Sysdig Sage™ for CDR: Speed up evaluation, investigation and response

Final 12 months, Sysdig outlined our imaginative and prescient for an AI-driven cloud safety assistant. At the moment, we’re excited to announce Sysdig Sage™ for cloud detection and response (CDR), our new launch that embodies our imaginative and prescient. Constructed upon the core ideas we launched, Sysdig Sage affords actionable insights for cloud environments, with a give attention to CDR. Sysdig Sage for CDR is the primary milestone on the highway to creating AI help pervasive throughout our CNAPP platform, enabling clients to safe their cloud environments sooner.

The 555 Benchmark for Cloud Detection and Response – 5 seconds to detect, 5 minutes to triage, and 5 minutes to reply – units the usual for working securely within the cloud. Attaining 555 means with the ability to detect and reply to cloud assaults sooner than attackers can full them.

With solely 5 minutes to carry out cloud investigations and block assaults earlier than they’re executed, Sysdig Sage for CDR accelerates evaluation and investigation, permitting customers to prioritize what issues. With Sysdig Sage, customers can give attention to assault responses reasonably than spending time connecting the dots or retrieving key info to know the assault’s huge image and influence.

What’s Sysdig Sage for CDR?

Sysdig Sage is a generative AI cloud safety analyst – an knowledgeable that empowers customers, letting them ask questions on their runtime occasions in pure language inside Sysdig Safe’s Occasions Feed.

The Occasions web page offers an summary of safety occasions occurring throughout your infrastructure, permitting you to dive deep into particular particulars, distinguish false positives, and configure insurance policies – based mostly on open supply Falco – to boost safety.

Sysdig Sage elevates these capabilities infusing AI into safety evaluation operations, delivering:

  • Statistics of safety occasions: Overview prime statistics for runtime safety occasions based mostly on numerous groupings resembling coverage title, rule (occasion kind), severity, and extra. This may assist customers streamline the evaluation and rapidly establish and give attention to occasions which can be related to the investigation
  • Clarification of safety occasions: Sysdig Sage can present particulars about runtime occasions to customers and dig deeper into them – for instance, to clarify the command strains that generated them. 
  • Recommended subsequent steps: Sysdig Sage for CDR can get behavioral particulars from pattern runtime occasions to summarize what occurred at a broader degree and counsel some subsequent steps to repair and remediate the problems. This may assist customers transfer sooner and instantly take motion.
  • Context consciousness: Sysdig Sage for CDR offers a totally built-in expertise. It understands what customers are navigating within the Safe UI and may management it, permitting customers to rapidly bounce to the occasions and data related to their investigation.

See Sysdig Sage in motion

As somebody working in safety operations, you would possibly wish to simply navigate, filter, and give attention to related occasions. When viewing the Sysdig Occasions feed, you need to have the ability to perceive the occasions it’s good to give attention to.

You would possibly filter out low and medium-severity occasions however nonetheless have tons of occasions to course of. That is when Sysdig Sage can pace up your work. You might be one click on away from asking “Can you summarize these events?” Sysdig Sage will perceive that you simply activated these filters within the UI and solely give attention to high-severity occasions that occurred within the final 6 hours:

Sysdig Sage controlling the Sysdig Secure Events Feed

You may then click on on “Link to events” to rapidly attain the occasions you wish to analyze within the UI and hold the dialog going with a give attention to the occasion you wish to have a look at extra intently:

image3 67
image6 35

At this level, you would possibly wish to higher perceive why the person was allowed to carry out that motion and if it represents a risk:

image5 40

Now that you simply related the dots, it is possible for you to to begin crafting your remediation technique:

image1 99

And at last: the massive image. Is the risk you analyzed a part of a broader safety incident? Let’s ask Sysdig Sage!

image2 90

In just some questions, you had been capable of refine your evaluation, get all of the wanted info with out leaving Sysdig Safe, and get steering on what steps to take.

Unlock the ability of AI for cloud safety

Cloud assaults occur quick. Sysdig Sage for CDR is the last word secret weapon to equip safety groups to attain the 555 Benchmark for Cloud Detection and Response, rapidly make knowledgeable selections, quickly reply to threats, and save time on essentially the most advanced duties.

With Sysdig Sage you possibly can:

  • Supercharge expertise: Whether or not a novice or knowledgeable, Sysdig Sage for CDR will assist you perceive your runtime occasions.
  • Save time: Give attention to outcomes, not the evaluation. 
  • Get actionable insights: Know the place to begin and scale back time to reply – from hours to seconds.
  • Collaborate higher: Degree set information throughout groups. 

By lowering evaluation time to simply seconds and seamlessly connecting the dots, Sysdig Sage for CDR impacts day by day safety operations, supercharging CNAPP capabilities with the ability of AI.

Come speak to us about Sysdig Sage at our Black Hat sales space.

Recent articles

Patch Alert: Essential Apache Struts Flaw Discovered, Exploitation Makes an attempt Detected

Dec 18, 2024Ravie LakshmananCyber Assault / Vulnerability Risk actors are...

Meta Fined €251 Million for 2018 Knowledge Breach Impacting 29 Million Accounts

Dec 18, 2024Ravie LakshmananKnowledge Breach / Privateness Meta Platforms, the...