Sysdig Adds Real-Time Cloud Attack Graph to CNAPP
September 28, 2023Sysdig announced Cloud Attack Graph, which provides the industry’s first real-time attack path analysis and live risk prioritization. Using its real-time insights from production, these new features identify unseen but imminent threats and attacks in motion. In addition, the company released a new cloud inventory that provides comprehensive cloud visibility with integrated search to surface information such as in-use instances of a critical vulnerability or roles with unused credentials. Sysdig also released agentless scanning, providing a complete agent and agentless solution across the software life cycle.
In the cloud, every second counts. Environments have grown more complex, and attacks happen at warp speed. Whereas on-premises attacks are measured in weeks, cloud attacks can happen in mere minutes. Attackers exploit the complexity and automation of the cloud to move laterally, elevate privileges, and maximize blast radiuses. Knowing what’s happening in the moment, customers can make better-informed decisions from prevention to defense.
“I have a mandate for my security team. I want them to be a team in the know, not the team of no. Security shouldn’t slow the speed of development,” said David Quisenberry, Senior Manager of Information Security at apree health. “Prevention is necessary, but it won’t catch everything given the speed of the cloud. We also need to be ready to defend in real time. Cloud security requires tools that connect dots and provide context, but the key is that it must be in real time.”
New Capabilities Focused on What Matters Now
Sysdig’s industry-leading cloud-native application protection platform (CNAPP) is powered by runtime insights, which enable Sysdig’s real-time detection and multidomain correlation to prioritize risky combinations across environments.
Cloud Attack Graph functions as the neural center of the Sysdig CNAPP, applying multidomain correlation across assets, users, activity, and risk to identify threats in real time. By layering on instant detections, in-use vulnerabilities, and in-use permissions, Sysdig connects the dots across environments so customers can diffuse threats before they escalate.
Risk Prioritization is a stack-ranked list of risks to help prioritize the order in which they should be addressed across an entire cloud-native environment. The list is uniquely generated from runtime insights, layered with real-time detection of events, vulnerabilities tied to in-use packages, and in-use permissions to draw attention to the most imminent attacks happening at any given moment.
Attack Path Analysis is a visual representation of the exploitable dependencies across resources, which can help reveal potential attack paths. Unlike other solutions, Sysdig layers on real-time detections to reveal active attack behavior such as lateral movement, helping stop attackers in their tracks.
Inventory, powered by runtime insights, is a complete, searchable list of all of the resources in a cloud environment across users, workloads, hosts, and infrastructure as code. Dynamic filtering provides immediate access to the most relevant information across cloud environments for use in various ways. By identifying vulnerabilities in active packages, security teams can prioritize the fixes that matter. Inventory can also be used to quickly check exposure to vulnerabilities, such as identifying all instances of Log4j in packages in use and exposed to the internet. Customers can then dig deeper into potentially compromised workloads with a real-time view of associated misconfigurations, compliance violations, and vulnerabilities.
Complete Agentless Scanning rounds out Sysdig’s agent and agentless solution. Sysdig has expanded agentless capabilities to include host scanning, extending its existing agentless scanning for misconfigurations and threat detection. Sysdig’s agentless approach gives users a full picture of their cloud security, highlighting vulnerabilities, misconfigurations, in-use permissions, and threats. Meanwhile, the scalable and performant agent delivers real-time analysis of file access, network connections, and active processes in addition to other workload attributes. It then filters out unused package vulnerabilities for prioritized protection.
“Security teams need a tool that sees everything, correlates it, and distills it into actionable insights within seconds. What sets Cloud Attack Graph apart is that it was designed specifically for the cloud, enabling users to visualize risk; prioritize the threats that matter; and in the event of a live attack, alert in real time and make it a priority for the security team to focus on,” said Knox Anderson, Vice President of Product at Sysdig. “Context and speed are everything in the cloud, making runtime insights a critical capability for cloud security.”