Sysdig released at SANS CyberFest 2023 the
5/5/5 Benchmark for Cloud Detection and Response, a new framework that outlines how quickly organizations
should detect, triage, and respond to attacks in the cloud. Operating securely
in the cloud requires a mindset shift in regard to time, and with that, cloud
security programs need to hold themselves to a modernized benchmark: five
seconds to detect, five minutes to correlate insights and understand what's
happening, and five additional minutes to respond. Recent findings by the
Sysdig Threat Research Team published in the 2023 Global Cloud Threat Report note that, after discovering an exploitable target,
malicious actors require less than 10 minutes to execute an attack.
Download the 5/5/5 Benchmark for Cloud Detection and Response.
Cloud attacks are swift and sophisticated, requiring robust threat detection
and response programs that move at the speed of the cloud. On-premises attacks
take 16 days on average and antiquated frameworks challenge security teams to
respond to a breach within 60 minutes, which is simply insufficient for the
cloud. Bad actors are exploiting the automation and scale of the
cloud, along with new techniques, to accelerate all stages of an attack and
inflict damage within minutes. The 5/5/5 Benchmark guides organizations to
detect and respond to cloud attacks faster than adversaries can complete them.
The
Challenge
- Detect threats within five seconds.
Organizations should be able to gather detection signals from their cloud
security tools in real time to ensure visibility into ephemeral
assets.
- Correlate and triage within five minutes. Teams
should be able to gather full context for all correlated signals within
five minutes of receiving the first relevant alert.
- Initiate a response within five minutes. Organizations
should be able to initiate a tactical response within five minutes of
confirming that an attack is in progress.
What people
are saying
"People are always looking for
security metrics, especially when the industry evolves into new operating
models. We have plenty of 'best practices,' but no real way to quantify cloud
security agility - until now," said Anna Belak, Director, Office of Cybersecurity
Strategy at Sysdig. "The 5/5/5 Benchmark, built in partnership with our
customers, industry analysts, and the Sysdig Threat Research Team, sets a new
standard for operating securely in the cloud."
"As organizations move to the
cloud, traditional on-premises security standards become outdated and too slow.
In the cloud, both innovation and attacks happen quickly - companies need
security tools, processes, and standards designed to operate at the speed of
cloud-native environments," said Phil Bues, Research Manager for IDC Cloud
Security.
"I don't want to know 15
minutes after someone breached my system. I need to know instantly so that we
can shut it down before the blast radius expands," said Kuldeep Tomar, Head of
Information Security at India's leading digital skill games company and 5/5/5
Benchmark Advisor. "To move at the necessary speed, you need to not only be
alerted to the right things, but also respond appropriately. Having a benchmark
gives us a goal to hold ourselves to."