The last few months at Sysdig have seen incredible product velocity as we accelerate our vision to create the leading cloud security platform, also known by the Gartner category Cloud-Native Application Protection Platform (CNAPP). In June, we enhanced our platform with end-to-end detection and response. Today, we are thrilled to unveil a suite of new capabilities powered by runtime insights: Skip ahead to the launch details!
This is how Maya, a devSecOps team lead at one of the prominent software development companies, started her presentation in front of Security leaders to show how the Agentless vulnerability management approach helped her: In this blog post, we’ll introduce you to Sysdig’s new Agentless scanning for vulnerability management.
While the cloud serves as a powerful accelerator for businesses, it also speeds up threat actors. Automation and an ever-increasing level of sophistication allow threat actors to execute complex attack chains in merely minutes, sometimes even less.The risk factors are amplified by the ability to chain together exploits and quickly move laterally in cloud environments, where a single breach could lead to a business critical compromise.
See how Sysdig’s improved inventory can help you find your way inside your ever-growing cloud infrastructure with minimal effort.
Attackers are increasing their focus on the growing cloud playing field as it becomes more lucrative. They are refining their craft to further accelerate attacks with methods like artificial intelligence and automation. Slow response times, limited coverage, and visibility gaps, often exacerbated by inadequate and fragmented tooling, allow attackers to make quick work of vulnerable environments.
According to CSO the fines incurred for data breaches or non-compliance with security and privacy laws, for only a handful of companies, has cost $4.4 billion. The global average cost of a data breach in 2023 was $4.45 million, a 15% increase over 3 years (IBM). The challenge for organizations is how to safeguard sensitive information while adhering to the law, but without compromising innovation. Cyber threats loom large, affecting businesses in every industry.
The Sysdig Threat Research Team (TRT) has uncovered a novel cloud-native cryptojacking operation which they’ve named AMBERSQUID. This operation leverages AWS services not commonly used by attackers, such as AWS Amplify, AWS Fargate, and Amazon SageMaker. The uncommon nature of these services means that they are often overlooked from a security perspective, and the AMBERSQUID operation can cost victims more than $10,000/day.
In this blog post, we will take a comprehensive dive into a real-world cyber attack that reverberated across the digital realm – SCARLETEEL. Through an in-depth analysis of this notorious incident using the MITRE ATT&CK framework, we aim to unearth invaluable insights into the operational tactics of cyber adversaries.
It’s not a mystery that eBPF (Extended Berkeley Packet Filter) is a powerful technology, and given its nature, it can be used for good and bad purposes. In this article, we will explore some of the offensive capabilities that eBPF can provide to an attacker and how to defend against them.
