How long does it take your security teams to detect a potential threat, correlate relevant data, and initiate a response action? The 555 Benchmark for Cloud Detection and Response challenges organizations to detect a threat within 5 seconds, correlate data within 5 minutes, and initiate a response within 5 minutes. It is not just something you can implement or use to solve your cloud security struggles. It is about testing and improving your cloud security operations and processes.

Cloud breaches continue to rise unabated as organizations adopt hybrid cloud strategies. Many organizations have tried to simply extend their preexisting on-premises security into the cloud, but the cloud is a fundamentally different environment for security. It’s faster, more complex, and more dynamic, with an ever-increasing attack surface. Striking first means adversaries have a head start by default, leaving organizations only a fraction of time to investigate and initiate a response.

Cloud migration and continuous innovation provide organizations with substantial gains in speed, scalability, and cost (to name a few). Most security teams have no choice but to make the jump to the cloud, in at least some capacity, to support and protect this rapidly expanding attack surface. But organizations and security teams aren’t alone. Threat actors have been readily adapting their craft to take advantage of cloud speed.

Some organizations are just beginning their migration to the cloud, while others are already firmly settled there, but almost everyone is in the cloud in some capacity by now. And for good reason: the cloud creates substantial advantages in speed, scalability, and cost. But the sobering reality is that modern threat actors have also made gains from migrating to the cloud. By weaponizing cloud automation, these threat actors can fully execute an attack in 10 minutes or less.

To bolster the security of AI workloads in the cloud, Sysdig has extended its recently launched AI Workload Security to AWS AI services, including Amazon Bedrock, Amazon SageMaker, and Amazon Q. This enhancement helps AWS AI service users secure AI workloads and keep pace with the speed of AI evolution.

Digital compliance has become a significant focus for any organisation providing or consuming digital products and services in Europe. With the continuous evolution of digital technology, businesses increasingly struggle to stay on the right side of the law and operate resiliently. So, strategic navigation is crucial.

Remember Wireshark from the good old days of your IT degree or early engineering adventures? Well, guess what? It’s still kicking and just as relevant today as it was back then, and guess what else? It is still open source! Do your engineering or security teams use it? There’s a good chance they do if you’re on-premises. Believe it or not, Wireshark isn’t just for the land of wires and cables anymore. With some help from Falco and Kubernetes, it has a place in the cloud SOC.

Container security has experienced significant transformation over the past decade. From the emergence of foundational tools like Docker to the maturation of orchestration platforms such as Kubernetes, the container security landscape looks different than it did even a few years ago. With Gartner predicting 95% of organizations will be running containerized applications in production by 2028, it’s clear that container security is going to be a key priority for most organizations moving forward.

“What’s New in Sysdig” is back with the May 2024 edition! My name is Dustin Krysak. I’m a Customer Solutions Engineer based in Vancouver, BC, and I’m excited to share our latest updates. The Sysdig Threat Research Team (TRT) has been busy recently investigating and analyzing new security threats. Their research has uncovered notable vulnerabilities and attack vectors, which they’ve shared insights about through the Sysdig blog.

In March 2024, the Sysdig Threat Research Team (TRT) began observing attacks against one of our Hadoop honeypot services from the domain “rebirthltdio). The threat actors operating the botnet are financially motivated and advertise their service primarily to the video gaming community, although there is no evidence that this botnet is not being purchased beyond gaming-related purposes, and organizations may still be at risk of falling victim to these botnets attacks.