Sysdig uses automation to cut cloud incident response times

Cloud security company Sysdig is launching a new, enhanced cloud-native investigation process designed to cut incident analysis time to just five minutes.

By visualizing a given incident in the Sysdig Cloud Attack Graph, security analysts can gain a dynamic view of the relationships between resources for a better understanding of the killchain and potential lateral movement across a cloud environment.

In addition overlays of detections, vulnerabilities, and misconfigurations help responders see where a threat may have originated and how a threat actor was able to perpetuate an attack.

Automatic correlation between cloud events and location-aware identities highlights things like unusual logins, impossible travel scenarios, and malicious IP addresses. Users gain a clearer understanding of what threat actors are doing in their infrastructure.

Sysdig delivers enriched, comprehensive forensic data correlated across activity audits, syscall captures, process trees, and beyond. This speeds up cloud-native investigations by automating correlation across environments between resources, events, identities, posture, and vulnerability data.

Ryan Davis, VP of product marketing at Sysdig says:

There's no way to stay on top of every misconfiguration, insecure API, or alert that is sent their way. What works on-prem will not work in the cloud. This puts security teams under immense pressure. Every issue they encounter has the potential to be catastrophic, so they must do two things: filter out the noise by prioritizing what matters most and automate where they can.

Filtering out the noise requires understanding what's actually happening at runtime and prioritizing vulnerabilities. With Sysdig, security teams can filter down to what's actually in use, exploitable, and has a known fix that they can implement, thus filtering out 95 percent of the noise. This gives organizations back the time they need to deal with those really serious issues that can break the business.

Automating security starts with AI. There are a lot of manual tasks security teams get bogged down and burned out on -- things like writing report cases, data analysis, compliance checks, etc. But, where the next level of AI value comes from is when AI helps security teams become more effective. Security teams can leverage products that use AI to observe events or understand what the security user needs to suggest actions to take. As attackers start to leverage AI to automate and make their attacks more efficient and fast, security teams must do the same to keep up and scale in a way that improves their overall efficiency and effectiveness. Leveraging AI can also help ward off burn out.

You can find out more on the Sysdig site.

Image credit: Alexandersikov/Dreamstime.com