Sysdig has injected unified threat detection capabilities to its Secure DevOps Platform, introducing continuous cloud security posture management (CSPM). It brings features to combat so-called lateral movement attacks, where an attacker uses a vulnerable application as a stepping stone to reach other resources.
The Secure DevOps Platform has combined security and compliance capabilities with performance and capacity monitoring, to create a secure DevOps workflow for containerised application deployments using Kubernetes, either on-premises or in the cloud.
With new Continuous CSPM features, Sysdig said it unifies the incident timeline, reducing the time to detect threats across clouds and containers.
The new features include:
- Cloud Security Posture Management for AWS. This is based on the open source Cloud Custodian rules engine that is widely used to define policies in AWS environments. It has added cloud asset discovery, cloud services posture assessment, and compliance validation capabilities. As well as automatically discovering cloud services, it was created to flag up misconfigured services and violations of compliance and regulatory requirements.
- Multi-Cloud Threat Detection for AWS and GCP is based on the Falco runtime security tool that Sysdig itself created, which detects unexpected application behaviour. Sysdig has added support for threat detection using audit logs on Google Cloud Platform (GCP), in addition to AWS CloudTrail support. According to Sysdig, security teams can use it to continuously detect suspicious activity or configuration changes across their infrastructure without relying on a periodic configuration check that may miss some misconfigured services or settings.
- Cloud Risk Insights has provided new visual insights across connected cloud and container security incidents, enabling security teams to see the entirety of any attack. Sysdig cited the example of a hacker exploiting a container vulnerability to gain access the cloud, then elevating privileges and performing actions such as cryptomining on a Kubernetes cluster. Cloud Risk Insights classifies incidents based on severity levels, allowing teams to prioritise what to investigate and respond to first.
Sysdig CSPM is available now, and the company is offering a free tier for a single account. The free tier includes a daily check against CIS benchmarks and continuous threat detection to ensure the cloud environment is fully protected at all times. The free tier includes inline scanning for AWS Fargate and Elastic Container Registry (ECR) images, for up to 250 images a month.