In today’s rapidly changing and evolving cloud-native environments, security and infrastructure teams face challenges ranging from managing complex deployments to ensuring capability across their entirety of their diverse infrastructure. EDR and XDR tools cannot provide comprehensive coverage of cloud workloads, making them fundamentally unsuited for cloud security.

Artificial intelligence has taken over almost every aspect of our everyday lives. In cybersecurity, generative AI models with natural language processing are commonly being used to predict, detect, and respond to threats. But AI security assistants, although an upgrade from traditional machine learning, only provide very basic queries and summarization, which is insufficient to fully comprehend modern cloud attacks. As part of an ongoing effort to improve the cloud detection and response (CDR) experience,

Generative AI (GenAI) is a top priority for organizations looking to increase productivity and solve business problems faster. In cloud security, AI chatbots to aid security practitioners are becoming more common, but to date, most of these solutions offer only basic queries and summarization. Diverse cloud environments and evolving threats require more from an AI security analyst.

Last year, Sysdig outlined our vision for an AI-driven cloud security assistant. Today, we are excited to announce Sysdig Sage for cloud detection and response (CDR), our new release that embodies our vision. Built upon the core principles we introduced, Sysdig Sage offers actionable insights for cloud environments, with a focus on CDR.

As organizations continue to look for consolidated platforms to address their security needs, an important shift has happened. Customers have discovered that traditional tools focusing exclusively on static risks (such as misconfigurations, policy/control failures, and network exposure) are not enough to address today’s dynamic cloud threats.

Enterprises today face significant challenges in managing, governing, and securing corporate data. Data moves and is shared more ubiquitously than we likely recognize. Through the use of large language models (LLMs), shared with third-party vendors, or exposed on the dark web, there are blind spots that hinder the security and IT teams’ visibility into where data resides and how and by whom it’s accessed.

Containerized applications deliver exceptional speed and flexibility, but they also bring complex security challenges, particularly in managing and mitigating vulnerabilities within container images. To tackle these issues, we are excited to introduce Layered Analysis — an important enhancement that provides precise and actionable security insights.

The Sysdig Threat Research Team (TRT) is on a mission to help secure innovation at cloud speeds. A group of some of the industry’s most elite threat researchers, the Sysdig TRT discovers and educates on the latest cloud-native security threats, vulnerabilities, and attack patterns. We are fiercely passionate about security and committed to the cause. Stay up to date here on the latest insights, trends to monitor, and crucial best practices for securing your cloud-native environments.

The Sysdig Threat Research Team (TRT) continued observation of the SSH-Snake threat actor we first identified in February 2024. New discoveries showed that the threat actor behind the initial attack expanded its operations greatly, justifying an identifier to further track and report on the actor and campaigns: CRYSTALRAY. This actor previously leveraged the SSH-Snake open source software (OSS) penetration testing tool during a campaign exploiting Confluence vulnerabilities.