Hello from all of us at Sysdig!
What a roller coaster of a year 2022 has been. We are glad that you let us take this ride together, so we prepared a special treat in appreciation. These are our personal highlights from this year.
Let the 2022 cloud-native recap begin!
Sign up for our monthly Cloud-native News.
2022: A cloud-native year in review
The rise of cryptomining and new vulnerabilities
We have not seen many new vulnerabilities (CVE) this year, but the ones that have emerged have caused major issues. We saw Dirty Pipe and Spring4Shell, and then we had no news for a while. Later, a new zero day affected Atlassian, and we ended the year with Text4Shell and OpenSSL.
On the other hand, we have detected the continuous growth of cryptomining and how it has evolved, affecting more cloud-native environments. In our Threat Research Report, the Sysdig Threat Research Team (Sysdig TRT) analyzed more than 250,000 Docker images and found a lot of hidden malware.
Finally, the Sysdig TRT discovered a new cryptomining operation (PURPLEURCHIN), a sophisticated cryptomining campaign that employed automation to abuse free GitHub account trials.
On a personal level, I would like to highlight my KubeCon EU talk: “How attackers use exposed Prometheus server to exploit Kubernetes clusters.” I continue to receive positive feedback that I’m humbled by. A huge thank you for the support!
Miguel Hernández – Security Content Engineer at Sysdig
How I stopped worrying and loved DevOps
2022 has been a year of changes and a big one for cloud adoption worldwide.
Thousands of companies are focusing their efforts on the cloud. But with great power, comes great responsibility. Millions of dollars are wasted due to lack of resource management, as we found in our research that companies could save up an average of 40% from Kubernetes infrastructure costs.
Prometheus has turned 10 years old! In May, we had another Prometheus Day within the acclaimed KubeCon + CloudNativeCon EU at Valencia.
The news I would like to share includes:
- A lot of cool new features have been added to Prometheus this year. Check the 2022 Documentary.
- Finally, AWS created a new region in Zaragoza, aiming to increase its presence in Southern Europe. This is touching as it feels close to home, and makes me happy. :)
Javier Martínez – DevOps Content Engineer at Sysdig
Cloud native is getting bigger, faster, and stronger
Securing the cloud is spurring government initiatives
2022 started with a bang with Log4Shell being released just a couple of weeks prior. The year remained interesting on the security side with new CVEs and a net increase in cyberattacks worldwide.
This increased the attention to cybersecurity, especially to cloud threats at all levels. As a reaction, we saw new (and sometimes controversial) government initiatives.
One of the better ones was the CyberSecurity Review Board (CSRB), established in February 2022, with the goal to review and assess the most significant CyberSecurity events. CSRB released its first report covering Log4Shell in July, with lots of good insights and retrospectives on the biggest vulnerability in recent years.
On the container side, Podman released version 4.0 back in March with a complete network rewrite and improved support for Windows and Mac OS.
And in September, the popular service mesh Istio officially became a CNCF incubating project after being submitted by Google in April.
We’re excited to see what the community brings us in 2023!
Daniel Simionato – Security Content Engineer at Sysdig
Kubernetes is reaching maturity
In 2022, we followed Kubernetes 1.24, 1.25, and 1.26. Shipping only three releases per year is allowing Kubernetes to deliver more polished features, and admins can now prepare better to upgrade their clusters.
Also, adding an expiration date to alpha and beta features put a spotlight on features, like Ephemeral containers, that were in alpha for too long. Now, they are either pushed into stability or deprecated. We see more and more enhancements that transition from alpha to stable in just four releases or less, like #3070.
It’s great to see these maturity signs in Kubernetes. Flashy things are exciting, but boring and reliable is what people want to work with in their day to day.
My top three security features in Kubernetes this year were:
- The PodSecurity Admission, replacing PSPs
- CEL for admission control
- API credentials through the TokenRequest API
Víctor Jiménez – Content Engineering Manager at Sysdig
Falco plugs in everywhere
This year, we’ve seen a groundbreaking change inside Falco: Falco plugins.
This allows Falco to grow beyond system calls to… infinity?
Like, actually. Falco is so versatile now that it can even be used to detect your pets and deliver alerts with their presence.
More practically, here are a few you can do with Falco plugins now:
- Consume your Kubernetes Audit Events
- Secure your AWS account, reading CloudTrail events
- Detect OKTA exploits
- Track your GitHub account
- Trigger alerts from Hashicorp Nomad
Find the full list of plugins on GitHub.
Also, without the need for external plugins, Falco’s latest integration with Google Cloud helps you keep the activity inside a gVisor-isolated container less obscure.
Lastly, after all this year’s growth in the Falco project, its maintainers felt it was a good time to apply for the CNCF graduation. We wish them all the luck. 🤞💪
Vicente J. Jiménez – Security Content Engineer at Sysdig
Sysdig in 2022
This year, we launched our first threat report. A few of the highlights from our Threat Research Team are:
We analyzed more than 250,000 Docker images and found a lot of hidden malware.
We have detected a continuous growth of cryptomining and how it has evolved, affecting more cloud-native environments. And we analyzed: What is the real cost of cryptomining?
After the Ukraine conflict started, we’ve seen a change of profile on threats. Cryptomining is no longer the king.
Is your team drowning in container vulnerability noise? Are you spending a lot of time figuring out where to focus resources and still missing dangerous vulnerabilities? Know that you are not alone.
This year, we released Risk Spotlight, a new feature in Sysdig Secure that will help you eliminate noise and prioritize vulnerability alerts by 95% so you can focus on what really matters.
Sysdig Monitor Advisor and Cost Advisor
Earlier in the year we launched Advisor, a new Kubernetes troubleshooting product in Sysdig Monitor that accelerates troubleshooting by up to 10x.
More recently, we also announced Cost Advisor, a cost-savings tool for cloud-native environments. This tool gives you visibility into Kubernetes costs and automatically helps you identify areas to reduce them. With Cost Advisor, you can reduce wasted spending by 40% on average.
We expanded our open source expertise
- Edd Wilder-James as VP of Open Source Ecosystem.
- Gerald Combs, creator and project leader of Wireshark.
We made friends and reached new milestones
- Sysdig and Snyk partnered to eliminate vulnerability noise.
- We partnered with Proofpoint to enhance malware and cryptomining detection.
- Sysdig was named one of the 20 coolest cloud security companies, one of Deloitte’s Fast 500 Growth companies.
- Frost and Sullivan recognized Sysdig as the Container Security Company of the year.
- Risk Spotlight was highlighted as one of the 20 hottest cybersecurity productscompanies at RSA.
- Sysdig achieved AWS Security Competency.
And we launched groundbreaking features
- Drift Control will help prevent container attacks at runtime.
- Sysdig can now detect cryptojacking with Sysdig’s high-precision ML.
- Sysdig Monitor started supporting Amazon CloudWatch Metric Streams to ingest metrics from AWS CloudWatch in real time.
- ToDo is an actionable checklist showing prioritized risks to save time during investigations.
- Remediation Guru is guided remediation at the source, allowing teams to fix issues in seconds.