Sysdig has unveiled a cloud detection and response (CDR) powered by machine learning to combat cryptojacking.
In addition, Sysdig's threat engine and detection algorithms block cryptojacking in the cloud with 99% precision.
Cryptojacking is the unauthorised use of another person's computing resources to mine cryptocurrency.
Further, the Google Cloud Threat Horizons Report notes that 86% of compromised Google Cloud instances were used for cryptocurrency mining.
Cryptojackers carry out their activity through low-and-slow attack techniques to mask what they are doing, so those impacted do not realise it until they receive their cloud bill.
For this reason, the financial impact increases the longer cryptojacking goes undetected, so time is of vital importance.
Although the average increase in a monthly bill varies by report, it is easily possible for cryptojackers to generate a bill between $100,000 and $500,000 in a single month.
Moreover, the attack patterns and detection techniques are fundamentally different and require different approaches, even though the cloud and on-premises security challenges may seem similar.
Traditional tools don't have the necessary visibility into container environments and the range of coverage required to identify threats and anomalous behaviour at runtime.
By implementing a multi-layered approach, including curated rules and machine learning, complex threats in cloud environments can be more robustly addressed.
Teams also require machine learning algorithms trained and tuned to instantly identify cryptocurrency mining patterns to prevent unexpected cloud fees, which can cause significant financial trouble for a company.
Benefits of Sysdig Machine Learning-Powered Cloud Detection and Response include:
Blocking cryptominers with 99% precision
Sysdig Secure machine learning is trained to detect cryptominers automatically, and highly precise and continually evolving algorithms keep the model up-to-date, even as new cryptojackers come into play, significantly reducing false positives.
Preventing unexpected costs
Sysdig notes that early detection is the only way to avoid considerable cryptojacking bills and reputation damage resulting from an attack.
Because of this, its new offering can detect behaviour patterns even if the cryptominer slowly increases their use of cloud resources.
Strengthening security with a multi-layered approach to cloud detection and response
The company also notes that multiple protection layers are needed in order to protect an organisation effectively in the current threat landscape.
Sysdig has implemented threat detection using machine learning to complement a rules-based approach based on Falco. The offering also comes with out-of-the-box policies curated by the Sysdig Threat Research Team that are easy to customise to get the best coverage. Further, defence techniques, such as profiling, comprehensive indicators of compromise (IOCs), and Drift Control strengthen security.
“Machine learning is not a silver bullet for detecting threats. Many vendors throw around ‘ML' quite loosely for solutions that are not true machine learning,” Sysdig engineering vice president Omer Azaria says.
“Cryptojacking is a specific use case where machine learning provides effective detection.
“Sysdig developed an ML algorithm that is specifically tuned to detect cryptojacking before your cloud bill skyrockets.
Sysdig Secure customers have access to the machine learning-powered threat detection now, and for new customers, it is included in Sysdig Secure at no additional cost.