Christophe Baroux, Sysdig: As businesses move to the cloud, traditional standards become outdated and too slow
March 2024 by Marc Jacob
For its second participation in the InCyber Forum 2024 Sysdig will present Sysdig Secure CNAPP. This solution is a cloud-native application protection platform (CNAPP). However, his main news will be his Graduation of Falco. With this award, Falco joins the list of foundational security tools such as Kubernetes, Prometheus and Envoy – all supported by the cloud-native community. According to Christophe Baroux, SEMEA Sales Director at Sysdig as companies move to the cloud, traditional standards become obsolete and too slow.
Global Security Mag: What will you be presenting at the 2024 InCyber Forum?
Christophe Baroux : We’re in Lille for the second year running to meet French players in the cybersecurity sector.
2024 is a special year for Sysdig: the graduation of Falco is a milestone for our company and also for the developer community. This open source cybersecurity software, originally developed by Sysdig, is leaving its incubation status to become a project in its own right in the Cloud Native Computing Foundation (CNCF).
The Falco Security OSS project, which entered incubation in 2020 but was created in 2016, has surpassed the 100 million download mark and gained hundreds of active code contributors since joining the CNCF. The CNCF carried out technical due diligence on the project, was audited on its security and followed the organization’s recommendations for the product to be licensed under the GPL.
Thanks to this award, Falco joins the list of fundamental security tools such as Kubernetes, Prometheus and Envoy - all supported by the cloud-native community.
Once again this year, the findings of our Sysdig 2024 Cloud-Native Security and Usage Report are edifying. Based on real data, this seventh annual report details the dangerous practice of companies putting convenience ahead of preventive security in order to speed up application development.
I’d like to share with you a few points that I found interesting:
● 91% of runtime analyses fail. This rate is higher than what we’re seeing for build scans, which means that teams seem to be relying more on threat detection than prevention. In other words, shift-left does not seem to be happening broadly.
● Only 2% of authorisations granted are used. Identity management, for both humans and machines, has become the most neglected attack risk in the cloud. In 2022, Sysdig found that 90% of permissions were not used, compared with 98% in 2023.
And one aspect of our study is directly linked to the theme of In-Cyber 2024: artificial intelligence. It should be noted that 69% of companies have not yet integrated AI into their cloud environment. Only 31% of companies have integrated AI structures and modules, but only 15% of these integrations are used for generative AI tools such as large language models (LLMs). Considering the risk acceptance described in this report, organizations are ignoring good security practices but remain cautious when it comes to implementing artificial intelligence.
Global Security Mag: What are the highlights of the solutions you will be presenting?
Christophe Baroux : Sysdig has one flagship product called Sysdig Secure. This solution is a Cloud Native Application Protection Platform (CNAPP). It prevents, detects and stops security attacks in the cloud thanks to its in-depth expertise in runtime. Sysdig even created Falco, the open standard for detecting threats in the cloud. Sysdig provides:
● Cloud and container security (CSP and CWPP)
● Configuration management
● Vulnerability management and prioritization
● Cloud detection and response (CDR)
● Compliance
● Permissions management (CIEM)
By knowing what’s running in production throughout the software lifecycle, Sysdig helps prioritize what’s most important. From shift-left to shield-right, the world’s most innovative companies rely on Sysdig to prevent, detect and respond at cloud speed.
Global Security Mag: The theme of this year’s InCyber Forum is AI. What are the main cyberthreats it creates / generates?
Christophe Baroux : AI will help attackers to multiply, improve and accelerate threats. In parallel, AI will enable better detection and response. As I said earlier, not all organizations have the same level of adoption of artificial intelligence, and AI is constantly evolving. We know that context and speed are critical in the cloud, which makes runtime intelligence a critical capability for cloud security.
Sysdig is the first and only company to provide customers with real-time attack path analysis and live risk prioritization together with AI.
We have integrated Cloud Attack Graph into our CNAPP which was designed specifically for the cloud, allowing users to visualize risks, prioritize the threats that matter and, in the event of a live attack, be alerted in real time and make it a priority for the security team.
Security teams need a tool that sees everything, makes correlations and delivers actionable intelligence in seconds. These new features, which are based on real-time information from production, help to identify threats and attacks that are in progress, invisible but imminent.
Global Security Mag: Did / Will you have AI technologies integrations into your solutions?
Christophe Baroux : Artificial intelligence is already present in our platform. The majority of organizations are aware that generative AI has the power to improve security, but it needs to be harnessed in a way that meets the challenges of the cloud.
Based on this understanding, we created Sysdig Sage, a generative AI solution for cloud security that combines runtime power with an AI architecture to detect hidden risks and attack paths.
Sysdig Sage helps users by empowering them with cloud security expertise, uncovering hidden security connections that are otherwise not obvious, and ultimately helping them work smarter and react faster.
Sysdig Sage employs multi-step reasoning and multi-domain correlation to quickly detect, prioritize and remediate cloud risks. It also harnesses the runtime power of Sysdig to reveal hidden links between risks and security events that would otherwise go undetected.
Global Security Mag: How should technologies evolve to counter these threats?
Christophe Baroux : Traditional approaches to security involve looking in from the outside, making it impossible to detect and respond to threats. As cloud architectures and containers become commonplace, this paradigm must change.
For-profit attackers are taking advantage of cloud innovations such as AI. Sysdig runtime insights empowers users to stay ahead of threat actors and act with speed and precision.
On-site attacks take an average of 16 days, and out-of-date repositories mean that security teams have to respond to an intrusion in 60 minutes. This proves insufficient when malicious actors exploit the automation and scale of the cloud, combined with new techniques to accelerate all stages of an attack. As reported in Sysdig’s Global Cloud Threat Report 2023, after discovering an exploitable target, attackers can inflict damage in less than 10 minutes.
We’re challenging businesses with our 5/5/5 security benchmark, the new benchmark for detection and response in the cloud. This benchmark highlights the need to detect (5 seconds), triage (5 minutes) and initiate a response (5 minutes) to attacks at cloud speed. It aims to help organizations speed up incident response times.
Users are always looking for security indicators, especially as the industry moves towards new operating models. We have many best practices, but there has been no real way to quantify cloud security agility - until now. Our 5/5/5 security Benchmark, developed in partnership with our customers, industry analysts and our Threat Research Team, sets a new standard for operating securely in the cloud.
Global Security Mag: What message would you like to send to CISOs?
As businesses move to the cloud, traditional on-premise standards become obsolete and too slow.
With innovation and attacks happening faster in the cloud, businesses need solutions to operate at the speed of cloud-native environments.
CISOs need to understand and integrate these trends into their strategic planning. Without this, it will be difficult to remain relevant and effective in an increasingly complex digital landscape. Vulnerability management, enhanced threat detection, secure development practices and the incorporation of artificial intelligence into security strategies are all major aspects of this evolution.
– Christophe Baroux - Sales Director SEMEA Sysdig
06 08 68 28 40 - christophe.baroux@sysdig.com