Sysdig Announces Drift Control
June 28, 2022

Sysdig announced Drift Control to prevent container attacks at runtime. Teams can detect, prevent, and speed incident response for containers that were modified in production, also known as container drift.

Additionally, Sysdig enhanced malware and cryptomining detection with new threat intelligence feeds from Proofpoint Emerging Threats (ET) Intelligence and the Sysdig Threat Research Team. To be successful in the cloud, teams need a single view of risk with no blind spots, which includes having prevention that flags and blocks container drift.

New critical vulnerabilities uncovered, including Log4j and Spring4Shell, are a reminder that threat detection is critical both in the cloud and data center. This detection needs to provide multiple layers of protection. Sysdig, using the Falco open source project, the de facto standard for cloud-native threat detection, covers all of the common system intrusion attack categories identified in Verizon’s 2022 Data Breach Investigation Report.

With this announcement, Sysdig adds additional layers of detections. The first uses enhanced malware and cryptomining detection with the Proofpoint threat feeds for known and emerging threats. Drift Control, the second additional technique, enforces the immutability principle, providing a preventative defense layer to cloud-native workloads. Container immutability ensures that container software is not modified during its lifetime, preserving consistency from source to run and preventing actions that could be part of an attack.

Given the dynamic nature of cloud-native environments and legacy practices carrying over to cloud environments, teams often neglect immutability best practices and are blind to drift, especially at scale. To close the dangerous security gaps created by container drift, Sysdig provides Drift Control to automatically flag and deny deviations from the trusted original container.

Key Benefits:

- Detect and prevent container drift with Drift Control: With Sysdig, teams can prevent common runtime attacks by dynamically blocking executables that were not in the original container image. Sysdig helps customers follow security best practices of immutability and ensure containers aren’t modified after deployment in production.

- Enhance detection with the latest threat intelligence feeds: Sysdig Secure has added threat intelligence feeds from Proofpoint Emerging Threats (ET) Intelligence and the Sysdig Threat Research Team. With these feeds, teams can rely on the most timely and accurate threat information, including malicious IPs and domains, to better protect their environments against threats such as Command & Control (C2), malware, backdoors, crytominers, and anonymization.

- Speed incident response and mitigation with Rapid Response: In addition to the new prevention and detection capabilities powered by Drift Control and threat intelligence feeds, teams can then use Sysdig Secure to dig directly into the compromised or suspicious container with on-demand secured shell access and investigate the blocked executable and communications. Teams can minimize exposure by removing the malicious file locally from the command line. Sysdig keeps a detailed audit trail of all mitigation commands and can upload session history to a user-defined external storage.

“When there is an attack every 11 seconds, it is important to have multiple layers of defense,” said Omer Azaria, Vice President of Research and Development at Sysdig. “Sysdig’s new Drift Control capability enforces best practices that can stop an attack before damage is done.”

Sysdig Secure customers have access to Drift Control and new threat feeds now and for new customers, it is included in Sysdig Secure at no additional cost.

Share this

Industry News

August 16, 2022

Canonical welcomes the .NET development platform, one of Microsoft’s earliest contributions to open source projects, as a native experience on Ubuntu hosts and container images, starting in Ubuntu 22.04 LTS.

August 16, 2022

Veracode announced the launch of the Veracode Velocity Partner Program.

August 16, 2022

Render announced a new monorepository feature that enables its customers to keep all of their code in one super repository instead of managing multiple smaller repositories.

August 15, 2022

Gadget announced Connections, a major new feature that gives app developers access to building blocks that enable them to build and scale ecommerce apps in a fraction of the time, at a fraction of the cost.

August 15, 2022

Opsera is on the Salesforce AppExchange to help enterprise customers shorten software delivery cycles, improve pipeline quality and security, lower operations costs and better align software delivery to business outcomes.

August 15, 2022

Virtusa Corporation earned the DevOps with GitHub on Microsoft Azure advanced specialization, a validation of a services partner's deep knowledge, extensive experience and proven success in implementing secure software development practices applying DevOps principles and using Azure and GitHub solutions.

August 15, 2022

Companies looking to reduce their cloud costs with automated optimization can now easily procure CAST AI via Google Cloud Marketplace using their existing committed spend.

August 11, 2022

Granulate, an Intel Company, announced the upcoming launch of its latest free cost-reduction solution, gMaestro, a continuous workload and pod rightsizing tool for Kubernetes cost optimization.

August 11, 2022

Rezilion announced the availability of MI-X, a newly created open-source tool developed by Rezilion's vulnerability research team.

August 11, 2022

Contrast Security announced its enhanced application programming interface (API) security capabilities within the Contrast Secure Code Platform.

August 10, 2022

Mirantis made it even easier to integrate Mirantis Container Cloud into developer workflows and provide developers and operators with easy access and visibility into the Kubernetes clusters with the Mirantis Container Cloud Lens Extension announced today.

August 10, 2022

ArmorCode announced an integration with Traceable AI which will bring its data into the ArmorCode platform and improve Application Security Posture from code to cloud.

August 10, 2022

Quali unveiled enhanced features for its Torque platform to unify infrastructure orchestration and governance.

August 09, 2022

Veracode announced the enhancement of its Continuous Software Security Platform with substantial improvements to its integrated developer experience.

August 09, 2022

Normalyze announced General Availability for its Freemium offering, a self-serve, free platform that democratizes data discovery and classification in all three public clouds, Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).