Sysdig Delivers CNAPP with End-to-End Detection, Response

Sysdig, a leader in cloud security powered by runtime insights, today announces end-to-end detection and response embedded in its CNAPP. The company delivers the consolidation of cloud detection and response (CDR) and cloud-native application protection platforms (CNAPP), leveraging the power of open source Falco in agent and agentless deployment models.

This approach enables Sysdig to be a CNAPP platform that can detect threats instantly anywhere in the cloud with 360-degree visibility and correlation across workloads, identities, cloud services and third-party applications.

As organizations build out their cloud environments, they face sprawl, with hundreds of unchecked and potentially vulnerable applications, services, and identities. Most cloud security tools are slow to identify suspicious behavior, and once alerted organizations can spend hours, if not days, combing through snapshots trying to piecemeal together what happened.

Teams need a CNAPP that instantly and continuously understands the full context of the entire environment. With today’s announcement, Sysdig is consolidating CDR and CNAPP, giving teams a single platform that understands the entire application life cycle, puts the application at the center, and consolidates security tools around it.

Using its runtime insights, Sysdig makes better-informed decisions across the software life cycle.

Stop Breaches Instantly with End-to-End Threat Detection

  • Agentless cloud detection based on Falco – Created by Sysdig, Falco is an open source solution for cloud threat detection, under the stewardship of the Cloud Native Computing Foundation. Previously, to leverage the power of Falco within Sysdig, organizations had to deploy Falco on their infrastructure. With today’s release customers can access an agentless deployment of Falco when processing cloud logs, which are used to detect threats across cloud, identity, and the software supply chain, along with other sources.
  • Identity threat detection – With Sysdig Okta detections, security teams can protect against identity attacks, such as multifactor authentication fatigue caused by spamming and account takeover. Sysdig details the entire attack from user to impact by stitching Okta events with real-time cloud and container activity.
  • Software supply chain detection – Extend threat detection into the software supply chain with Sysdig GitHub detections. Developers and security teams can be alerted in real time of critical events, such as when a secret is pushed into a repository.
  • Enhanced Drift Control – Prevent common runtime attacks by blocking executables that were not in the original container.

Accelerate Cloud Investigations and Incident Response in Real Time

  • Live mapping – Sysdig brings an endpoint detection and response (EDR)-like approach of assembling all relevant real-time events into one view when a breach occurs. With Sysdig Live, teams can see their live infrastructure and workloads, as well as the relationships between them, to speed incident response.
  • Attack lineage with context – Sysdig Process Tree enables the rapid identification and eradication of threats by unveiling the attack journey from user to process, including process lineage, container and host information, malicious user details, and impact.
  • Curated threat dashboards – Dashboards provide a centralized view of critical security issues, spotlighting events across clouds, containers, Kubernetes, and hosts to enable threat prioritization in real time. Sysdig also provides dynamic mapping against the MITRE framework for cloud-native environments, so security teams know exactly what is happening at any given moment.

To learn more, read the blog, “Stop Cloud Breaches in Real Time and Accelerate Investigation and Response with Sysdig.” Or plan to attend one of Falco’s 30 global workshops, agentless cloud detection based on Falco.