Cloud Security, Threat Intelligence, Threat Management, Incident Response

Sysdig Speeds Cloud Detection and Response

5 Cloud Computing Tips

Sysdig has released the 5/5/5 Benchmark for Cloud Detection and Response to help organizations detect, triage and respond to cloud attacks, according to the company.

The business debuted the benchmark at the SANS Institute Fall Cyber Solutions Fest, a virtual event held October 25-27.  

It Does Not Take Long for a Cybercriminal to Launch a Cloud Attack

After a cybercriminal discovers an exploitable target in a cloud environment, it only takes the criminal about 10 minutes to execute an attack, Sysdig noted.

Now, security teams can use Sysdig's 5/5/5 benchmark to measure how fast they can detect and respond to cloud attacks, the company stated. That way, they can outpace attackers in the cloud and protect their organizations against cloud attacks and data breaches.

5/5/5 Benchmark Addresses the Speed of Cloud Attacks

Operating securely in the cloud requires a mindset shift in regards to time, Sysdig pointed out. As such, Sysdig has created the 5/5/5 benchmark to help organizations find the best ways to detect and respond to cloud attacks faster than cybercriminals can complete them.

The 5/5/5 benchmark consists of the following components:

  • Detecting threats within 5 seconds by using cloud-based security tools to monitor assets in real time
  • Correlating and triaging cloud attacks within 5 minutes of receiving the first relevant security alert
  • Responding to an attack within 5 minutes of confirmation that the attack is underway

Tips to Meet the 5/5/5 Benchmark

Organizations can develop their security programs in conjunction with the 5/5/5 benchmark, Sysdig indicated. Meanwhile, there are several things that these organizations can do to create programs that meet this benchmark, such as:

  • Utilize cloud detection technologies to monitor infrastructure-as-a-service (IaaS) instances, containers, clusters and serverless functions.
  • Leverage security data from multiple cloud environments and use these data to generate security insights.
  • Implement API- and infrastructure-as-code-based mechanisms to define and deploy assets and execute threat response and remediation actions.
  • Destroy any compromised assets and replace them with clean versions.
  • Use security tools to automate incident response and perform forensic investigations.

Additionally, organizations can partner with MSSPs to accelerate cloud threat detection and response. MSSPs can provide cloud security services and many others to help these organizations keep pace with current and emerging cyber threats and get the most value out of their security programs.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.