As the Need for Real-Time CDR Grows, Sysdig Launches Cloud Identity Insights to Stop Attacks at the First Sign of Compromise

AUGUST 7, 2024

SHARE:

Facebook logo LinkedIn logo X (formerly Twitter) logo

Powered by Falco, Sysdig identifies attacks in motion by correlating identity behavior with workload activity across private, hybrid, and public clouds


Black Hat USA, LAS VEGAS – Aug. 7, 2024 – Sysdig, the leader in real-time cloud security, today announced the launch of Cloud Identity Insights, an expansion of its cloud detection and response (CDR) capabilities designed to correlate identity behavior with workload activity and cloud resources. Cloud Identity Insights can instantly detect compromised identities, help contain them in real time, and leverage smart policy optimization to prevent future breaches. This deep and broad coverage is made possible by the next generation of Sysdig’s proven enterprise-ready agent, launched today. This next-gen agent builds on the company’s lightweight instrumentation to use 50% fewer resources and is supported by both a universally compliant second-generation eBPF probe and open source Falco. 


“Identity is the connective tissue between detection and prevention,” said Shantanu Gattani, Vice President of Product Management at Sysdig. “Quarantining compromised identities is critical for both containing attacks in motion and stopping them in the future, but with a 240% upsurge in human and machine identities over the last year [1], understanding which identities are compromised is a challenge in and of itself. Identity abuse informs everything from an immediate and targeted threat response to a comprehensive and effective Zero Trust cloud strategy – that’s exactly where we enable security teams with Cloud Identity Insights.”

Sysdig Cloud Identity Insights

When it comes to cloud attacks, nearly 40% of breaches start with exploited credentials [2] – this makes them the most common entry point for attackers. Cloud defenders, however, face a distinct lack of insight into identities, their associated behavior, and their relation to other cloud activities. Identity insights are often decoupled from workloads, a fatal flaw that empowers attackers to stay hidden as they move quietly across the cloud.

  • Detect compromise in seconds to preempt attacks: Suspicious user activity is often the first indicator of a breach. Cloud Identity Insights immediately alerts users to reconnaissance actions and privileged user creation, often early indicators of a breach. By automatically correlating events to identities in real time, Sysdig enables teams to comply with the 555 Benchmark for cloud detection and response
  • Contain compromised identities: Once a compromised account has been detected, security teams have seconds to contain it before the attack escalates. With Sysdig Cloud Identity Insights, teams can outpace attackers by swiftly prioritizing and responding with suggested containment actions that range in severity from forced password resets to user deactivation or deletion.
  • Prevent future attacks: Each identity remediation gives security analysts the opportunity to prevent future identity abuse with insightful context. Cloud Identity Insights automatically recommends smart policy optimization by evaluating the permissions exploited by a compromised account during the incident, and highlights the riskiest roles and users in the environment.

 

    Expanded Coverage Across Private, Public, and Hybrid Clouds

    Stopping unknown threats early in the attack chain requires comprehensive coverage across private and public clouds, as well as correlation between workloads, identities, platform as a service (PaaS), and cloud activity. With this new release, Sysdig is expanding its leadership in agent and agentless cloud-native application protection platform (CNAPP) instrumentation to help security teams detect and respond at cloud speed. 

    • Gain universal compatibility with eBPF: Building on the company’s extensive contributions to eBPF, the universally compliant second-generation eBPF probe further simplifies deployment and gives organizations greater flexibility regarding where and how they develop cloud-native applications. This eBPF update offers extensive coverage of Linux and Windows hosts and Kubernetes nodes to deliver kernel-level visibility into workloads without cumbersome administrator privileges.
    • Scale confidently with the next-generation agent: Sysdig’s next-generation agent delivers the comprehensive visibility of a mature agent with the resource requirement of a lightweight sensor. It uses 50% fewer resources than the company’s already resource-light instrumentation while delivering real-time threat detection at the edge. Finally, it provides a unified agent experience across clusters and hosts, both in private cloud (OpenShift, VMware, etc.) and public cloud environments, providing comprehensive protection from uncovering vulnerabilities to identifying live attacks.
    • Unify threat detection with Falco: With this new release, Sysdig extends Falco to assess cloud and PaaS activity along with host, container, and Kubernetes activity. This unifies threat detection in a single language and allows defenders to spot sophisticated attacks that originate outside the customer’s cloud and ultimately make their way into the cloud estate.

     

    Cloud Identity Insights and all mentioned features are available now. Interested customers should reach out to their Sysdig representative to learn more.

     

    Resources


      [1] CyberArk, “
      2023 Identity Security Threat Landscape Report,” June 2023.
      [2] Verizon Business, “2024 Data Breach Investigations Report,” April 2024.


      Media Contact


      Damon Weinhold
      [email protected]
      +1 (415) 873-4772

       


      Sysdig Logo

      In the cloud, every second counts. Attacks unfold in minutes and security teams must protect the business without slowing it down. Sysdig, the leader and outperformer in the “2024 GigaOm Radar for Cloud-Native Application Protection Platforms (CNAPPs),” stops cloud attacks in seconds and instantly detects changes in risk with real-time insights and open source Falco. Sysdig Sage™, the industry’s first AI cloud security analyst, uplevels human response and enables security, developers, and DevOps to work together, faster. By correlating signals across cloud workloads, identities, and services, Sysdig uncovers hidden attack paths and prioritizes real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation.

      Sysdig. Secure Every Second.