Sysdig Announces Drift Control
June 28, 2022

Sysdig announced Drift Control to prevent container attacks at runtime. Teams can detect, prevent, and speed incident response for containers that were modified in production, also known as container drift.

Additionally, Sysdig enhanced malware and cryptomining detection with new threat intelligence feeds from Proofpoint Emerging Threats (ET) Intelligence and the Sysdig Threat Research Team. To be successful in the cloud, teams need a single view of risk with no blind spots, which includes having prevention that flags and blocks container drift.

New critical vulnerabilities uncovered, including Log4j and Spring4Shell, are a reminder that threat detection is critical both in the cloud and data center. This detection needs to provide multiple layers of protection. Sysdig, using the Falco open source project, the de facto standard for cloud-native threat detection, covers all of the common system intrusion attack categories identified in Verizon’s 2022 Data Breach Investigation Report.

With this announcement, Sysdig adds additional layers of detections. The first uses enhanced malware and cryptomining detection with the Proofpoint threat feeds for known and emerging threats. Drift Control, the second additional technique, enforces the immutability principle, providing a preventative defense layer to cloud-native workloads. Container immutability ensures that container software is not modified during its lifetime, preserving consistency from source to run and preventing actions that could be part of an attack.

Given the dynamic nature of cloud-native environments and legacy practices carrying over to cloud environments, teams often neglect immutability best practices and are blind to drift, especially at scale. To close the dangerous security gaps created by container drift, Sysdig provides Drift Control to automatically flag and deny deviations from the trusted original container.

Key Benefits:

- Detect and prevent container drift with Drift Control: With Sysdig, teams can prevent common runtime attacks by dynamically blocking executables that were not in the original container image. Sysdig helps customers follow security best practices of immutability and ensure containers aren’t modified after deployment in production.

- Enhance detection with the latest threat intelligence feeds: Sysdig Secure has added threat intelligence feeds from Proofpoint Emerging Threats (ET) Intelligence and the Sysdig Threat Research Team. With these feeds, teams can rely on the most timely and accurate threat information, including malicious IPs and domains, to better protect their environments against threats such as Command & Control (C2), malware, backdoors, crytominers, and anonymization.

- Speed incident response and mitigation with Rapid Response: In addition to the new prevention and detection capabilities powered by Drift Control and threat intelligence feeds, teams can then use Sysdig Secure to dig directly into the compromised or suspicious container with on-demand secured shell access and investigate the blocked executable and communications. Teams can minimize exposure by removing the malicious file locally from the command line. Sysdig keeps a detailed audit trail of all mitigation commands and can upload session history to a user-defined external storage.

“When there is an attack every 11 seconds, it is important to have multiple layers of defense,” said Omer Azaria, Vice President of Research and Development at Sysdig. “Sysdig’s new Drift Control capability enforces best practices that can stop an attack before damage is done.”

Sysdig Secure customers have access to Drift Control and new threat feeds now and for new customers, it is included in Sysdig Secure at no additional cost.

Share this

Industry News

March 18, 2024

Kubiya.ai announces the launch of its DevOps Digital Agents.

March 18, 2024

Aviatrix® introduced Aviatrix Distributed Cloud Firewall for Kubernetes, a distributed cloud networking and network security solution for containerized enterprise applications and workloads.

March 18, 2024

Stride announces the general availability of Stride Conductor, its new autonomous coding product that transforms the software development landscape.

March 14, 2024

CircleCI unveiled CircleCI releases, which enables developers to automate the release orchestration process directly from the CircleCI UI.

March 13, 2024

Fermyon™ Technologies announces Fermyon Platform for Kubernetes, a WebAssembly platform for Kubernetes.

March 13, 2024

Akuity announced a new offer targeted at Enterprises and businesses where security and compliance are key.

March 13, 2024

New Relic launched new capabilities for New Relic IAST (Interactive Application Security Testing), including proof-of-exploit reporting for application security testing.

March 12, 2024

OutSystems announced AI Agent Builder, a new solution in the OutSystems Developer Cloud platform that makes it easy for IT leaders to incorporate generative AI (GenAI) powered applications into their digital transformation strategy, as well as govern the use of AI to ensure standardization and security.

March 12, 2024

Mirantis announced significant updates to Lens Desktop that makes working with Kubernetes easier by simplifying operations, improving efficiency, and increasing productivity. Lens 2024 Early Access is now available to Lens users.

March 12, 2024

Codezero announced a $3.5 million seed-funding round led by Ballistic Ventures, the venture capital firm dedicated exclusively to funding entrepreneurs and innovations in cybersecurity.

March 11, 2024

Prismatic launched a code-native integration building experience.

March 07, 2024

Check Point® Software Technologies Ltd. announced its Check Point Infinity Platform has been ranked as the #1 Zero Trust Platform in the latest Miercom Zero Trust Platform Assessment.

March 07, 2024

Tricentis announced the launch and availability of SAP Test Automation by Tricentis as an SAP Solution Extension.

March 07, 2024

Netlify announced the general availability of the AI-enabled deploy assist.

March 07, 2024

DataStax announced a new integration with Airbyte that simplifies the process of building production-ready GenAI applications with structured and unstructured data.