Connect with us

Hi, what are you looking for?


Cloud Security

Sysdig Launches Realtime Attack Graph for Cloud Environments

Sysdig enhanced its existing CNAPP offering with a cloud attack graph, risk prioritization, attack path analysis, a searchable inventory, and complete agentless scanning.

Cloud security firm Sysdig has enhanced the cloud detection and response capabilities of its CNAPP offering with a realtime cloud attack graph. This serves two primary purposes: the ongoing ability to locate and harden potential attack paths; and the ability to detect and remediate an existing attack in realtime.

The full list of enhancements to the existing CNAPP comprises the cloud attack graph, risk prioritization, attack path analysis, a searchable inventory, and complete agentless scanning. The most dramatic is the realtime visual graph. 

“If you’re just dealing with misconfigurations or vulnerabilities, this will help you prioritize what to fix,” Knox Anderson, VP of product management at Sysdig, told SecurityWeek. Getting started is quick and easy. With agentless scanning, “You can give us credentials to your cloud account, and within minutes, we’ll start to understand what you have deployed and the misconfigurations that exist. Then, within the first couple of days, you’ll start to understand the potential hotspots that need attention, and you can start driving remediation. After that, we typically see customers deploying agents for deeper visibility to find out more about the activity that’s happening in their environment. But,” he added, “most cloud environments are a mess.” 

It would take time to fix everything, and in the meantime, unfixed vulnerabilities could be attacked. According to an associated blog, “Cloud attackers are spending less than 10 minutes to execute an attack. Compare this to the median dwell time on-premises of 16 days (Mandiant).” Defenders need to be able to detect and stop a cloud attack in almost realtime.

Detection is already available through the Falco runtime insights built into the CNAPP. The new attack graph can pinpoint a compromise and immediately and visually display actual or potential lateral movement toward specific assets. This visualization comes with recommendations for defensive action — it allows the defender to use the very same qualities of cloud infrastructures that make attacks so rapid, to make defense equally rapid.”

“If you suffer a breach and get alerted in seconds and minutes, you can take that server offline or kill the container or change your permissions instantly,” continued Anderson. “You can take advantage of the speed of changing infrastructure in the cloud that you would normally use for development and provisioning.”

But this all depends on being able to detect, understand the attackers’ lateral movement, and quantify the potential blast radius in realtime.

“Security teams need a tool that sees everything, correlates it, and distills it into actionable insights within seconds,” said Anderson. “Context and speed are everything in the cloud, making runtime insights a critical capability for cloud security.” 

This is the purpose of Sysdig’s new Cloud Attack Graph: “The Cloud Attack Graph’s real-time insights expedite accurate detection of complex attacks and accelerate incident response,” claims the blog.

Related: Investors Betting Big on Upwind for CNAPP Tech

Advertisement. Scroll to continue reading.

Related: Sysdig Introduces CNAPP With Realtime CDR

Related: Finding Your Way in Cloud Security

Related: These Are the Top Five Cloud Security Risks, Qualys Says

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.