Sysdig today published its Cloud-Native Security Report. The report found that 91% of runtime scans fail and only 2% of granted permissions are used in container environments.
Crystal Morin, cybersecurity strategist at Sysdig, said these results suggest that organizations are not making enough progress in securing cloud-native computing environments.
Based on Sysdig's analysis of millions of containers and thousands of cloud accounts, users, and roles, this study reinforces the need for continuous monitoring to secure cloud-native application environments. Morin says it has become clear that there are. He added that cybersecurity teams need to review the unnecessary privileges granted to end users as well as machines and software components as part of their efforts to implement Zero Trust IT.
However, the report also found some interesting contradictions. After analyzing nearly 6 million runtime image scans and over 500,000 continuous integration and delivery (CI/CD) build pipeline scans, we found that runtime scans had a vulnerability policy failure rate of 91%. compared to 71% for CI/CD pipelines.
In theory, Morin said, the more organizations shift responsibility for application security further to the left, the more the results should reverse. Organizations need to scan faster and more often. One possible explanation for this data is that additional dependencies outside the scope of the pipeline scan are being referenced. Another reason may be that organizations are simply skipping pipeline scans in favor of runtime checks to improve accuracy or reduce the burden on development teams. Finally, the report notes that, as is common with middleware components, not all packages are always checked.
Regardless of scan failure rates, more containers can be compromised than ever before. The report also notes that his 70% survival time in containers is less than 5 minutes. On average, it takes cybercriminals about 10 minutes to launch an attack. Morin points out that the longer a container is up, the more likely it is to be compromised.
Additionally, cybercriminals are becoming increasingly adept at monitoring cloud-native application environments, as they increasingly monitor vulnerable containers to be spun back. In fact, the amount of time his cybersecurity team has to discover and remediate container breaches is now increasing before cybercriminals exploit their exploits to laterally implant malware throughout his IT environment. It's measured in minutes, Morin said.
The Sysdig report states that 35% of attacks were identifiable by identifying indicators of compromise (IoCs), while the remaining 65% required additional behavioral detection mechanisms.
Finally, the report also reveals that more and more artificial intelligence (AI) models are running in cloud-native application environments. More than two-thirds (69%) of organizations have not yet incorporated AI into their cloud environments. 31% of enterprises integrate AI frameworks and packages, but only 15% of these integrations are used for generative AI tools such as: As a large-scale language model (LLM). AI adoption varies widely, but one thing is clear: new types of software artifacts are emerging in container environments that need to be secured.
As always, the challenge now is to distinguish what level of cybersecurity risk each of these artifacts actually represents to an organization.