Sysdig unveils cloud attack graph based on real-time threat data

Cloud security vendor Sysdig has added a new attack graph to its cloud-native application protection platform (CNAPP). The graph provides real-time cloud attack path analysis and live risk prioritization across assets, users, and activity, according to the firm. Sysdig has also released a new cloud inventory that offers cloud visibility with integrated search to surface information, as well as agentless scanning, it said in a press release.

Cloud environments are increasingly complex, as are the cloud security threats that organizations face. Attackers exploit the complexity and automation of the cloud to move laterally, elevate privileges, and maximize blast radiuses.

In June, Aqua Security’s 2023 Cloud Native Threat Report revealed that threat actors are investing resources to evade cloud security defenses, concealing campaigns and avoiding detection to establish a stronger foothold in compromised systems. Meanwhile, various areas in the cloud software supply chain remain vulnerable to compromise and pose significant threats to organizations, the report found.

New capabilities center on real-time cloud risks

Sysdig’s new cloud security features are centred on real-time risk response and management, the vendor claimed. “Prevention is necessary, but it won’t catch everything given the speed of the cloud,” said David Quisenberry, senior manager of information security at apree health. “We also need to be ready to defend in real time. Cloud security requires tools that connect dots and provide context, but the key is that it must be in real time.”

The firm said that the new cloud attack graph functions as the neural center of the Sysdig CNAPP, applying multidomain correlation to identify threats in real time. The graph layers instant detections, in-use vulnerabilities, and in-use permissions to connect risk data across environments and help customers diffuse threats before they escalate, Sysdig added. A stack-ranked list of risks prioritizes the order in which threats should be addressed, while a visual representation of exploitable dependencies across resources helps to reveal potential attack paths.

Inventory can help check for vulnerabilities

Sysdig’s new cloud inventory provides a searchable list of all resources in a cloud environment across users, workloads, hosts, and infrastructure as code, according to the vendor. The inventory can also be used to quickly check exposure to vulnerabilities, such as identifying all instances of Log4j in packages in use and exposed to the internet, the company said. Customers can then dig deeper into potentially compromised workloads with a real-time view of associated misconfigurations, compliance violations, and vulnerabilities.

Finally, Sysdig’s agentless scanning capabilities have been expanded to include host scanning, highlighting vulnerabilities, misconfigurations, in-use permissions, and threats. Meanwhile, the scalable agent delivers real-time analysis of file access, network connections, and active processes in addition to other workload attributes, filtering out unused package vulnerabilities for prioritized protection.