Sysdig, the leader in real-time cloud security, today announced the launch of Cloud Identity Insights, an expansion of its cloud detection and response (CDR) capabilities designed to correlate identity behavior with workload activity and cloud resources. Cloud Identity Insights can instantly detect compromised identities, help contain them in real time, and leverage smart policy optimization to prevent future breaches. This deep and broad coverage is made possible by the next generation of Sysdig’s proven enterprise-ready agent, launched today. This next-gen agent builds on the company’s lightweight instrumentation to use 50% fewer resources and is supported by both a universally compliant second-generation eBPF probe and open source Falco.
“Identity is the connective tissue between detection and prevention,” said Shantanu Gattani, Vice President of Product Management at Sysdig. “Quarantining compromised identities is critical for both containing attacks in motion and stopping them in the future, but with a 240% upsurge in human and machine identities over the last year [1], understanding which identities are compromised is a challenge in and of itself. Identity abuse informs everything from an immediate and targeted threat response to a comprehensive and effective Zero Trust cloud strategy – that’s exactly where we enable security teams with Cloud Identity Insights.”
Sysdig Cloud Identity Insights
Also Read: Strata Identity Named Best IAM Solution in 2024 Cloud Security Awards
When it comes to cloud attacks, nearly 40% of breaches start with exploited credentials [2] – this makes them the most common entry point for attackers. Cloud defenders, however, face a distinct lack of insight into identities, their associated behavior, and their relation to other cloud activities. Identity insights are often decoupled from workloads, a fatal flaw that empowers attackers to stay hidden as they move quietly across the cloud.
- Detect compromise in seconds to preempt attacks: Suspicious user activity is often the first indicator of a breach. Cloud Identity Insights immediately alerts users to reconnaissance actions and privileged user creation, often early indicators of a breach. By automatically correlating events to identities in real time, Sysdig enables teams to comply with the 555 Benchmark for cloud detection and response.
- Contain compromised identities: Once a compromised account has been detected, security teams have seconds to contain it before the attack escalates. With Sysdig Cloud Identity Insights, teams can outpace attackers by swiftly prioritizing and responding with suggested containment actions that range in severity from forced password resets to user deactivation or deletion.
- Prevent future attacks: Each identity remediation gives security analysts the opportunity to prevent future identity abuse with insightful context. Cloud Identity Insights automatically recommends smart policy optimization by evaluating the permissions exploited by a compromised account during the incident, and highlights the riskiest roles and users in the environment.
Expanded Coverage Across Private, Public, and Hybrid Clouds
Stopping unknown threats early in the attack chain requires comprehensive coverage across private and public clouds, as well as correlation between workloads, identities, platform as a service (PaaS), and cloud activity. With this new release, Sysdig is expanding its leadership in agent and agentless cloud-native application protection platform (CNAPP) instrumentation to help security teams detect and respond at cloud speed.
SOURCE: Businesswire