2 min Security

Sysdig update enables incident analysis within five minutes

Sysdig update enables incident analysis within five minutes

An update to Sysdig’s offering should save security teams a lot of time. New cloud-native detection features are designed to reduce the time required for incident analysis to 5 minutes.

Sysdig maps out why an accelerated detection service in the cloud is necessary. First, security teams struggle with correlating data from different tools and services. Second, it is difficult to find attack paths and understand how an attacker has been able to move laterally in the IT network.

Five minutes needed, or else…

The ambitious goal of clearing an investigation in just 300 seconds does not come out of the blue. According to Sysdig, such speed is necessary to prevent attacks from getting more severe. EDR/XDR and SIEM solutions are allegedly too slow to stop a cloud attacker in time. Sysdig says real-time insights into cloud and log events can only be done with a cloud-native application. The company is, therefore, supplementing its own offering starting today with three specific extensions.

Three extensions

Attack Chain Visualization places an attack path in the Sysdig Cloud Attack Graph. This should make it clear to security specialists how an attack took place and how different layers of the IT infrastructure relate to each other in this regard.

Real-time Identity Correlation addresses the problem of cloud and workload events not always being linked to identities. Sysdig will now automatically include this context, such as unusual log-ins, impossible physical moves and malicious IP addresses. With this functionality, Sysdig should ensure it is completely clear exactly what an attacker is trying to do.

Investigation Workflow Optimization, meanwhile, aims to break silos. Centralizing, enriching, and correlating identities is necessary to make them transparent to different IT teams. Departments that track events, maintain security and manage the platform speak the same language with this addition of Sysdig.

“When it comes to outpacing attacks in the cloud, anything less than real-time detection and automated correlation across multiple domains puts organizations at a grave disadvantage,” said Jamie Butler, Head of Runtime Protection and Response Strategy at Sysdig. “Enhanced cloud-native investigation enables enterprises to quickly assess real-time threats, easily explore deep context-driven attack narratives, and precisely respond at cloud speed.”

Also read: Sysdig automates security for cloud-based IaC environments