Sysdig, Inc. announced the addition of unified cloud and
container security with the launch of continuous cloud security posture
management (CSPM). Threat research conducted by Sysdig shows that
having a single view across cloud, workloads, and containers speeds the
time to both detect and respond to lateral movement attacks, a common
technique used in the majority of cybersecurity breaches. By pairing the
Sysdig cloud security capabilities announced today with its container
security features, teams can identify the entire attack chain and
respond to threats faster. Introduced as a free tier, Sysdig CSPM
capabilities are indefinitely free for one cloud account.
Attackers Have an Easy Path from Containers to Cloud
Identified
in the MITRE framework, lateral movement is estimated to be involved in
70 percent of cyberattacks. This attack pattern occurs when a bad actor
pivots through multiple systems and accounts to gain access to the
objective target. Attackers involved in the 2019 Capital One breach
utilized a similar movement pattern.
Illustrative
of a typical lateral movement attack, the Sysdig Threat Research Team
found that by exploiting an Apache vulnerability in a container, an
attacker can secretly move into the cloud environment, expanding the
attack surface. In this instance, the attacker can then execute
arbitrary code in the machine and open a reverse shell within the
system. After escalating privileges, they use pod access to find exposed
cloud credentials and eventually gain access to the broader cloud
environment. At this point, they have access to steal sensitive data.
The Power of Combined Cloud and Container Security
Using
different cloud and container security tools requires a manual
correlation of logs to catch the breach and uncover the systems
impacted. By unifying the incident timeline and adding risk-based
insights, Sysdig reduces the time to detect threats across clouds and
containers from weeks to hours. Cloud development teams can see exactly
where the attacker started and each step they took as they moved through
the environment. Read "Cloud lateral movement: Breaking in through a vulnerable container" for more on the steps involved in this type of lateral cloud movement attack.
New Continuous CSPM From Sysdig
- Cloud Security Posture Management for AWS Based on Cloud Custodian: Sysdig adds cloud asset discovery, cloud services posture assessment,
and compliance validation. Cloud security teams can manage their
security posture by automatically discovering all cloud services, as
well as flagging misconfigurations and violations of compliance and
regulatory requirements. These new features are based on Cloud
Custodian, an open source tool for securing cloud infrastructure.
- Multi-Cloud Threat Detection for AWS and GCP Based on Falco: Sysdig adds support for cloud threat detection via GCP audit logs,
in addition to the AWS CloudTrail integration last year. Security teams
can continuously detect suspicious activity or configuration changes
across their infrastructure without relying on a periodic configuration
check. Sophisticated attackers can take advantage of exposed
configurations to access the cloud, then revert it immediately once
inside. A static check could miss these changes, leaving openings for
attackers, and also overlook indicators that an attacker has breached
the environment.
Sysdig uses open source Falco,
the Cloud Native Computing Foundation de facto runtime security
project, and alerts based on continuously inspecting cloud audit logs.
It performs the analysis within the user's cloud account, which protects
sensitive data and eliminates costs tied to exporting logs. Currently,
there are more than 200 out-of-the-box CloudTrail rules, and the
database continues to grow as Sysdig and the community contribute at a
rate of 20-50 new rules per month.
All Sysdig events, including
CSPM, compliance, container runtime, and AWS CloudTrail events can be
sent to AWS Security Hub to allow security teams to respond to threats
faster.
- Cloud Risk Insights:
Sysdig provides new visual insights across interconnected cloud and
container security incidents, prioritized by risk levels. Sysdig reduces
alert noise and provides instant visibility to see the entire cloud
attack chain, from a hacker exploiting a container vulnerability and
accessing the cloud, to elevating privileges and performing catastrophic
actions, such as cryptomining on a Kubernetes cluster. Classifying
incidents based on severity levels allows teams to prioritize what to
investigate and respond to first. Teams can then investigate all
suspicious activity performed by a user to see the breadth of impact and
quickly begin incident response activities.
Free Tier for Cloud Security
Sysdig
is offering continuous cloud security for free, forever, for a single
account. With easy onboarding, developers can begin to manage cloud
posture within minutes. The free tier includes a daily check against CIS
benchmarks and continuous threat detection to ensure the cloud
environments remains in a secure, compliant, and hardened state at all
times. It also includes inline scanning for Fargate and ECR images, up to 250 images a month.
Open-Standards Approach to Cloud Security
Sysdig
believes the future of security is open. Open source security delivers
better security through faster innovation. Organizations can be
confident they are adopting an accepted standard that will last. With
this in mind, Sysdig chose to build its CSPM capabilities on top of
Falco and Cloud Custodian. Sysdig selected the Cloud Custodian open
source project because it has strong momentum in adoption, a rapidly
growing database of rules, auto-remediation capabilities, and
multi-cloud support.
Availability
Sysdig CSPM is available now, including the free tier. Sysdig is also launching a new game, Cloud Chaos, to introduce it.