December 2022 Cloud-native news

Hello from all of us at Sysdig!

What a roller coaster of a year 2022 has been. We are glad that you let us take this ride together, so we prepared a special treat in appreciation. These are our personal highlights from this year.

Let the 2022 cloud-native recap begin!

Sign up for our monthly Cloud-native News.

Ping us @sysdig or on our open source Sysdig Slack group to share your feedback and suggest topics for future issues! Previous editions are available in the archive.

2022: A cloud-native year in review

The rise of cryptomining and new vulnerabilities

We have not seen many new vulnerabilities (CVE) this year, but the ones that have emerged have caused major issues. We saw Dirty Pipe and Spring4Shell, and then we had no news for a while. Later, a new zero day affected Atlassian, and we ended the year with Text4Shell and OpenSSL.

​​On the other hand, we have detected the continuous growth of cryptomining and how it has evolved, affecting more cloud-native environments. In our Threat Research Report, the Sysdig Threat Research Team (Sysdig TRT) analyzed more than 250,000 Docker images and found a lot of hidden malware.

Finally, the Sysdig TRT discovered a new cryptomining operation (PURPLEURCHIN), a sophisticated cryptomining campaign that employed automation to abuse free GitHub account trials.

On a personal level, I would like to highlight my KubeCon EU talk: “How attackers use exposed Prometheus server to exploit Kubernetes clusters.” I continue to receive positive feedback that I’m humbled by. A huge thank you for the support!

Miguel Hernández – Security Content Engineer at Sysdig

How I stopped worrying and loved DevOps

2022 has been a year of changes and a big one for cloud adoption worldwide.

Thousands of companies are focusing their efforts on the cloud. But with great power, comes great responsibility. Millions of dollars are wasted due to lack of resource management, as we found in our research that companies could save up an average of 40% from Kubernetes infrastructure costs.

Prometheus has turned 10 years old! In May, we had another Prometheus Day within the acclaimed KubeCon + CloudNativeCon EU at Valencia.

The news I would like to share includes:

  • A lot of cool new features have been added to Prometheus this year. Check the 2022 Documentary.
  • Finally, AWS created a new region in Zaragoza, aiming to increase its presence in Southern Europe. This is touching as it feels close to home, and makes me happy. :)

Javier Martínez – DevOps Content Engineer at Sysdig

Cloud native is getting bigger, faster, and stronger

Securing the cloud is spurring government initiatives

2022 started with a bang with Log4Shell being released just a couple of weeks prior. The year remained interesting on the security side with new CVEs and a net increase in cyberattacks worldwide.
This increased the attention to cybersecurity, especially to cloud threats at all levels. As a reaction, we saw new (and sometimes controversial) government initiatives.

One of the better ones was the CyberSecurity Review Board (CSRB), established in February 2022, with the goal to review and assess the most significant CyberSecurity events. CSRB released its first report covering Log4Shell in July, with lots of good insights and retrospectives on the biggest vulnerability in recent years.

But 2022 also saw lots of container and cloud open source projects maturing, with Argo, Flux, and SPIFFE/SPIRE graduating from the CNCF incubator.

On the container side, Podman released version 4.0 back in March with a complete network rewrite and improved support for Windows and Mac OS.

And in September, the popular service mesh Istio officially became a CNCF incubating project after being submitted by Google in April.

We’re excited to see what the community brings us in 2023!

Daniel Simionato – Security Content Engineer at Sysdig

Kubernetes is reaching maturity

In 2022, we followed Kubernetes 1.24, 1.25, and 1.26. Shipping only three releases per year is allowing Kubernetes to deliver more polished features, and admins can now prepare better to upgrade their clusters.

Also, adding an expiration date to alpha and beta features put a spotlight on features, like Ephemeral containers, that were in alpha for too long. Now, they are either pushed into stability or deprecated. We see more and more enhancements that transition from alpha to stable in just four releases or less, like #3070.

A special mention to all the housekeeping done in Kubernetes: removing all the in-tree CSI drivers, deprecating PSPs and Dockershim, and cleaning up in general.

It’s great to see these maturity signs in Kubernetes. Flashy things are exciting, but boring and reliable is what people want to work with in their day to day.

My top three security features in Kubernetes this year were:

Víctor Jiménez – Content Engineering Manager at Sysdig

Falco plugs in everywhere

This year, we’ve seen a groundbreaking change inside Falco: Falco plugins.

This allows Falco to grow beyond system calls to… infinity?

Like, actually. Falco is so versatile now that it can even be used to detect your pets and deliver alerts with their presence.

More practically, here are a few you can do with Falco plugins now:

Find the full list of plugins on GitHub.

Also, without the need for external plugins, Falco’s latest integration with Google Cloud helps you keep the activity inside a gVisor-isolated container less obscure.

Lastly, after all this year’s growth in the Falco project, its maintainers felt it was a good time to apply for the CNCF graduation. We wish them all the luck. 🤞💪

Vicente J. Jiménez – Security Content Engineer at Sysdig

Sysdig in 2022

Threat report

This year, we launched our first threat report. A few of the highlights from our Threat Research Team are:

We analyzed more than 250,000 Docker images and found a lot of hidden malware.

We have detected a continuous growth of cryptomining and how it has evolved, affecting more cloud-native environments. And we analyzed: What is the real cost of cryptomining?

After the Ukraine conflict started, we’ve seen a change of profile on threats. Cryptomining is no longer the king.

Risk spotlight

Is your team drowning in container vulnerability noise? Are you spending a lot of time figuring out where to focus resources and still missing dangerous vulnerabilities? Know that you are not alone.

This year, we released Risk Spotlight, a new feature in Sysdig Secure that will help you eliminate noise and prioritize vulnerability alerts by 95% so you can focus on what really matters.

Sysdig Monitor Advisor and Cost Advisor

Earlier in the year we launched Advisor, a new Kubernetes troubleshooting product in Sysdig Monitor that accelerates troubleshooting by up to 10x.

More recently, we also announced Cost Advisor, a cost-savings tool for cloud-native environments. This tool gives you visibility into Kubernetes costs and automatically helps you identify areas to reduce them. With Cost Advisor, you can reduce wasted spending by 40% on average.

We expanded our open source expertise

We made friends and reached new milestones

And we launched groundbreaking features

Wow, what a year! We are excited for 2023.

Find more Sysdig events →
Browse on-demand webinars →