Sysdig Report Finds that 87% of Container Images Have High Risk Vulnerabilities

FEBRUARY 1, 2023


Sysdig report finds massive supply chain risk, along with more than $10 million in wasteful spending for large cloud deployments

SAN FRANCISCO and SEATTLE – CloudNativeSecurityCon – Sysdig Inc., the unified cloud and container security leader, today announced findings from its Sysdig 2023 Cloud-Native Security and Usage Report. Focused on two themes this year, the report revealed that supply chain risk and zero trust architecture readiness are the biggest unaddressed security issues in cloud and container environments. The report also exposes tens of millions of dollars in wasted cloud spend caused by overallocated capacity.

Looking at real-world data, the sixth annual report reveals how global companies of all sizes and industries are using and securing cloud and container environments. The data sets cover billions of containers, thousands of cloud accounts, and hundreds of thousands of applications that Sysdig customers operated over the course of the last year.

Report highlights
87% of container images have high or critical vulnerabilities: Due to the nature of modern design and the sharing of open source images, security teams face a large number of container vulnerabilities. The reality is that teams cannot fix everything, and they struggle with finding the right parameters to prioritize vulnerabilities and scale down their workload.

Giving teams hope, the report also found that only 15% of critical and high vulnerabilities with an available fix are in packages loaded at runtime. By filtering on those vulnerable packages that are actually in use, organizational teams can focus their efforts on a smaller fraction of the fixable vulnerabilities that represent true risk. Reducing the number of vulnerabilities by 85% down to 15% provides a more actionable number for cybersecurity teams.

90% of granted permissions are not used: Zero trust architecture principles stress that organizations should avoid granting overly permissive access. Data from the report shows that 90% of permissions are unused. If attackers compromise credentials from identities with privileged access or excessive permissions, they have the keys to the kingdom in a cloud environment.

59% of containers have no CPU limits defined, and 69% of requested CPU resources go unused: Without utilization information for Kubernetes environments, developers are blind to where their cloud resources are over or underallocated. Organizations of all sizes could be overspending by 40%, and for large deployments, optimizing an environment could save an average of $10 million on cloud consumption bills.

72% of containers live less than five minutes: Gathering troubleshooting information after a container is gone is nearly impossible, and the life of a container got shorter this year by 28%. This decrease speaks to organizations maturing in their use of container orchestration, and reinforces the need for security that can keep pace with the ephemeral nature of the cloud.

“Looking back at last year’s report, container adoption continues to mature, which is evident by the decrease in container life spans. However, misconfigurations and vulnerabilities continue to plague cloud environments, and supply chains are amplifying how security problems manifest. Permissions management, for users and services alike, is another area I’d love to see people get stricter about,” said Michael Isbitski, Director of Cybersecurity Strategy at Sysdig. “This year’s report shows great growth and also outlines best practices that I hope teams adopt by the 2024 report, such as looking at in-use exposure to understand real risk, and to prioritize the remediation of vulnerabilities that are truly impactful.”

Learn more about the report

Media contact

Amanda McKinney Smith
[email protected]

Sysdig Logo

In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights and open source Falco. Sysdig, rated #1 for CSPM in the Gartner Peer Insights “Voice of a Customer” report, correlates signals across cloud workloads, identities, and services to uncover hidden attack paths and prioritize real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation.

Sysdig. Secure Every Second.