Christophe Baroux, Sysdig: The use of the cloud changes the calculation of security
April 2023 by Marc Jacob
For its first participation in the FIC, Sysdig will have a very provided news presented with the updates of several products among which Sysdig Secure and Sysdig Monitor., many discoveries of the research team on the threats. Additionally, Sysdig has created a new foundation THE WIRESHARK FOUNDATION, the long-term custodian of the open source Wireshark project. Christophe Baroux, SEMEA Sales Director at Sysdig believes that the cloud has fundamentally changed security and addressing risks later, or even too late, in the development lifecycle has a negative impact on the rate of cloud adoption. , while increasing security and compliance risks. So using the cloud changes the calculus of security.
Global Security Mag: What will be your news during the International Cybersecurity Forum 2023?
Christophe Baroux : This is our 1st time at the FIC and we are happy to seize this moment to meet French actors in the cybersecurity sector at once. I came before only as a visitor, this time I am proud that Sysdig is an exhibitor!
We’ve had a tremendous 2023 already with several great product updates and many discoveries from the Sysdig Threat Research Team. Our threat research team is one of a kind and well respected in the US. We want French decision makers to know we have so much to offer them! Our threat research team is constantly looking for cloud attacks and exposing them for educational purposes.
Our latest announcements:
● Sysdig created a new foundation THE WIRESHARK FOUNDATION that will serve as the long-term custodian of the Wireshark open source project. Wireshark is the world’s foremost traffic protocol analyzer, with more than 2,000 contributors and over 60 million downloads in the last five years. Sysdig, as Wireshark’s current corporate sponsor, encouraged the creation of the foundation. This nonprofit foundation will be home to SharkFest, Wireshark’s developer and user conference, and the Wireshark source code and assets. It will be great to see how Wireshark is extended to address new challenges, including securing the cloud.
● Sysdig was nominated as a Representative Vendor in the first Gartner® 2023 Market Guide for Cloud-Native Application Protection Platforms (CNAPP). Sysdig Secure helps identify and prioritize vulnerabilities, detect and respond to threats and anomalies, and manage configurations, permissions and compliance.
Global Security Mag: What are the highlights of the solutions you will present at this event?
Christophe Baroux : Sysdig has two flagship products – Sysdig Secure and Sysdig Monitor.
Sysdig Secure is a cloud-native application protection platform (CNAPP). Sysdig prevents, detects, and stops cloud security attacks because of our long history and deep expertise in runtime. Sysdig even created Falco, the open standard for cloud threat detection. Sysdig provides:
● Cloud and container security
● Configuration management
● Vulnerability management
● Cloud detection and response
● Permissions management
By knowing what is running in production across the software lifecycle, Sysdig helps prioritize what matters most. From shift left to shield right, the most innovative companies around the world rely on Sysdig to prevent, detect, and respond at cloud speed.
Sysdig Monitor radically simplifies cloud and Kubernetes monitoring and helps lower costs with deep visibility into cloud-native workloads. Sysdig displays all important information in a single unified view with actionable remediation steps. Sysdig’s cost-savings estimates are based on utilization metrics to help teams prioritize rightsizing efforts to save an average of 40% on their cloud bills.
Global Security Mag : This year’s theme of the FIC is Cloud Computing, what are the main cyber threats to the Cloud?
Christophe Baroux : The cloud has fundamentally changed the anatomy and nature of modern applications, IT infrastructures, and processes involved. It creates a dynamic and growing attack surface of interdependent cloud workloads, services, and identities. It also introduces a new set of opportunities for bad actors as they seek to exploit the current maturity of cloud deployments, the complexity of multi-cloud environments, and the reliance on software supply chains and trusted third-party relationships. This creates profound implications on the requirements for threat detection and response in the cloud.
Earlier this year, we released the Sysdig 2023 Cloud-Native Security and Usage Report. For the sixth year, we looked at how billions of containers are actually running in production. What we found was a lot of best practices still aren’t being followed.
We also found that the two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains. Unfortunately, 87% of container images running in production have a critical or high severity vulnerability. Despite increased adoption of shift-left security strategies to assess code early and often, organizations need runtime security. This is evidenced by the tremendous growth in the adoption of runtime (or shield left) technologies like Falco, which has more than 60 million downloads.
Global Security Mag : What are the advantages of Cloud Computing?
Christophe Baroux : We all know that cloud computing has created a lot of value and it is helping companies expand. It offers a faster time to market, scalability, flexibility, potential cost savings, better collaboration, advanced security, data loss prevention, etc.
If the first round of cloud adoption was about saving time and avoiding large capital outlays — often despite the risk of cloud vendor lock-in — the current round is focused on the big picture. Today, organizations are strategically laying out multi-cloud plans, refactoring leading-edge applications in cloud-native technologies, focusing on cloud spend efficiency and powering it with containers and Kubernetes.
As enterprises get more sophisticated about cloud usage, how they think about and use cloud changes. Instead of, “We’re moving this or that app to AWS,” organizations realize hybrid private/public cloud is a given, they will ultimately need multiple public cloud providers, and they are refactoring their plans to optimize their software.
Global Security Mag: How should technologies evolve to counter these threats?
Christophe Baroux : Three things stood out to me from the Gartner Market Guide for CNAPP that I mentioned earlier. The first is the need for an integrated solution that protects the entire software lifecycle. The second is the need for prioritization and context. It’s no secret that cloud security tools can be noisy. You need a platform that has a solution to reduce alert noise and prioritize what actually matters for you. Lastly, you need cloud security that provides both an agent and agentless solution. Agentless workload scanning is popular and necessary in some situations, but in-workload approaches provide the best protection in most situations.
Global Security Mag : In your opinion, what role can humans play in strengthening the defense strategy to be deployed?
Christophe Baroux : As bad actors work together, we need to also work together to fight back. That is why Sysdig is such a strong believer in open source. We are built on open source tools and we believe as we all work together towards a collective good, we will all have stronger security.
It’s boring, but we are also in favor of defense in depth. We have shift left solutions, but we focus on runtime as a last stop if all else fails.
Global Security Mag : What message would you like to convey to CISOs?
Christophe Baroux : Software has changed the world, and now we are in the next phase with the development of cloud-native applications. Businesses need to move to the cloud to avoid being left behind. However, from a technology evolution standpoint, it’s not that simple; enterprises are still in the early stages of their cloud adoption journey. There is still so much education and learning to be done, and security is probably the biggest gap for teams that are new to the cloud.
Cloud fundamentally has changed security and addressing risks later in the development life cycle negatively impacts the pace of cloud adoption while simultaneously raising security and compliance risks. The use of the cloud changes your security calculus. Legacy tools and processes are inadequate, as they do not provide visibility into dynamic container environments. More than half of containers live for five minutes or less, which makes investigating anomalous behavior and breaches extremely challenging. Container environments can be more secure, but only if security is explicitly designed in. In the absence of best practices, mistakes create openings for attackers.