Sysdig Announces Risk Spotlight to Prioritize Vulnerabilities Based on Runtime Intelligence

APRIL 20, 2022


Sysdig Secure reduces vulnerability alerts by 95%, allowing developers to focus on shipping applications faster

SAN FRANCISCO — April 20, 2022 — Sysdig, the unified container and cloud security leader, announced the availability of Risk Spotlight, a vulnerability prioritization feature based on runtime intelligence. Risk Spotlight enables security teams to reduce alert noise and effectively prioritize remediation based on a more accurate risk assessment to efficiently reduce risk without slowing down developers.

Blog: Eliminate Noise and Prioritize the Vulnerabilities that Really Matter with Risk Spotlight.

As applications are often quickly assembled from public repositories, developers unknowingly bring vulnerabilities from open source packages. Most do not warrant a developer’s attention since they are not tied to packages running in production. Without context, developers find themselves scrolling through thousands of vulnerabilities in spreadsheets trying to figure out which fixes matter. Vulnerability noise hides the true risk, leaving the door open to compromise.

Key Benefits of Risk Spotlight

  • Reduce vulnerability noise by up to 95%: Risk Spotlight eliminates the noise from vulnerabilities that pose no immediate risk by identifying the packages not used at runtime. This helps DevOps and developer teams understand the real risk in their container environments and minimize alert fatigue.
  • Manage risk with actionable insights: Risk Spotlight delivers vulnerability details – such as the CVSS vector from multiple sources, the fix version, and link to publicly available exploits – to manage vulnerability risk at scale.
  • Comprehensive vulnerability management for containers from source to run: Risk Spotlight provides a single view of vulnerability risk across the container lifecycle – from build to runtime. The new UI also speeds remediation by giving developers a package-centric view of vulnerabilities, along with the fix or upgrade they need to apply. Developers can also apply security best practices early by removing unused packages during the build process.
“Detecting threats at runtime across containers, hosts, and cloud services is fundamental for cloud-native security. Then using that runtime intelligence to prioritize vulnerabilities provides developers a reasonable list of the highest impact issues to fix,” said Loris Degioanni, Founder and CTO at Sysdig. “Scrolling line-by-line through an endless spreadsheet of issues is inefficient for developers and slows down software releases.”

The Sysdig Approach Sysdig is driving the standard for unified cloud and container security so DevOps and security teams can confidently secure containers, Kubernetes, and cloud services. Built on open source Falco threat detection, Sysdig gives real-time visibility to risk across containers and multiple clouds, eliminating security blind spots. Sysdig uses context to prioritize security alerts so teams can focus on high-impact security events and improve efficiency. By understanding the entire source to runtime flow and suggesting guided remediation, Sysdig shortens time to resolution. With the Sysdig platform, teams can find and prioritize software vulnerabilities, detect and respond to threats and anomalies, and manage cloud configurations, permissions, and compliance.


Risk Spotlight is available now to Sysdig Secure users at no additional cost.


Media Contact

Amanda McKinney Smith
[email protected]

Sysdig Logo

In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights and open source Falco. Sysdig, rated #1 for CSPM in the Gartner Peer Insights “Voice of a Customer” report, correlates signals across cloud workloads, identities, and services to uncover hidden attack paths and prioritize real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation.

Sysdig. Secure Every Second.