As organizations continue to look for consolidated platforms to address their security needs, an important shift has happened. Customers have discovered that traditional tools focusing exclusively on static risks (such as misconfigurations, policy/control failures, and network exposure) are not enough to address today’s dynamic cloud threats.

Enterprises today face significant challenges in managing, governing, and securing corporate data. Data moves and is shared more ubiquitously than we likely recognize. Through the use of large language models (LLMs), shared with third-party vendors, or exposed on the dark web, there are blind spots that hinder the security and IT teams’ visibility into where data resides and how and by whom it’s accessed.

Containerized applications deliver exceptional speed and flexibility, but they also bring complex security challenges, particularly in managing and mitigating vulnerabilities within container images. To tackle these issues, we are excited to introduce Layered Analysis — an important enhancement that provides precise and actionable security insights.

The Sysdig Threat Research Team (TRT) is on a mission to help secure innovation at cloud speeds. A group of some of the industry’s most elite threat researchers, the Sysdig TRT discovers and educates on the latest cloud-native security threats, vulnerabilities, and attack patterns. We are fiercely passionate about security and committed to the cause. Stay up to date here on the latest insights, trends to monitor, and crucial best practices for securing your cloud-native environments.

The Sysdig Threat Research Team (TRT) continued observation of the SSH-Snake threat actor we first identified in February 2024. New discoveries showed that the threat actor behind the initial attack expanded its operations greatly, justifying an identifier to further track and report on the actor and campaigns: CRYSTALRAY. This actor previously leveraged the SSH-Snake open source software (OSS) penetration testing tool during a campaign exploiting Confluence vulnerabilities.

On July 1st, the Qualys’s security team announced CVE-2024-6387, a remotely exploitable vulnerability in the OpenSSH server. This critical vulnerability is nicknamed “regreSSHion” because the root cause is an accidental removal of code that fixed a much earlier vulnerability CVE-2006-5051 back in 2006. The race condition affects the default configuration of sshd (the daemon program for SSH).

For the Sysdig Customer Success team, our mission is simple: ensuring that our customers get the most value from our product. Usually that means helping them use the product, answering questions, and requesting feature enhancements. In our line of work, sometimes you have to throw out the usual playbook to make things happen. This particular story started when we noticed a change in a customer’s agent usage.

In the last decade, outsourcing to third parties–especially in the gig economy–has taken over key functions that enterprises used to handle internally. Today’s companies are frequently virtual–using third-party services that span the likes of application development, back-office corporate functions, contract manufacturing and research, marketing, and core IT services.

This is an analysis of the impacts and implications on cybersecurity practices, benefits, challenges, and how to deal with the transition to the new NIST CSF 2.0 framework. NIST released an update to its Cyber Security Framework (CSF) in February 2024. Two of the most obvious takeaways from this version are the addition of a new pillar and the expansion of its application beyond critical infrastructure.

How long does it take your security teams to detect a potential threat, correlate relevant data, and initiate a response action? The 555 Benchmark for Cloud Detection and Response challenges organizations to detect a threat within 5 seconds, correlate data within 5 minutes, and initiate a response within 5 minutes. It is not just something you can implement or use to solve your cloud security struggles. It is about testing and improving your cloud security operations and processes.