Hello from all of us at Sysdig!
KubeCon EU and RSA just finished, and what a whirlwind two weeks it was. The cloud security ecosystem is more vibrant than ever, and security, again, is a hot topic.
Don’t miss our highlights of the events in this special edition of our newsletter.
3 Trends Security Leaders Shouldn’t Miss
Although RSA and KubeCon are two radically different events, we could spot some common themes. Some topics were repeated over and over in speaker sessions, private conversations, and in the vendor hall.
These are the current trends you should not miss.
1. Cloud security is consolidating
The cybersecurity landscape has been growing and getting more and more complex. However, the trend seems to be changing.
Platform (CNAPP) solutions are winning over point solutions. Companies no longer want a bunch of independent security tools, that approach doesn’t scale. They want to check their security posture from a unified view, and correlate insights from everywhere to prioritize threats.
No wonder we are experiencing an interesting wave of vendor partnerships that are looking to offer more complete solutions. CNAPP is definitely shaking the foundations of the cloud-native security ecosystem.
2. Kubernetes is still seen as complex: needs simplification
As adoption of Cloud Native grows, it seems that a main concern arises: How to secure these complex deployments?
“Simplification” was one buzzword that kept popping up this year, especially around Kubernetes.
The Kubernetes project seems to be listening. The recently released Kubernetes 1.27 confirms a trend we’ve seen for a while, each new version brings less groundbreaking features and more quality of life improvements.
Anyways, we love this trend. Beyond appearances, it’s never been this easy to secure the cloud and containers.
3. AI is becoming more pervasive in security
We experienced how the success of ChatGPT is a catalyst for the adoption of artificial intelligence in security.
Everyone agreed, machine learning is the way.
Stay tuned, some things are coming our way soon 😉.
Now, be warned, it’s gonna be a long way. The conversation around AI and ML may be louder, but current implementations haven’t changed that much. AI is still not a silver bullet, so new and old will be walking by the hand for some time.
Related: The Quiet Victories and False Promises of Machine Learning in Security
We have some predictions for the next months:
- ML capabilities will become a must on security products.
- There will be a big push for ML to automate tasks, and to work as a GPT-like assistant.
3 Takeaways for Security Engineers
1. Cloud threats have evolved, tools are adapting
We’ve been seeing how popular attacks such as cryptojacking or supply chain compromise are on the rise in the cloud while growing more elaborate.
To make things worse, as deployments get more complex, it gets trickier to identify the source of an attack. The more services you have, the more logs and alerts you’ll have to correlate to see the full picture.
How is the ecosystem approaching this situation?
The trend seems to be to shift left and shield right.
Shift left, preventing as soon as possible with vulnerability scanners, hardening posture or permission management. And shielding right with real time detection and response.
You can already see how security tools are shifting towards big platforms that expand security to every stage of your applications. Focusing only on prevention is no longer enough. Also, this approach is enabling new exciting features like attack path graphs.
Want to learn more about what a cloud attack looks like?
Don’t miss Maya Levine’s talk Anatomy of a Cloud Security Breach – 7 Deadly Sins.
2. eBPF for runtime security is going mainstream
The war of agent vs. agentless has confirmed two things:
- Nowadays, you need both approaches to cover all the gaps.
- eBPF is the way to do instrumentation.
There is a clear consensus, if you want to capture system data without missing anything, you need eBPF. We can only confirm how eBFP adoption is growing, everyone is implementing eBPF on their products in some way or another.
The Falco project is a great example of how to get the best of all worlds. In the talk No Fear, Falco Is Looking After Us!, Falco covered how it can complement eBPF inputs with cloud logs to secure infrastructures from all angles.
3. AI all the things!
It’s a golden era for ChatGPT and AI in general. Applications are reaching every industry, even the cloud-native ecosystem.
We’ve seen AI applications used to stream routine tasks, enhance threat detection, or replace query languages.
Here are some examples you can put your hands one:
- K8sGPT helps you explain, in natural language, what’s going on in your cluster.
- run.ai applies AI to the Kubernetes scheduling.
- kubectl-ai lets you manage your cluster with natural language.
What a time to be alive!
Not everything is good, though. Bad guys are also leveraging AI to write better malware, for example, or using AI generated voices on phishing calls. Is MFA properly set up on your cloud accounts?
Stay tuned, some things coming are our way soon 😉.
Want to read more about KubeCon and RSA?
- Watch all the KubeCon sessions on demand.
- Watch all the RSA sessions on demand.
- Check the KubeCon wrap ups from Loft, Silverlinings, Jetstack.
What’s New with Sysdig?
Sysdig at KubeCon and RSA
It was great to connect with customers and partners in person. Here are links to our sessions, and a few pictures of the team.
Sysdig Sessions at KubeCon:
- Kubernetes Defensive Monitoring with Prometheus
- No Fear, Falco Is Looking After Us!
- Anatomy of a Cloud Security Breach – 7 Deadly Sins
- Maya Levine interview by Amazic
Sysdig Sessions at RSA:
Sysdig Brings Runtime Insights to ServiceNow Container Vulnerability Response
One of our announcements during RSA. With this partnership, Sysdig helps ServiceNow users eliminate 95% of vulnerability noise and focus on true risk.
Learn all the details on our press release.
Ping us @sysdig or on our open source Sysdig Slack group to share your feedback and suggest topics for future issues! Previous editions are available in the archive.