20220509 ITWire 160x1200 may22 1

20220509 ITWire 160x1200 may22 1

20220509 ITWire 705x108 may22 1

Friday, 01 July 2022 11:24

Sysdig announces Drift Control to prevent container attacks at runtime

By Sysdig

COMPANY NEWS: Sysdig, the unified container and cloud security leader, announced Drift Control to prevent container attacks at runtime.

Teams can detect, prevent, and speed incident response for containers that were modified in production, also known as container drift. Additionally, Sysdig enhanced malware and cryptomining detection with new threat intelligence feeds from Proofpoint Emerging Threats (ET) Intelligence and the Sysdig Threat Research Team. To be successful in the cloud, teams need a single view of risk with no blind spots, which includes having prevention that flags and blocks container drift.

New critical vulnerabilities uncovered, including Log4j and Spring4Shell, are a reminder that threat detection is critical both in the cloud and data centre. This detection needs to provide multiple layers of protection. Sysdig, using the Falco open source project, the de facto standard for cloud-native threat detection, covers all of the common system intrusion attack categories identified in Verizon’s 2022 Data Breach Investigation Report.

With this announcement, Sysdig adds additional layers of detections. The first uses enhanced malware and cryptomining detection with the Proofpoint threat feeds for known and emerging threats. Drift Control, the second additional technique, enforces the immutability principle, providing a preventative defence layer to cloud-native workloads. Container immutability ensures that container software is not modified during its lifetime, preserving consistency from source to run and preventing actions that could be part of an attack.

Given the dynamic nature of cloud-native environments and legacy practices carrying over to cloud environments, teams often neglect immutability best practices and are blind to drift, especially at scale. To close the dangerous security gaps created by container drift, Sysdig provides Drift Control to automatically flag and deny deviations from the trusted original container.

Key benefits
● Detect and prevent container drift with Drift Control: With Sysdig, teams can prevent common runtime attacks by dynamically blocking executables that were not in the original container. Sysdig helps customers follow security best practices of immutability and ensure containers aren’t modified after deployment in production.

● Enhance detection with the latest threat intelligence feeds: Sysdig Secure has added threat intelligence feeds from Proofpoint Emerging Threats (ET) Intelligence and the Sysdig Threat Research Team. With these feeds, teams can rely on the most timely and accurate threat information, including malicious IPs and domains, to better protect their environments against threats such as Command & Control (C2), malware, backdoors, crytominers, and anonymization.

● Speed incident response and mitigation with Rapid Response: In addition to the new prevention and detection capabilities powered by Drift Control and threat intelligence feeds, teams can then use Sysdig Secure to dig directly into the compromised or suspicious container with on-demand secured shell access and investigate the blocked executable and detected malicious communications. Teams can minimise exposure by removing the malicious file locally from the command line. Sysdig keeps a detailed audit trail of all mitigation commands and can upload session history to a user-defined external storage.

“When there is an attack every 11 seconds, it is important to have multiple layers of defense,” Sysdig vice president of research and development Omer Azaria said. “Sysdig’s new Drift Control capability enforces best practices that can stop an attack before damage is done.”

Sysdig Secure customers have access to Drift Control and new threat feeds now and for new customers, it is included in Sysdig Secure at no additional cost.

About Sysdig
Sysdig is driving the standard for cloud and container security. The company pioneered cloud-native runtime threat detection and response by creating Falco and Sysdig as open source standards and key building blocks of the Sysdig platform. With the platform, teams can find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions, and compliance. From containers and Kubernetes to cloud services, teams get a single view of risk from source to run, with no blind spots, no guesswork, no black boxes. The largest and most innovative companies around the world rely on Sysdig.

Read 1204 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Share News tips for the iTWire Journalists? Your tip will be anonymous



Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News