Sysdig, the unified cloud and container security company, has announced end-to-end detection and response embedded in its CNAPP. The company is the first vendor to deliver the consolidation of cloud detection and response (CDR) and Cloud-Native Application Protection Platforms (CNAPP), leveraging the power of open source Falco in both agent and agentless deployment models. According to Sysdig, this approach enables the company to be the only CNAPP platform that can detect threats instantly anywhere in the cloud with 360-degree visibility and correlation across workloads, identities, cloud services, and third-party applications.

Stop Breaches Instantly with End-to-End Threat Detection

• Agentless cloud detection based on Falco: Created by Sysdig, Falco is a widely adopted open source solution for cloud threat detection, now under the stewardship of the Cloud Native Computing Foundation. Previously, to leverage the power of Falco within Sysdig, organizations had to deploy Falco on their infrastructure. With the release today, customers can access an agentless deployment of Falco when processing cloud logs, which are used to detect threats across cloud, identity, and the software supply chain, along with other sources.
• Identity threat detection: With new Sysdig Okta detections, security teams can protect against identity attacks, such as multifactor authentication fatigue caused by spamming and account takeover. Sysdig details the entire attack from user to impact by stitching Okta events with real-time cloud and container activity.
• Software supply chain detection: Extend threat detection into the software supply chain with new Sysdig GitHub detections. Developers and security teams can be alerted in real time of critical events, such as when a secret is pushed into a repository.
• Enhanced Drift Control: Prevent common runtime attacks by dynamically blocking executables that were not in the original container.

Accelerate Cloud Investigations and Incident Response in Real Time

• Live mapping: Sysdig brings an endpoint detection and response (EDR)-like approach of assembling all relevant real-time events into one view when a breach occurs. With Sysdig Live, teams can dynamically see their live infrastructure and workloads, as well as the relationships between them, to speed incident response.
• Attack lineage with context: Sysdig Process Tree enables the rapid identification and eradication of threats by unveiling the attack journey from user to process, including process lineage, container and host information, malicious user details, and impact.
• Curated threat dashboards: Dashboards provide a centralized view of critical security issues, spotlighting events across clouds, containers, Kubernetes, and hosts to enable threat prioritization in real time. Sysdig also provides dynamic mapping against the MITRE framework for cloud-native environments, so security teams know exactly what is happening at any given moment.