San Francisco, CA, USA
Mar 22, 2023   |  By Biagio Dipalma
Rule tuning is one of the most important steps during the definition of the security posture. With the detection rules, it’s impossible to use a “one fits all” approach: every customer has a unique environment, with its peculiarities and business needs. So, when a new rule is released it’s crucial to understand the security use case behind the detection and reduce the false positives (FP) as much as possible. The Threat Research Team constantly checks if noise occurs.
Mar 21, 2023   |  By Nigel Douglas
Terraform is the de facto tool if you work with infrastructure as code (IaC). Regardless of the resource provider, it allows your organization to work with all of them simultaneously. One unquestionable aspect is Terraform security, since any configuration error can affect the entire infrastructure. In this article we want to explain the benefits of using Terraform, and provide guidance for using Terraform in a secure way by reference to some security best practices. Let’s get started!
Mar 17, 2023   |  By Nicholas Lang
The name Chaos is being used for a ransomware strain, a remote access trojan (RAT), and now a DDoS malware variant too. Talk about chaos! In this case, Sysdig’s Threat Research Team captured attacks using the Chaos variant of the Kaiji botnet malware. There is very little reported information on this malware since September 2022, perhaps because of the unfortunately chaotic naming, or simply because it is relatively new. Kaiji malware was of Chinese origin in 2020 and is written in Golang.
Mar 17, 2023   |  By Pawan Shankar
There’s an important shift happening in the cloud security industry: organizations are looking for an integrated platform that connects the dots between several key security use cases from source through production. Whether it is for tool consolidation, consistent end-to-end experience, or “one throat to choke,” customers are increasingly choosing a platform-based approach to address critical cloud security risks.
Mar 15, 2023   |  By Alba Ferri
What if a malicious threat actor would want to get into the U.S. Department of Defense’s (DoD) network. Could they do it? You may think this only happens in the movies, right? In this case, reality surpassed fiction. On Dec.20, 2018, the APT10 Group did exactly that. Members of APT10 stole personal, confidential information, including social security numbers and dates of birth, from over 100,000 Navy personnel.
Mar 14, 2023   |  By Miguel Hernández
Vulnerabilities are only one part of the cloud security story. Misconfigurations are still the biggest player in security incidents and, therefore, should be one of the greatest causes for concern in organizations.
Mar 7, 2023   |  By Suresh Vasudevan
With today’s announcement of the Wiz/SentinelOne partnership and other recent launches, like Orca/ThreatOptix, we are seeing cloud security players publicly validate that they can no longer compete without a compelling runtime security solution. Agentless technology enabled young companies to solve the low-hanging fruit problem of periodic cloud security assessment.
Mar 1, 2023   |  By Nigel Douglas
MITRE ATT&CK and MITRE D3FEND are both frameworks developed by the non-profit organization MITRE, but they serve different purposes. If you are new to the MITRE ATT&CK framework and would like to brush up on some of the concepts first, we created a Learn Cloud Native article to help you on your journey. If you want to go further, here’s how Falco’s Cloudtrail rules align with MITRE ATT&CK.
Feb 28, 2023   |  By Nigel Douglas
This blog will explain how Falco’s Cloudtrail plugin rules can be aligned with MITRE ATT&CK Framework for Cloud. One important note is that the team at MITRE has developed several different matrices to address the unique risk associated with adversaries in the cloud, in containerized workloads as well as on mobile devices.
Feb 28, 2023   |  By Alberto Pellitteri
The Sysdig Threat Research Team recently discovered a sophisticated cloud operation in a customer environment, dubbed SCARLETEEL, that resulted in stolen proprietary data. The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary software and credentials. They also attempted to pivot using a Terraform state file to other connected AWS accounts to spread their reach throughout the organization.
Mar 22, 2023   |  By Sysdig
Digital Forensics and Incident Response? (DFIR) is the cybersecurity field that defines the process and the best practices to follow in order to deal with a cyber attack or a security breach. Join Miguel, a security expert watching a video about a cyber detective investigating a kubernetes breach, and find out what the culprit was!
Mar 10, 2023   |  By Sysdig
Hear from Glen Arrowsmith, VP of IT and Security Engineering at Arkose Labs, about how the global leader in online account security and fraud detection uses Sysdig to secure and strengthen its AWS cloud environment. As its environment scaled, the Arkose Labs team needed to consolidate cloud and container security tools to save time and reduce risk.
Feb 1, 2023   |  By Sysdig
The sixth annual Sysdig Cloud-Native Security and Container Usage report is here! Get actionable insights from real-world customer data on the cloud and container usage of organizations around the world! For example, did you know that 87% of container images include a high or critical vulnerability?
