Alex Melamud, Principal at Permira, and Suresh Vasudevan, CEO of Sysdig and cloud security expert, discuss the evolving software landscape and new challenges companies must consider for cloud security.
Alex Melamud: Suresh, the past 10 years have been a decade of change in the world of technology and software. Can you talk about that evolution and how it’s affecting companies’ cloud security today?
Suresh Vasudevan: Over the last several years, we’ve seen a dramatic shift from on-prem applications to cloud-centric applications. Today, many companies are increasingly looking to software to power their innovation – and that software is increasingly being built to run in public clouds.
Now, as good as the public cloud is for agility and the speed to develop software, it presents some significant challenges for security teams. In essence, there has been a massive increase in the risk surface area as companies have started moving more of their software to the cloud. At Sysdig, we see these greater risks for both large, global enterprises, as well as smaller cloud-native companies. Across the board, businesses which have embraced the cloud are seeing breaches at a much faster pace than in the past – according to research conducted by Thales, 40% of businesses have experienced a cloud breach this year.
Alex Melamud: That is a frightening stat. What are the main vulnerabilities companies should be careful of when it comes to cloud security?
Suresh Vasudevan: Sysdig asks two main questions to assess risk in the cloud how does a cybercriminal get access to your cloud in the first place, and then once they have access, what happens past that point?
To speak to the first question, there are three pathways that attackers typically use to gain access to a company’s cloud estate: software vulnerabilities, cloud misconfigurations, and excess entitlements to people. The Sysdig Threat Research Team has done an enormous amount of work to identify common trends that put companies at risk – and we’ve found that roughly 85% of container images have high or critical vulnerabilities. Additionally, we’ve found that cloud misconfigurations are involved in 75% of the breaches we see. Lastly, roughly 90% of security permissions that companies give to users within the cloud go unused and therefore represent excess permissions putting the company at risk.
Then what happens after an attacker has access? Our threat research team has discovered that on average, it takes less than 10 minutes for an attack to begin once the breach has been made. This is much faster than the time we typically see with on-prem attacks, which is typically measured in days.
Alex Melamud: What do these attacks look like? What are the real-world effects and costs of cloud attacks?
Suresh Vasudevan: There’s a range of attacks and motives for them – we see attacks that are financially motivated and some that are positioned against a company’s reputation. Those most common include ransomware attacks, crypto mining, and data theft. There was a well-documented case in Australia where a company’s cloud-stored data was held ransom. The company refused to pay the ransom, which unfortunately led to millions of medical records being leaked to the public.
Additionally, ineffectively mitigating breaches can have a significant human capital cost impact on companies. With one of our clients, they had a team of employees who spent every day constantly looking for crypto miners in their cloud environment – now with the use of Sysdig technology, the company’s security team can review automated reports and more effectively stop miners in real time. What used to be a full-time job for at least one person can be a 5-minute task weekly.
Alex Melamud: With that kind of impact, have you seen a shift in the mindset about the importance of cloud security at the companies you work with?
Suresh Vasudevan: It’s definitely at the forefront of decisions being made at the board level. Previously, while cloud-security was always important, it’s shifted from mainly being the focus of CISOs and security teams, to now sitting as a top agenda item across executive teams and boards.
Alex Melamud: In thinking about the changing landscape of software, we have to talk about Generative AI – so what does Gen AI mean for cloud-security?
Suresh Vasudevan: Gen AI has been an explicit area of focus for us – both in how we consider attacks and how we consider prevention. On one hand, Gen AI makes cybercriminals much more productive. As they are launching attacks, they are leveraging Gen AI for automation, and they are able to hijack credentials much more effectively. On the other hand, security companies like Sysdig have a real opportunity. We are working hard to integrate Gen AI across our products and have found that we can use it to more efficiently detect and react to threats. Additionally, a fundamental challenge in cyber security is finding high-level talent in security engineers to defend against attacks. With Gen AI as a resource, security companies can scale the work of analysts and less experienced engineers to handle a wide range of attacks.
Alex Melamud:In early August Sysdig introduced Sysdig Sage as a generative AI resource. At a high-level, can you tell me how that works?
Suresh Vasudevan: Yes, of course. Sysdig Sage is a generative AI assistant built specifically to address cloud security challenges and concerns for security teams. It goes beyond typical AI chatbot functionality to employ multistep reasoning and multidomain correlation to quickly discover, prioritize, and remediate risks specific to the cloud. It also leverages the power of Sysdig runtime insights to reveal hidden connections between risks and security events that would otherwise go undetected. Users can even grant approval to execute recommended actions, saving valuable time when it matters the most – during an attack.
Alex Melamud: Before we go, what are you excited about right now?
Suresh Vasudevan: It's been such an incredible year at Sysdig, and I'm excited for the new capabilities that we've announced that allow customers to consolidate cloud security.
With our new platform capabilities, we've extended the power of runtime insights across cloud security, from shift left to shield right. Prevention and hardening are important steps to any security program, but security teams cannot prevent all attacks, so they need real-time threat detection and response for the things that will inevitably get through. We excel on both sides of the coin - prioritizing the vulnerabilities to remediate and detecting a live attack within seconds. Recent new features like searchable inventory and Cloud Attack Graph, both powered by runtime insights, are focused on helping customers move faster by connecting dots and providing deep context. Cloud security must move at the speed of the cloud, if it’s not, it’s not real cloud security!