Cloud security company Sysdig is launching a new and improved cloud-native investigation process designed to reduce incident analysis time to just five minutes.
By visualizing a specific incident in the Sysdig Cloud Attack Graph, security analysts can gain a dynamic view of the relationships between resources to better understand the kill chain and potential lateral movement across the cloud environment.
Additionally, overlays of detections, vulnerabilities, and misconfigurations help responders see where the threat may have originated and how the threat actor was able to continue the attack.
Automatic correlation between cloud events and location-aware identities highlights things like unusual logins, impossible travel scenarios, and malicious IP addresses. Users gain a clearer understanding of what threat actors are doing in their infrastructure.
Sysdig delivers rich, comprehensive forensic data linked across activity audits, syscall snapshots, process trees, and beyond. This accelerates cloud-native investigations by automating cross-environment correlation between resources, events, identities, poses, and vulnerability data.
Ryan Davis, Vice President of Product Marketing at Sysdig, says:
There is no way to stay on top of every misconfiguration, insecure API, or alert sent to them. What works locally won't work in the cloud. This puts security teams under tremendous pressure. Every problem they face has the potential to be catastrophic, so they must do two things: filter out the noise by prioritizing the things that matter most and automate where they can.
Filtering out the noise requires understanding what's actually happening at runtime and prioritizing vulnerabilities. With Sysdig, security teams can filter down to what is actually in use, is exploitable, and has a known fix they can implement, thus filtering out 95 percent of the noise. This gives organizations the time they need to deal with those serious issues that can lead to business collapse.
Security automation starts with artificial intelligence. There are a lot of manual tasks that security teams get stuck in and get overwhelmed with – things like writing report statuses, analyzing data, checking compliance, etc. But the next level of AI value is when AI helps security teams become more effective. Security teams can leverage products that use AI to monitor events or understand what a security user needs to suggest actions to take. As attackers begin to leverage AI to automate their attacks and make them more efficient and faster, security teams must do the same to keep up and scale in a way that improves their overall efficiency and effectiveness. Leveraging AI can also help avoid burnout.
You can learn more on the Sysdig website.
Image credit: Alexandersikov/Dreamstime.com
