Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

January 2024

Sysdig Identifies a Cloud-Native Security Crossroads: Best Practices vs. Convenience and Speed

Sysdig’s seventh annual Cloud-Native Security and Usage Report identifies how customers are developing, using, and securing cloud-native applications and environments. We analyze data from millions of containers and thousands of accounts and publish the most pertinent information for you. Security practitioners and leaders look forward to this report to identify trends and make adjustments to their cloud security strategy.

Runtime Is The Way

The cloud security market has been totally bizarre ever since it started. Why are we being given a python script to count our workloads? How do we handle sending alerts like “new unencrypted database” to a SOC? What’s the difference between this tool and the open source options? We’re all learning together about the new processes, tools, and deployments that would define the future.

Threat Detection on a Cloud-Native Attack Surface

Public cloud infrastructure is, by now, the default approach to both spinning up a new venture from scratch and rapidly scaling your business. From a security perspective, this is a brand new (well, by now more than a decade old) attack surface. “Attack surface” is a commonly used term that denotes the aggregate of your exploitable IT estate, or all of the different pathways a hacker might be able to use to gain access to your systems, steal your data, or otherwise harm your business.

SEC's Cyber Wake-up Call: The Evolving Role of the CISO (LIVE)

Join us for a LinkedIn Live panel discussion between industry experts Matt Stamper (CEO, Executive Advisors Group LLC), Colleen Lam (General Counsel, Sysdig), and Andrew Thorpe (Partner at Gunderson Dettmer and former Special Council at the SEC), as they dissect the seismic shifts in the cybersecurity landscape post the SEC's updated guidelines and the Solarwinds complaint.

How Financial Services Organizations Can Stay Compliant - Without Sacrificing Security

The stakes couldn’t be higher for financial services organizations. They have to protect customers’ money and privacy, while complying with technical requirements and governmental regulations. Complying with all those requirements poses a major, ongoing challenge for security teams, which are already under pressure to do more with less. Cybercrime continues to grow, with every industry falling victim, at one time or another.

Sysdig Stands Alone: GigaOm Names Sysdig a Leader and Outperformer for Cloud Workload Security

If you follow cloud security, you know the market can be challenging to navigate, as security needs are often complex, span multiple teams, and demand new processes to pair with the expanding roster of technologies Fortunately, the market is starting to mature and coalesce around unifying cloud security technologies that bring together visibility across cloud infrastructure, containers, hosts, and identities.

Fuzzing and Bypassing the AWS WAF

The Sysdig Threat Research Team discovered techniques that allowed the AWS WAF to be bypassed using a specialized DOM event. Web Application Firewalls (WAFs) serve as the first line of defense for your web applications, acting as a filter between your application and incoming web traffic to protect against unauthorized or malicious activity. In this blog post, we will analyze one of the most commonly used Web Application Firewalls, the AWS WAF, and explain ways that allowed it to be bypassed.