attacks. Sysdig is the best at cloud detection and response. They are the only vendor that provides a complete platform with multiple defense layers to detect abnormal activity in real time and surface appropriate context so that we understand the possible impact and can respond quickly,” said Pierre Brunelle, CEO at Noteable.

The company explains: As organisations build out their cloud environments, they face sprawl, with hundreds of unchecked and potentially vulnerable applications, services, and identities. Most cloud security tools are slow to identify suspicious behaviour, and once alerted organisations can spend hours, if not days, combing through snapshots trying to piecemeal together what happened. It is a best-case scenario for bad actors, gifting them hours or even days to inflict maximum damage – and the organisation might never know what happened.

Teams need a CNAPP that instantly and continuously understands the full context of the entire environment. With today’s announcement, Sysdig is consolidating CDR and CNAPP, giving teams a single platform that understands the entire application life cycle, puts the application at the centre, and consolidates security tools around it. Using its runtime insights – knowledge of what is in use at production – Sysdig makes better-informed decisions across the software life cycle.

“In the cloud, everything happens fast. Time is of the essence when stopping attacks. Breaches can be very costly. Sysdig enables us to quickly detect and respond to cloud attacks at cloud speed by knowing what is happening, the exact container or location in the cloud, and what is causing it, versus hours to detect and understand what needs to be done,” said Karl Maire, Platform Tech Team Lead at Fuel50.

Stop Breaches Instantly with End-to-End Threat Detection

  • Agentless cloud detection based on Falco: Created by Sysdig, Falco is a widely adopted open source solution for cloud threat detection, now under the stewardship of the Cloud Native Computing Foundation.Previously, to leverage the power of Falco within Sysdig, organisations had to deploy Falco on their infrastructure. With the release today, customers can access an agentless deployment of Falco when processing cloud logs, which are used to detect threats across cloud, identity, and the software supply chain, along with other sources.
  • Identity threat detection: With new Sysdig Okta detections, security teams can protect against identity attacks, such as multifactor authentication fatigue caused by spamming and account takeover. Sysdig details the entire attack from user to impact by stitching Okta events with real-time cloud and container activity.
  • Software supply chain detection: Extend threat detection into the software supply chain with new Sysdig GitHub detections. Developers and security teams can be alerted in real time of critical events, such as when a secret is pushed into a repository.
  • Enhanced Drift Control: Prevent common runtime attacks by dynamically blocking executables that were not in the original container.

 Accelerate Cloud Investigations and Incident Response in Real Time

  • Live mapping: Sysdig brings an endpoint detection and response (EDR)-like approach of assembling all relevant real-time events into one view when a breach occurs. With Kubernetes Live, teams can dynamically see their live infrastructure and workloads, as well as the relationships between them, to speed incident response.
  • Attack lineage with context: Sysdig Process Tree enables the rapid identification and eradication of threats by unveiling the attack journey from user to process, including process lineage, container and host information, malicious user details, and impact.
  • Curated threat dashboards: Dashboards provide a centralised view of critical security issues, spotlighting events across clouds, containers, Kubernetes, and hosts to enable threat prioritisation in real time. Sysdig also provides dynamic mapping against the MITRE framework for cloud-native environments, so security teams know exactly what is happening at any given moment.