Sysdig Adds Ability to Detect Threats in Real-Time to CNAPP
Sysdig today extended its cloud-native application protection platform (CNAPP) to include a Cloud Attack Graph capability that enables cybersecurity teams to visually track attack paths in real-time.
In addition, the company added a cloud inventory tool to surface issues such as instances of a critical vulnerability that is running or roles with unused credentials.
Finally, Sysdig also added an agentless scanning capability to scan hosts to identify, for example, misconfigurations, as a complement to its existing agent software. The agentless capability can analyze file access, network connections, active processes and workload attributes in real-time in addition to identifying vulnerabilities that are not actually being used in a production environment or in an external-facing application.
Nick Fisher, senior director of product marketing for Sysdig, said at this juncture the agent versus agentless debate is a false dichotomy as it becomes clear that each approach addresses different requirements. The issue is to enable cybersecurity teams to identify and respond to attacks in real-time in an era where massive amounts of damage can be inflicted in minutes, he added.
The Cloud Attack Graph automatically prioritizes the level of risk each of those attacks represents as events, vulnerabilities and permissions granted are tracked in real-time, Fisher noted. In effect, any blind spot that a cybersecurity team may have can now be eliminated, he added.
Sysdig is making a case for a CNAPP that extends from the platform it originally created to protect runtimes. The company is now extending that platform to add a range of detection capabilities that previously would have required a separate cloud security posture management (CSPM) platform.
CNAPPs have emerged as a vehicle for consolidating multiple point products into a single framework that is simpler to centrally manage. In addition to reducing the number of tools that need to be licensed, the goal is to make it easier for smaller teams of cybersecurity professionals to manage a wider range of processes and reduce the total cost of cybersecurity.
There is, of course, already no shortage of CNAPPs, but it’s not clear whether organizations are embracing these platforms in place of their existing legacy tools. However, the need to take advantage of machine learning algorithms and other forms of artificial intelligence (AI) to combat threats is likely to soon force a transition to a CNAPP that can aggregate enough data to train an AI model.
Each organization will naturally have to decide how quickly that transition should be made, but cybersecurity threats continuously evolve. The defenses that organizations put in place several years ago may not be as effective as a modern platform that addresses a wider range of threats. The challenge is that many organizations become overly attached to legacy platforms that are now being either bypassed or evaded as the threats and techniques used by cybercriminals evolve. The only thing that remains to be seen is how soon any given cybersecurity team is going to reach that conclusion.