Sysdig launches Cloud Identity Insights to boost cloud security
Sysdig has announced the launch of Cloud Identity Insights, an enhancement of its existing cloud detection and response (CDR) capabilities.
This new feature, integrated with Sysdig's real-time cloud security system, aims to correlate identity behaviour with workload activity and cloud resources to swiftly detect and contain compromised identities.
Cloud Identity Insights, powered by open-source Falco, builds upon Sysdig's enterprise-ready agent by utilising 50% fewer resources and supports both universally compliant second-generation eBPF probes and open-source Falco. This update comes in response to a significant rise in human and machine identities over the past year, which has increased by 240%, posing new challenges for security teams.
"Identity is the connective tissue between detection and prevention," stated Shantanu Gattani, Vice President of Product Management at Sysdig. "Quarantining compromised identities is critical for both containing attacks in motion and stopping them in the future. With a 240% upsurge in human and machine identities over the last year, understanding which identities are compromised is a challenge in and of itself."
"Identity abuse informs everything from an immediate and targeted threat response to a comprehensive and effective Zero Trust cloud strategy. That's exactly where we enable security teams with Cloud Identity Insights."
Statistics underline the necessity of this feature, as nearly 40% of cloud breaches begin with exploited credentials, making them a primary entry point for attackers. Traditionally, cloud defenders have struggled with a lack of insight into identities, their behaviours, and their interactions with other cloud activities. This separation often allows attackers to remain undetected as they navigate through the cloud environment.
Cloud Identity Insights aims to mitigate this issue by rapidly identifying suspicious user activity, often the earliest indicator of a security breach. It alerts users to potential reconnaissance actions and the creation of privileged users, which are frequently early signs of a breach. By correlating events with identities in real time, the tool enables teams to comply with the 555 Benchmark for cloud detection and response.
Once a compromised identity is detected, prompt containment is crucial. Sysdig's solution allows security teams to quickly assess and respond to threats, implementing suggested containment actions ranging from forced password resets to user deactivation or deletion. Furthermore, every identity remediation provides valuable context for preventing future identity abuse, with the tool automatically recommending smart policy optimisations based on the permissions exploited during the incident.
Sysdig aims to offer comprehensive coverage across private, public, and hybrid clouds, recognising the need to stop unknown threats early in the attack chain. The new release extends this capability across various cloud environments and correlates workloads, identities, platform as a service (PaaS), and other cloud activities. This expansion is crucial for early detection and response to threats at cloud speed.
The universally compliant second-generation eBPF probe introduced with this release offers wider Linux and Windows host coverage and Kubernetes node coverage. This update delivers kernel-level visibility into workloads without requiring administrator privileges. The next-generation agent provides mature agent-level visibility using 50% fewer resources and ensures real-time threat detection at the edge, unifying the agent experience across both private and public cloud environments.
In addition, the release furthers the integration of Falco, extending its application to include cloud and PaaS activities, alongside host, container, and Kubernetes activities. This unification of threat detection aims to help defenders identify complex attacks that originate outside the customer's cloud environment and infiltrate the cloud estate.
Cloud Identity Insights is now available, and Sysdig encourages interested customers to reach out to their representatives to learn more about the new features. The enhancement promises more efficient and effective cloud security management to help organisations tackle the growing complexity of cloud-based threats.