Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

March 2023

How to Detect SCARLETEEL with Sysdig Secure

The recent SCARLETEEL incident highlights the importance of detecting security threats early in the development cycle. With Terraform state files, attackers can easily access sensitive information and gain unauthorized access to your cloud infrastructure. In this case, the attackers exploited a containerized workload and used it to perform privilege escalation into an AWS account, stealing software and credentials.

CSI Container: Can you DFIR it?

Do you like detective series? Have you ever thought about them actually taking place in cybersecurity? What do you think of CSI on containers? Are you interested in how to apply Digital Forensics and Incident Response (DFIR) to containers and clusters? If all your answers are YES, you will love this article. The CloudNative SecurityCon occurred in early February 2023, where leading security experts gathered to present their latest research and projects.

SANS Cloud-Native Application Protection Platforms (CNAPP) Buyers Guide

The SANS Cloud-Native Application Protection Platforms (CNAPPs) Buyers Guide gives companies a deep dive into what to look for in a CNAPP solution. As organizations continue to shift towards integrated platform-based solutions for their cloud security needs, it becomes critical to evaluate whether a CNAPP solution meets all the requirements across use cases like posture management, permissions management, vulnerability management, and threat detection and response.

Guidelines: How to reduce the noise of Falco rules in Sysdig Secure

Rule tuning is one of the most important steps during the definition of the security posture. With the detection rules, it’s impossible to use a “one fits all” approach: every customer has a unique environment, with its peculiarities and business needs. So, when a new rule is released it’s crucial to understand the security use case behind the detection and reduce the false positives (FP) as much as possible. The Threat Research Team constantly checks if noise occurs.

What is Digital Forensics Incident Response? | Security Expert Reacts to DFIR

Digital Forensics and Incident Response? (DFIR) is the cybersecurity field that defines the process and the best practices to follow in order to deal with a cyber attack or a security breach. Join Miguel, a security expert watching a video about a cyber detective investigating a kubernetes breach, and find out what the culprit was!

Terraform Security Best Practices

Terraform is the de facto tool if you work with infrastructure as code (IaC). Regardless of the resource provider, it allows your organization to work with all of them simultaneously. One unquestionable aspect is Terraform security, since any configuration error can affect the entire infrastructure. In this article we want to explain the benefits of using Terraform, and provide guidance for using Terraform in a secure way by reference to some security best practices. Let’s get started!

Why CNAPP Needs Runtime Insights to Shift Left and Shield Right

There’s an important shift happening in the cloud security industry: organizations are looking for an integrated platform that connects the dots between several key security use cases from source through production. Whether it is for tool consolidation, consistent end-to-end experience, or “one throat to choke,” customers are increasingly choosing a platform-based approach to address critical cloud security risks.

Chaos Malware Quietly Evolves Persistence and Evasion Techniques

The name Chaos is being used for a ransomware strain, a remote access trojan (RAT), and now a DDoS malware variant too. Talk about chaos! In this case, Sysdig’s Threat Research Team captured attacks using the Chaos variant of the Kaiji botnet malware. There is very little reported information on this malware since September 2022, perhaps because of the unfortunately chaotic naming, or simply because it is relatively new. Kaiji malware was of Chinese origin in 2020 and is written in Golang.

DISA STIG compliance for Docker and Kubernetes with Sysdig Secure

What if a malicious threat actor would want to get into the U.S. Department of Defense’s (DoD) network. Could they do it? You may think this only happens in the movies, right? In this case, reality surpassed fiction. On Dec.20, 2018, the APT10 Group did exactly that. Members of APT10 stole personal, confidential information, including social security numbers and dates of birth, from over 100,000 Navy personnel.

Customer Corner: How Arkose Labs Implemented Runtime Security to Strengthen Its AWS Environment

Hear from Glen Arrowsmith, VP of IT and Security Engineering at Arkose Labs, about how the global leader in online account security and fraud detection uses Sysdig to secure and strengthen its AWS cloud environment. As its environment scaled, the Arkose Labs team needed to consolidate cloud and container security tools to save time and reduce risk.

Why the Wiz/SentinelOne Partnership Validates the Sysdig Approach

With today’s announcement of the Wiz/SentinelOne partnership and other recent launches, like Orca/ThreatOptix, we are seeing cloud security players publicly validate that they can no longer compete without a compelling runtime security solution. Agentless technology enabled young companies to solve the low-hanging fruit problem of periodic cloud security assessment.

MITRE ATT&CK and D3FEND for Cloud and Containers

MITRE ATT&CK and MITRE D3FEND are both frameworks developed by the non-profit organization MITRE, but they serve different purposes. If you are new to the MITRE ATT&CK framework and would like to brush up on some of the concepts first, we created a Learn Cloud Native article to help you on your journey. If you want to go further, here’s how Falco’s Cloudtrail rules align with MITRE ATT&CK.