Powered by Falco, Sysdig identifies attacks in motion by correlating identity behavior with workload activity across private, hybrid, and public clouds

Sysdig – a reputed name in real-time cloud security, recently went ahead to announce the launch of Cloud identity insights which is an upgraded version of its cloud detection and response (CDR) capabilities. The tool is designed to map identity behavior to workload activity and cloud resources.

Cloud identity insights are built to quickly catch identities that have been compromised and contain them in real time to leverage smart policy optimization to avoid any more breaches. This comprehensive coverage is possible considering the next generation of Sysdig’s proven enterprise-ready agent, launched today. This next-gen agent builds on the company’s lightweight instrumentation to use 50% fewer resources and is supported by both a universally compliant second-generation eBPF probe and open-source Falco. 

Shantanu Gattani, Vice President of Product Management at Sysdig called identity to be the connective tissue between detection and prevention. He believes that isolating compromised identities is critical for both containing attacks in motion and stopping them in the future. 

Cloud Identity Insights is crucial for security teams. It helps them address immediate threats and build a robust Zero Trust cloud strategy by uncovering identity-related risks.

Sysdig Cloud Identity Insights

Nearly 40% of cloud breaches begin with compromised credentials. To effectively combat this threat, security teams need to understand identity behavior and how it relates to other cloud activities. Cloud Identity Insights fills this gap by providing a unified view of identity-related information.

Detect compromise in seconds to preempt attacks

Cloud Identity Insights can detect suspicious user activity that often signals an impending attack. By providing real-time alerts for reconnaissance actions and privileged user creation, it helps teams prevent breaches and meet the 555 Benchmark for cloud detection and response.

Contain compromised identities

Time is of the essence when dealing with a compromised account. Cloud Identity Insights provides security teams with prioritized containment options, from password resets to user deletion, helping them stop the attack before it spreads.

Prevent future attacks

Cloud Identity Insights helps prevent future identity abuse by analyzing the permissions exploited in a compromised account and recommending policy optimizations. This allows security analysts to identify risky roles and users in the environment.

Expanded Coverage Across Private, Public, and Hybrid Clouds

Stopping unknown threats early in the attack chain requires comprehensive coverage across private and public clouds, as well as the correlation between workloads, identities, platform as a service (PaaS), and cloud activity. With this new release, Sysdig is expanding its leadership in agent and agentless cloud-native application protection platform (CNAPP) instrumentation to help security teams detect and respond at cloud speed. 

Gain universal compatibility with eBPF 

Building on the company’s extensive contributions to eBPF, the universally compliant second-generation eBPF probe further simplifies deployment and gives organizations greater flexibility regarding where and how they develop cloud-native applications. This eBPF update offers extensive coverage of Linux and Windows hosts and Kubernetes nodes to deliver kernel-level visibility into workloads without cumbersome administrator privileges.

Scale confidently with the next-generation agent

Sysdig’s next-generation agent delivers the comprehensive visibility of a mature agent with the resource requirement of a lightweight sensor. It uses 50% fewer resources than the company’s already resource-light instrumentation while delivering real-time threat detection at the edge. Finally, it provides a unified agent experience across clusters and hosts, both in private cloud (OpenShift, VMware, etc.) and public cloud environments, providing comprehensive protection from uncovering vulnerabilities to identifying live attacks.

Unify threat detection with Falco

With this new release, Sysdig extends Falco to assess cloud and PaaS activity along with host, container, and Kubernetes activity. This unifies threat detection in a single language and allows defenders to spot sophisticated attacks that originate outside the customer’s cloud and ultimately make their way into the cloud estate.

Cloud Identity Insights and all mentioned features are available now. Interested customers should reach out to their Sysdig representative to learn more.

Sysdig 

In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real-time, instantly detecting changes in risk with runtime insights and open-source Falco. Sysdig, rated #1 for CSPM in the Gartner Peer Insights “Voice of a Customer” report, correlates signals across cloud workloads, identities, and services to uncover hidden attack paths and prioritize real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation.

Sysdig. Secure Every Second.

To share your insights with CyberTech Newsroom, please write to us at news@intentamplify.com