Powered by Falco, Sysdig identifies attacks in motion by correlating identity behavior with workload activity across private, hybrid, and public clouds
Sysdig, the leader in real-time cloud security, today announced the launch of Cloud Identity Insights, an expansion of its cloud detection and response (CDR) capabilities designed to correlate identity behaviour with workload activity and cloud resources. Cloud Identity Insights can instantly detect compromised identities, help contain them in real time, and leverage smart policy optimisation to prevent future breaches. This deep and broad coverage is made possible by the next generation of Sysdig’s proven enterprise-ready agent, launched today. This next-gen agent builds on the company’s lightweight instrumentation to use 50% fewer resources and is supported by both a universally compliant second-generation eBPF probe and open source Falco.
“Identity is the connective tissue between detection and prevention,” said Shantanu Gattani, Vice President of Product Management at Sysdig. “Quarantining compromised identities is critical for both containing attacks in motion and stopping them in the future, but with a 240% upsurge in human and machine identities over the last year [1], understanding which identities are compromised is a challenge in and of itself. Identity abuse informs everything from an immediate and targeted threat response to a comprehensive and effective Zero Trust cloud strategy – that’s exactly where we enable security teams with Cloud Identity Insights.”
Sysdig Cloud Identity Insights
When it comes to cloud attacks, nearly 40% of breaches start with exploited credentials [2] – this makes them the most common entry point for attackers. Cloud defenders, however, face a distinct lack of insight into identities, their associated behaviour, and their relation to other cloud activities. Identity insights are often decoupled from workloads, a fatal flaw that empowers attackers to stay hidden as they move quietly across the cloud.
Detect compromise in seconds to preempt attacks: Suspicious user activity is often the first indicator of a breach. Cloud Identity Insights immediately alerts users to reconnaissance actions and privileged user creation, often early indicators of a breach. By automatically correlating events to identities in real time, Sysdig enables teams to comply with the 555 Benchmark for cloud detection and response.
Contain compromised identities: Once a compromised account has been detected, security teams have seconds to contain it before the attack escalates. With Sysdig Cloud Identity Insights, teams can outpace attackers by swiftly prioritising and responding with suggested containment actions that range in severity from forced password resets to user deactivation or deletion.
Prevent future attacks: Each identity remediation gives security analysts the opportunity to prevent future identity abuse with insightful context. Cloud Identity Insights automatically recommends smart policy optimisation by evaluating the permissions exploited by a compromised account during the incident, and highlights the riskiest roles and users in the environment.
Expanded Coverage Across Private, Public, and Hybrid Clouds
Stopping unknown threats early in the attack chain requires comprehensive coverage across private and public clouds, as well as correlation between workloads, identities, platform as a service (PaaS), and cloud activity. With this new release, Sysdig is expanding its leadership in agent and agentless cloud-native application protection platform (CNAPP) instrumentation to help security teams detect and respond at cloud speed.
Gain universal compatibility with eBPF: Building on the company’s extensive contributions to eBPF, the universally compliant second-generation eBPF probe further simplifies deployment and gives organisations greater flexibility regarding where and how they develop cloud-native applications. This eBPF update offers extensive coverage of Linux and Windows hosts and Kubernetes nodes to deliver kernel-level visibility into workloads without cumbersome administrator privileges.
Scale confidently with the next-generation agent: Sysdig’s next-generation agent delivers the comprehensive visibility of a mature agent with the resource requirement of a lightweight sensor. It uses 50% fewer resources than the company’s already resource-light instrumentation while delivering real-time threat detection at the edge. Finally, it provides a unified agent experience across clusters and hosts, both in private cloud (OpenShift, VMware, etc.) and public cloud environments, providing comprehensive protection from uncovering vulnerabilities to identifying live attacks.
Unify threat detection with Falco: With this new release, Sysdig extends Falco to assess cloud and PaaS activity along with host, container, and Kubernetes activity. This unifies threat detection in a single language and allows defenders to spot sophisticated attacks that originate outside the customer’s cloud and ultimately make their way into the cloud estate.