Powered by Falco, Sysdig identifies attacks in motion by correlating identity behavior with workload activity across private, hybrid, and public clouds

Black Hat USA – Sysdig, the leader in real-time cloud security, today announced the launch of Cloud Identity Insights, an expansion of its cloud detection and response (CDR) capabilities designed to correlate identity behavior with workload activity and cloud resources. Cloud Identity Insights can instantly detect compromised identities, help contain them in real time, and leverage smart policy optimization to prevent future breaches. This deep and broad coverage is made possible by the next generation of Sysdig’s proven enterprise-ready agent, launched today. This next-gen agent builds on the company’s lightweight instrumentation to use 50% fewer resources and is supported by both a universally compliant second-generation eBPF probe and open source Falco.

“Identity is the connective tissue between detection and prevention,” said Shantanu Gattani, Vice President of Product Management at Sysdig. “Quarantining compromised identities is critical for both containing attacks in motion and stopping them in the future, but with a 240% upsurge in human and machine identities over the last year [1], understanding which identities are compromised is a challenge in and of itself. Identity abuse informs everything from an immediate and targeted threat response to a comprehensive and effective Zero Trust cloud strategy – that’s exactly where we enable security teams with Cloud Identity Insights.”

Sysdig Cloud Identity Insights

When it comes to cloud attacks, nearly 40% of breaches start with exploited credentials [2] – this makes them the most common entry point for attackers. Cloud defenders, however, face a distinct lack of insight into identities, their associated behavior, and their relation to other cloud activities. Identity insights are often decoupled from workloads, a fatal flaw that empowers attackers to stay hidden as they move quietly across the cloud.

• Detect compromise in seconds to preempt attacks: Suspicious user activity is often the first indicator of a breach. Cloud Identity Insights immediately alerts users to reconnaissance actions and privileged user creation, often early indicators of a breach. By automatically correlating events to identities in real time, Sysdig enables teams to comply with the 555 Benchmark for cloud detection and response.
• Contain compromised identities: Once a compromised account has been detected, security teams have seconds to contain it before the attack escalates. With Sysdig Cloud Identity Insights, teams can outpace attackers by swiftly prioritizing and responding with suggested containment actions that range in severity from forced password resets to user deactivation or deletion.
• Prevent future attacks: Each identity remediation gives security analysts the opportunity to prevent future identity abuse with insightful context. Cloud Identity Insights automatically recommends smart policy optimization by evaluating the permissions exploited by a compromised account during the incident, and highlights the riskiest roles and users in the environment.

Expanded Coverage Across Private, Public, and Hybrid Clouds

Stopping unknown threats early in the attack chain requires comprehensive coverage across private and public clouds, as well as correlation between workloads, identities, platform as a service (PaaS), and cloud activity. With this new release, Sysdig is expanding its leadership in agent and agentless cloud-native application protection platform (CNAPP) instrumentation to help security teams detect and respond at cloud speed.

• Gain universal compatibility with eBPF: Building on the company’s extensive contributions to eBPF, the universally compliant second-generation eBPF probe further simplifies deployment and gives organizations greater flexibility regarding where and how they develop cloud-native applications. This eBPF update offers extensive coverage of Linux and Windows hosts and Kubernetes nodes to deliver kernel-level visibility into workloads without cumbersome administrator privileges.
• Scale confidently with the next-generation agent: Sysdig’s next-generation agent delivers the comprehensive visibility of a mature agent with the resource requirement of a lightweight sensor. It uses 50% fewer resources than the company’s already resource-light instrumentation while delivering real-time threat detection at the edge. Finally, it provides a unified agent experience across clusters and hosts, both in private cloud (OpenShift, VMware, etc.) and public cloud environments, providing comprehensive protection from uncovering vulnerabilities to identifying live attacks.
• Unify threat detection with Falco: With this new release, Sysdig extends Falco to assess cloud and PaaS activity along with host, container, and Kubernetes activity. This unifies threat detection in a single language and allows defenders to spot sophisticated attacks that originate outside the customer’s cloud and ultimately make their way into the cloud estate.

Cloud Identity Insights and all mentioned features are available now. Interested customers should reach out to their Sysdig representative to learn more.

Resources

• Read “Introducing Cloud Identity Insights for Sysdig Secure.”
• Learn about “Evolving Cloud Security: Why Identity Infused CDR is the Key.”
• Explore the “2024 Gartner® CNAPP Market Guide.”

[1] CyberArk, “2023 Identity Security Threat Landscape Report,” June 2023.

[2] Verizon Business, “2024 Data Breach Investigations Report,” April 2024.

About Sysdig

In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights and open source Falco. Sysdig, rated No. 1 for cloud security posture management (CSPM) in the Gartner Peer Insights “Voice of a Customer” report, correlates signals across cloud workloads, identities, and services to uncover hidden attack paths and prioritize real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation.

Sysdig. Secure Every Second.

View source version on businesswire.com: https://www.businesswire.com/news/home/20240807487761/en/

As the need for real-time CDR grows, @Sysdig launches Cloud Identity Insights to stop attacks at the first sign of compromise. Learn more: https://sysdig.com/press-releases/sysdig-launches-cloud-identity-insights/