Sysdig, a cloud security platform powered by runtime insights, announces end-to-end detection and response embedded in its CNAPP.
The company is the first vendor to deliver the consolidation of cloud detection and response (CDR) and Cloud-Native Application Protection Platforms (CNAPP), leveraging the power of open-source Falco in both agent and agentless deployment models.
This approach enables Sysdig to be the only CNAPP platform that can detect threats instantly anywhere in the cloud with 360-degree visibility and correlation across workloads, identities, cloud services, and third-party applications.
With the announcement, Sysdig is consolidating CDR and CNAPP, giving teams a single platform that understands the entire application life cycle, puts the application at the centre, and consolidates security tools around it.
Using its runtime insights (knowledge of what is in use at production), Sysdig makes highly-informed decisions across the software life cycle.
Noteable end-to-end threat detection features include:
- Agentless cloud detection based on Falco: Created by Sysdig, Falco is an open-source solution for cloud threat detection, now under the stewardship of the Cloud Native Computing Foundation. Previously, to leverage the power of Falco within Sysdig, organisations had to deploy Falco on their infrastructure. With the release today, customers can access an agentless deployment of Falco when processing cloud logs, which are used to detect threats across cloud, identity, software supply chain, and other sources.
- Identity threat detection: With new Sysdig Okta detections, security teams can protect against identity attacks, such as multifactor authentication fatigue caused by spamming and account takeover. Sysdig details the attack from user to impact by stitching Okta events with real-time cloud and container activity.
- Software supply chain detection: Extend threat detection into the software supply chain with new Sysdig GitHub detections. Developers and security teams can be alerted in real-time of critical events, such as when a secret is pushed into a repository.
- Enhanced Drift Control: Prevent common runtime attacks by dynamically blocking executables not in the original container.
Features to accelerate cloud investigations and incident response in real time include:
- Live mapping: With Kubernetes Live, teams can dynamically see their live infrastructure and workloads, as well as the relationships between them, to speed up incident response.
- Attack lineage with context: Sysdig Process Tree enables the rapid identification and eradication of threats by unveiling the attack journey from user to process, including process lineage, container and host information, malicious user details, and impact.
- Curated threat dashboards: Dashboards provide a centralised view of critical security issues, spotlighting events across clouds, containers, Kubernetes, and hosts to enable threat prioritisation in real-time. Sysdig also provides mapping against the MITRE framework for cloud-native environments so security teams know what is happening at any moment.
Pierre Brunelle, CEO, Noteable, says: "Due to the nature of our product, Notable is a target for crypto-jacking attacks. Sysdig is the best at cloud detection and response.”
“They are the only vendor that provides a complete platform with multiple defense layers to detect abnormal activity in real time and surface appropriate context so that we understand the possible impact and can respond quickly.”
Karl Maire, Platform Tech Team Lead, Fuel50, adds: "In the cloud, everything happens fast. Time is of the essence when stopping attacks. Breaches can be very costly."
"Sysdig enables us to quickly detect and respond to cloud attacks at cloud speed by knowing what is happening, the exact container or location in the cloud, and what is causing it, versus hours to detect and understand what needs to be done," says Brunelle.