Sysdig Extends Reach of CNAPP Via Agentless Edition of Falco
Sysdig today extended the reach of its cloud-native application protection platform (CNAPP) using an agentless implementation of the Falco engine it created to protect runtime environments.
Announced at the Gartner Security and Risk Summit conference, that addition, for the first time, brings real-time cloud detection and response capabilities to the platform.
Those capabilities make it possible to detail and protect against, for example, identity attacks such as multifactor authentication fatigue caused by spamming and account takeover attempts aimed at the Okta identity management platform.
In addition, integrations with the GitHub software repository can be used to, for example, generate an alert when an application secret has been inadvertently shared.
Sysdig has also enhanced its drift control capabilities by making it possible to dynamically block executables that were not in a container when it was first created.
Finally, Sysdig is making available the ability to assemble all relevant real-time events into one view when a breach occurs via a Sysdig Live tool, providing access to a set of dashboards for tracking specific types of threats and tools that surface attack paths.
Pawan Shankar, senior director of product marketing for Sysdig, said time is always of the essence when it comes to cybersecurity. The agentless implementation of Falco makes it possible for cybersecurity teams to respond instantly to changes in an IT environment to prevent breaches from occurring. That agentless implementation of Falco provides additional capabilities alongside an existing agent-based implementation. That eliminates the need to debate the merits of one approach versus the other, added Shankar. Cybersecurity teams can now use both approaches to respond to threats and attacks in real-time as they unfold, he added. Falco is an open source platform that is being advanced under the auspices of the Cloud Native Computing Foundation (CNCF).
As a category of security platforms coined by Gartner, CNAPPs aggregate two types of security platforms: Cloud security posture management (CSPM) platforms—already used by many organizations to surface misconfigurations and other vulnerabilities that cybercriminals could potentially exploit—and cloud workload protection platforms (CWPP) that protect a workload running on either a virtual machine or encapsulated in a container. The Sysdig CNAPP is designed to protect both legacy monolithic applications as well as emerging cloud-native applications, noted Shankar.
Interest in CNAPPs has risen sharply as the number of workloads deployed in the cloud and concerns about the total cost of cybersecurity have increased. Many cybersecurity teams now view CNAPPs as a means to consolidate a range of point products’ capabilities that are rapidly becoming features of a larger CNAPP. That approach also serves to reduce the total cost of cybersecurity as many organizations are trying to limit spending on IT. There is generally less pressure to reduce the cost of cybersecurity, but as always, cybersecurity teams are looking for ways to become more efficient by, for example, reducing the time and effort required to integrate point products.
It’s too early to tell how quickly organizations are transitioning to CNAPPs, but as the number of attack surfaces that need to be defended continues to increase, the need to centralize cybersecurity management is becoming much more apparent.
