Sysdig announced Drift
Control to prevent container attacks at runtime. Teams can detect,
prevent, and speed incident response for containers that were modified
in production, also known as container drift. Additionally, Sysdig
enhanced malware and cryptomining detection with new threat intelligence
feeds from Proofpoint Emerging Threats (ET) Intelligence and the Sysdig
Threat Research Team. To be successful in the cloud, teams need a
single view of risk with no blind spots, which includes having
prevention that flags and blocks container drift.
New
critical vulnerabilities uncovered, including Log4j and Spring4Shell,
are a reminder that threat detection is critical both in the cloud and
data center. This detection needs to provide multiple layers of
protection. Sysdig, using the Falco open source project, the de facto
standard for cloud-native threat detection, covers all of the common
system intrusion attack categories identified in Verizon's 2022 Data Breach Investigation Report.
With
this announcement, Sysdig adds additional layers of detections. The
first uses enhanced malware and cryptomining detection with the
Proofpoint threat feeds for known and emerging threats. Drift Control,
the second additional technique, enforces the immutability principle,
providing a preventative defense layer to cloud-native workloads.
Container immutability ensures that container software is not modified
during its lifetime, preserving consistency from source to run and
preventing actions that could be part of an attack.
Given
the dynamic nature of cloud-native environments and legacy practices
carrying over to cloud environments, teams often neglect immutability
best practices and are blind to drift, especially at scale. To close the
dangerous security gaps created by container drift, Sysdig provides
Drift Control to automatically flag and deny deviations from the trusted
original container.
Key Benefits
- Detect and prevent container drift with Drift Control: With
Sysdig, teams can prevent common runtime attacks by dynamically
blocking executables that were not in the original container. Sysdig
helps customers follow security best practices of immutability and
ensure containers aren't modified after deployment in production.
- Enhance detection with the latest threat intelligence feeds: Sysdig
Secure has added threat intelligence feeds from Proofpoint Emerging
Threats (ET) Intelligence and the Sysdig Threat Research Team. With
these feeds, teams can rely on the most timely and accurate threat
information, including malicious IPs and domains, to better protect
their environments against threats such as Command & Control (C2),
malware, backdoors, crytominers, and anonymization.
- Speed incident response and mitigation with Rapid Response: In addition
to the new prevention and detection capabilities powered by Drift
Control and threat intelligence feeds, teams can then use Sysdig Secure
to dig directly into the compromised or suspicious container with
on-demand secured shell access and investigate the blocked executable
and detected malicious communications. Teams can minimize exposure by
removing the malicious file locally from the command line. Sysdig keeps a
detailed audit trail of all mitigation commands and can upload session
history to a user-defined external storage.
"When
there is an attack every 11 seconds, it is important to have multiple
layers of defense," said Omer Azaria, Vice President of Research and
Development at Sysdig. "Sysdig's new Drift Control capability enforces
best practices that can stop an attack before damage is done."
Availability
Sysdig
Secure customers have access to Drift Control and new threat feeds now
and for new customers, it is included in Sysdig Secure at no additional
cost.