Hyland 160x1200

Hyland 160x1200

Hyland 705x108

Thursday, 27 January 2022 12:52

Sysdig Security and Usage Report finds more than 75% of running containers have severe vulnerabilities

By Sysdig

GUEST RESEARCH: Sysdig, the unified container and cloud security leader, today announced findings from its Sysdig 2022 Cloud-Native Security and Usage Report. The report reveals that as teams rush to expand, container security and usage best practices are sacrificed, leaving openings for attackers. In addition, operational controls lag, potentially resulting in hundreds of thousands of dollars being wasted on poor capacity planning. All of these are indicators that cloud and container adoption is maturing beyond early, “expert” adopters, but moving quickly with an inexperienced team can increase risk and cost.

The fifth annual report reveals how global Sysdig customers of all sizes and across industries are using and securing cloud and container environments. This real-world, real-time data provides insight into usage of billions of containers run yearly, including usage trends, and security, compliance, runtime, and cloud practices.

Highlights from the report:
Seventy-five percent of containers have “high” or “critical” patchable vulnerabilities
Organizations take educated risks for the sake of moving quickly; however, 85% of images that run in production contain at least one patchable vulnerability.
Furthermore, 75% of images contain patchable vulnerabilities of “high” or “critical” severity. This implies a fairly significant level of risk acceptance, which is not unusual for high agility operating models, but can be very dangerous.

Nearly 3 out of every 4 accounts contain exposed S3 buckets
Seventy-three percent of cloud accounts contain exposed S3 buckets and 36% of all existing S3 buckets are open to public access. The amount of risk associated with an open bucket varies according to the sensitivity of the data stored there. However, leaving buckets open is rarely necessary and it's usually a shortcut that cloud teams should avoid.

Twenty-seven percent of users have unnecessary root access, most without MFA enabled
Cloud security best practices and the CIS Benchmark for AWS indicate that organisations should avoid using the root user for administrative and daily tasks, yet 27% of organisations continue to do so. Forty-eight percent of customers don’t have multi-factor authentication (MFA) enabled on these highly privileged accounts, which makes it easier for attackers to compromise the organisation if the account credentials are leaked or stolen.

$400,000+ per cluster overspend on cloud service provider bills
Capacity management and planning are difficult in fast changing Kubernetes environments and limits on how many resources a container can use can go undefined. Sixty percent of containers had no CPU limits defined and 51% had no memory limits defined. Of those clusters that did have CPU limits, an average of 34% of CPU cores were unused. Without knowing the utilisation of clusters, organisations could be wasting money due to overallocation or causing performance issues by running out of resources. Given the average cost of Amazon Web Services CPU pricing, an organisation with 20 Kubernetes clusters could be overspending up to $400,000 yearly.

Other interesting findings
Non-humans outnumber humans in the cloud, with 88% of roles assigned to non-humans, such as applications, cloud services, and commercial tools. While this isn’t necessarily a bad thing, a best practice is to follow the principle of least privilege and explicitly assign the minimum necessary permissions to each role. Granting excessive permissions is fast and easy for admins but adds risk.

Container density grew again in 2021, a nearly 15% increase year-over year and a 360% increase in four years. As containers increase in density, setting resource limits becomes more important, a best practice not being followed as DevOps teams rush to expand cloud environments.

Massive growth for Falco, the CNCF open-source project contributed by Sysdig. The project now has over 40 million downloads, which represents 370% growth since becoming an Incubating project in January 2020. Falco has secured its position as the runtime cloud and container security standard.

Containers running as root continue to rise. Forty-eight percent of images are scanned before runtime, yet 76% of containers are running as root, a 31% increase from last year. Slow adoption of best practices may indicate broad adoption of container technologies by organisations that have not yet evolved their DevSecOps processes. Privileged containers are easier for attackers to compromise.

Read 1784 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News