from 350 to 17
- Deprioritized 95% of vulnerabilities with a single click
- Enabled vulnerability management to go from a week to <10 minutes
- Cut time spent on security reviews by 80%
- Empowered engineers with a single view of risk
Recognized as a leader for managed detection and response (MDR) services, this software-as-a-service (SaaS) company helps customers detect, investigate, hunt, and respond to threats, as well as remediate its clients’ digital environments. In short, it does the heavy security lifting so its customers don’t have to.
The concept of balancing people, processes, and technology in a security program isn’t secret, but finding a mix that is cost-effective and security-effective is elusive for many organizations. It’s helped this security operations provider prioritize vulnerabilities and manage compliance so its team can focus on revenue-producing work.
“We see it as our job to help our clients better utilize the security technology that they’ve already purchased by integrating it with our technology through APIs,” said the Director of Information Security. “We deploy the platform into a secure instance within our cloud infrastructure, built using Google Cloud, and provide 24-7 support to our clients.”
It all begins with proper alignment between people, processes, and tools. “A lot of what we do is consulting to walk clients through their own infrastructure,” added the Director. “We want to know: Are they thinking about the right things within security? Do they have the right people and tools? That’s where we shine.”
As a result, the organization has collected libraries of insights from its customers and established itself as a center of excellence for security best practices.
Strengthening the Software Supply Chain
In 2021, the organization put forward an initiative to help ensure its software supply chain was more secure. This initiative refocused the company on what’s most important to its clients — primarily, vulnerability management and vulnerability remediation.
“We needed to have a better picture of what vulnerabilities were in the images we were using,” said the Information Security Leader. “We wanted to know where they are in use, how many are out there, and what cluster they are in. We also needed a way to set up rules to manage all of the possible situations we might face. The goal is to get a top-to-bottom view and assessment of our clients’ infrastructure to identify the key vulnerabilities that could impact our clients most.”
Previously, the company had a container security solution in place; however, despite the vast knowledge held by the team, the technology was too unwieldy to be integrated into its workbench. If the organization couldn’t get value from the prior solution, it knew that it needed to make a change.
Flexibility With an Open-Standards Based Solution
Understanding that the underpinnings of the Sysdig platform architecture were built on open source tools, including Falco, made the decision easy. “We are big proponents of leveraging open source technology within our workbench,” said the Director. “In addition to tapping into our own vast library of knowledge, we can tap into the knowledge of the Falco community to deliver stronger security solutions to our customers.”
They continued, ”When we were onboarding, Sysdig’s open source roots shined through as the documentation around the solution was excellent, cutting our deployment time to only a few weeks. This complemented the fantastic support we got from the Sysdig team, helping us through any adoption challenges as they arose.”
Vulnerability Investigations Cut From a Week to ~5 Minutes
Prior to adopting Sysdig, identifying, managing, and remediating vulnerabilities was a very manual process for this security team.
“In the past, an investigation could take up to a week. With Sysdig, it’s a five-to-10-minute job. Before, we would have to look across all repositories, connect to each, and manually review the open source dependencies,” explained the Director. “And even then, we might not have a clear picture because it’s not always the first-level dependencies that are problematic. The reality is, we probably would end up not being as thorough, but not because we aren’t concerned. The time investment would be monumental going through every single base image, searching for every linked dependency.”
“We have thousands of running containers and hundreds of different applications running in our Kubernetes cluster, and that’s just the beginning,” they continued. “We had to follow the same manual search of every vendor and tool we use, find out what their base images are, and comb through them. It took a significant amount of time. And even then, we’d have a low level of confidence when done.”
When the Log4j flaw was announced in late 2021, every company operating in the cloud was concerned over the impact to their environment. With Sysdig Secure, organizations were able to quickly scan their containers for impacted images and discern their risk in less than five minutes. “Providing this level of reassurance would have been impossible without Sysdig,” concluded the Director.
95% of Non-Impacting Vulnerabilities Deprioritized With a Single Click
“It’s common knowledge that without prioritization, a container security tool will identify a massive number of vulnerabilities. Risk Spotlight from Sysdig identifies the items with the highest risk by focusing on packages used at runtime. We can then prioritize, eliminating the most critical issues first and saving the others for when there is time,” said the Director.
In addition, they stated, “I really love Risk Spotlight, it’s incredibly useful. I look at it pretty much every day. Earlier today, I looked at one container image, and it had 345 vulnerabilities. I toggled the ‘in use view’ and that brought down the vulnerabilities to 60 by identifying the vulnerabilities that were manifesting at runtime. Four-fifths of the vulnerabilities aren’t an immediate risk. That massively changes our workload security posture and where we focus. Prioritizing further, if I wanted to look at just the critical issues that have known exploits, it cuts it down to 17.”
Sysdig Reduces the Pain of Compliance Audits
Responsible for safeguarding sensitive data, the Director’s team plays an important role in ensuring its organization’s compliance. The Captures feature within Sysdig Secure was a key differentiator over competing solutions during the selection phase. According to the Director, “Sysdig Secure helps bring our SOC2 analysts into the fold and streamlines ISO27001 compliance.” With Sysdig Captures, the team can show what happened even after a container has been killed.
The runtime security capabilities of Sysdig Secure also play a role in achieving compliance for the company. ”We use Sysdig to demonstrate file integrity monitoring at both the host level for GKE and at the container level. To demonstrate that we are alerted when sensitive files are modified on the file system, we simply show the Sysdig policies and an example of the alert to the auditors.”
Time Spent on Security Tasks Reduced by 80%
Now that the company’s team of seven engineers has reduced time spent on security toil from 50% of their day to just 10%, the organization has given its staff the opportunity to focus on higher-value projects. The team has shifted its focus to mission-critical projects, like zero trust security and software supply chain projects that add value to the organization.
“Going forward, I don’t have to hire analysts to stare at dashboards,” said the Director. “Because of Sysdig, I’m hiring engineers to grow services and support for our clients.”