Jan 10, 2023   |  By Sysdig
Detecting a crypto (bitcoin, monero, etc.) miner malware is essential to prevent a cryptojacking attack. Learn how to detect and prevent these mining attacks! Cryptojacking is a cybercrime in which another party’s computing resources are hijacked to mine cryptocurrency.#CryptoJacking, which is also referred to as malicious cryptomining, lets hackers mine crypto currency (like bitcoin, monero, ethereum, etc.) without paying for electricity, hardware and other mining resources.
Nov 23, 2022   |  By Sysdig
How do you secure your Docker containers against the latest vulnerabilities? What tools help your containers stay secure from the #Dockerfile through the runtime? Where is scanning most effective in the container lifecycle? We compiled a short list of security best practices to keep your #containers safe and answer these questions.
Nov 14, 2022   |  By Sysdig
What does #Sysdig do and how is it different from other cloud and container security tools? Hear CEO Suresh Vasudevan explain how Sysdig can help customers secure and monitor their containers on the cloud from source to runtime. Stay up to date on the latest cloud native news and trends, get all the info on latest vulnerabilities and discover new ways for securing and monitoring kubernetes and containers on our blog.
Nov 10, 2022   |  By Sysdig
Escaping a docker container can get you access to the whole linux host, so it's a precious technique for a cyber attack. But it's also valuable for defenders: hacking docker containers to get a breakout is a fun way to better understand a vulnerability and how to better protect from these exploits! In this hands on video, we look at three real life scenarios where you can actually break out from a docker container.
Oct 18, 2022   |  By Sysdig
We will introduce how Falco can be extended to be used for data sources beyond syscalls, opening up use cases covering detections on cloud-native platforms using any JSON compatible logs from cloud vendors, or sources such as AWS Cloudtrail.
Oct 18, 2022   |  By Sysdig
Is your organization ready to pay an additional $430,000 cloud bill as a result of cryptojacking? The Sysdig Threat Research Team recently released the 2022 Sysdig Cloud-Native Threat Report, which details the cost of cryptojacking, the reality of software supply chain risks, and how hacktivism has become a prominent feature in cyber warfare. While the motives of hackers have not changed, they have adjusted their attack patterns and tactics to penetrate cloud environments more effectively. Fortify your cloud by understanding the current threat landscape and identifying defense strategies.
Oct 12, 2022   |  By Sysdig
Software flaws are inevitable, and as Log4Shell recently reminded us, their impact can be massive. Using Log4Shell as a prime example we explain.
Sep 16, 2021   |  By Sysdig
Based on our understanding of the Gartner report, security and risk management leaders should develop a strategy for addressing the unique and dynamic requirements for protecting hybrid cloud workloads. Gartner's recommendations for cloud workload security include: Sysdig is listed by Gartner® as a Representative Vendor for Cloud Workload Protection Platforms. Gartner also notes Sysdig in the list of companies building or acquiring CSPM capabilities.
Oct 3, 2018   |  By Sysdig
For Dummies Series - Best practices, insights and recommendations.
May 1, 2018   |  By Sysdig
How containers change your compliance lifecycle.
Apr 1, 2018   |  By Sysdig
Get your containerized apps production-ready.
Mar 1, 2018   |  By Sysdig
A unified approach for security, monitoring, and forensics in containerized and microservice environments.

Sysdig is the first unified approach to monitor and secure containers across the entire software lifecycle.

Sysdig was born out of the belief that open source tools will be at the foundation of your next generation infrastructure. See our projects for system visibility, and container security, as well as partner projects we’ve embraced.

Accelerate your transition to containers, and then have confidence in your ongoing operations. We've built the cloud-native intelligence platform to create a single, more effective way to secure, monitor, and assure your critical applications:

  • Container security (Sysdig Secure): Protect and assure your applications. Bring together image scanning and run-time protection to identify vulnerabilities, block threats, enforce compliance, and audit activity across your microservices.
  • Enterprise-grade Docker monitoring (Sysdig Monitor): Enhance software reliability and accelerate problem resolution with advanced Kubernetes integration and built-in Prometheus monitoring capabilities.
  • Automatic orchestrator integration (Sysdig ServiceVision): We use Sysdig ServiceVision to dynamically map services using metadata from Kubernetes, OpenShift, AWS, Azure, Google, Mesos, or Docker EE, and more. With this insight, you can isolate and solve problems faster.

Our container intelligence platform monitors and secures millions of containers across hundreds of enterprises, including Fortune 500 companies and web-scale properties.