Data Notebook Company Supports Compliance and Shuts Down Advanced Attacks With a Single Solution

Company Overview

With a simple mission to make data accessible, usable, and valuable to everyone, this company’s cloud-based collaborative data notebook blends business intelligence, project management, and AI-driven analytics.

To that end, the platform is incredibly versatile, supporting no-code visualization and data exploration while also allowing businesses to execute their own code in languages such as SQL, R, and Python.

Solutions

Stopping Cryptomining Dead in its Tracks

“The first few weeks were kind of low impact for us,” the DevOps team lead said. “We saw a few cryptominers that occasionally ran kernels for a few hours, so we created some basic monitors. At the time, it was easy for us to manually terminate malicious containers.”

Unfortunately, that soon changed. As the company grew more popular, cryptomining activity on the platform increased exponentially.

“We went from three or four malicious users per week to more than 60 per day,” she said. “Identifying and blocking them became a full-time job for my team, and we eventually needed a dedicated person to terminate crypto pods. Worse, by the time we investigated and terminated one malicious container, 10 more took its place – it was a never-ending game of whack-a-mole.”

The company couldn’t afford to allow cryptomining to tank performance for their users – doing so could potentially cost the company tens of thousands of dollars. At the same time, they couldn’t risk killing legitimate containers with false positives.

With the recent onboarding of Sysdig, Rodriguez and her team configured the Sysdig platform with a set of cryptojacking-focused rules and policies. Less than a week later, all cryptomining activity on the platform had ceased.

“We were impressed with how effective Sysdig’s rules were for detection,” the DevOps engineer said. “Our team worked very well with the Sysdig Threat Research Team, sharing insights as cryptominers kept trying to fly under the radar. I think we even discovered some new attack methods at one point.”

Preventing Exploits at Any Scale

When the company released a ChatGPT plugin, they experienced a massive influx of new users. Anticipating that such growth would result in renewed cryptomining activity, they braced themselves for a flood of attacks. However, it proved a non-issue — the organization didn’t even need to adjust its policies.

“We experienced a 20% increase in users nearly overnight and expected a surge in cryptomining activity – thanks to Sysdig, that suge never occurred,” the DevOps engineer said. “The same rules and policies we originally implemented continued to work as expected. They scaled up with no impact to our platform, which was really amazing.”

A Partnership Built on Trust and Support

When the company first approached Sysdig, their use case was relatively straightforward. They needed to support their SOC 2 compliance efforts with audit logging, policy management, and vulnerability scanning.

Since leveraging Sysdig to address cryptojacking, the company was delighted to discover the additional benefits of working closely with Sysdig’s team.

“Cloud security and compliance are incredibly challenging without dedicated in-house professionals – but Sysdig has made it easy for us to elevate our DevOps team into handling both,” the team lead said. “Container security, vulnerability scanning, audit logging, and runtime security are now routine tasks with minimal impact on the team’s workload.”