Boost Detection and Response with Cybereason and Sysdig

By Durgesh Shukla - AUGUST 9, 2023


Why is traditional EDR not enough?

The Gartner 2021 Hype Cycle for Cloud reports 99% of breaches start with cloud misconfigurations. Thus, having a philosophy of protecting just traditional endpoints – servers, laptops, desktop PCs, and mobile devices – with EDR (Endpoint Detection and Response) software is not enough. Sysdig has teamed up with multiple security organizations in the cloud security ecosystem to offer comprehensive security solutions. Cybereason, one of the top XDR (Extended Detection and Response) players in the market, is now planning to integrate Sysdig’s Cloud Threat Detections powered by Runtime Insights. 

What are the highlights of this planned integration?

Here are some highlights of the integration planned to be generally available before the end of 2023:

  • Sysdig’s Cloud Detection and Response module (powered by Falco open source software) generates alerts and warns about suspicious events. These events also include additional context from runtime insights that will then be pulled by Cybereason’s XDR.
  • Cybereason XDR will further enrich and correlate these signals against Endpoint, Identity, Network, and Cloud data sources.
  • This will allow their joint customers to identify broader Malicious Operations (MalOps) and provide automatic response recommendations.
  • Early access customers are to be supported by the Cybereason XDR product team.

This integration will become a part of Cybereason’s Open XDR initiative to include broader and diverse sources, as well as Sysdig’s push to provide its runtime insights for cloud/containers across to other detection and response partners. This partnership will further deepen Sysdig’s commitment to bring its deep CDR expertize to other organizations within the ecosystem.

Register for the Cybereason-Sysdig webinar on 20th Sep to see the integration in action:

What is the focus of this integration?

Important Cloud Detection and Response events identified by Sysdig will be transmitted to the Cybereason XDR (it will pull these from the Sysdig API). Cybereason XDR will ingest and then display this information as a part of its “Suspicious Events.” These events are to be further correlated with activity from Endpoint, Network, Identity, and Cloud data sources within Cybereason. 

High-priority threats, known as Malicious Operations (MalOps), are expected to be displayed as visual attack stories, complete with Response Recommendations and triage from the 24/7 Cybereason Managed Detection and Response team.

Below is an example of a spear-phishing attack visualized within Cybereason with data from Sysdig about compromised AWS Cloud accounts. In this scenario, Sysdig will alert Cybereason that disallowed users for AWS have elevated their privileges. Then Cybereason will be able to correlate whether these users did anomalous login and may have had the AWS account credential compromised via a spear-phishing attack.

What are the potential benefits of the integration?

Based on the pilot phase of the integration, here are some of the potential benefits of this integration that we wish to highlight to cloud security practitioners:

  1. Increased visibility into security risks from cloud and containers – Cloud native applications’ extra complexity generates blind spots that require specialized insight.
  2. Improved ability to detect and respond to threats – There is projected to be a significant reduction in mean time to detect (MTTD) and mean time to resolve (MTTR) for threats originating in the cloud.
  3. Increased efficiency and productivity.

What does the future roadmap of the partnership look like?

This integration will be a significant development in the Sysdig-Cybereason partnership. By combining their strengths, the idea is to create a solution that will help customers better protect their cloud environments.

Also, starting next year, there are plans to offer Cybereason’s Managed Detection and Response services to our joint Sysdig Secure-Cybereason XDR customers in certain geographically strategic regions. 

Additional Reading

Cybereason’s blog for the partnership announcement

Visit the Sysdig Booth (1350) for Blackhat 2023:

  • Join the in-person Cybereason-Sysdig demo at 3 pm PST on August 9th!

Join us at the Cybereason-Sysdig webinar 20th September

Roadmap Disclaimer

This document contains forward-looking statements. All information relating to the product roadmap and/or future functionality/capabilities is provided solely as a non-binding expression of the present intent and is not and should not be deemed to constitute any form of commitment, promise or legal obligation to develop,  offer or deliver any product, upgrade, enhancement, software, hardware, documentation or functionality whatsoever.  The development (if any), release (if any) and timing of any feature or functionality is and will remain at the Parties’ sole and absolute discretion.

Subscribe and get the latest updates