Sysdig Simplifies Container Security Remediation
Sysdig today announced it is adding a guided remediation tool along with a checklist to help organizations better prioritize their container remediation efforts.
Alba Ferri, senior manager for product marketing at Sysdig, says Remediation Guru, available as a technology preview, and the ToDo checklist aggregate security findings by root cause to enable developers to prioritize their remediation efforts based on the actual impact vulnerabilities have on the application environment. The ToDo checklist is being made available to Sysdig customers upon request.
IT teams can then fix those issues in a few seconds because Remediation Guru automatically generates the suggested change to infrastructure-as-code (IaC) templates that can be applied with a single click, she adds. That capability enables teams to map misconfigurations in automatically generated pull requests to IaC manifests, notes Ferri.
Instead of presenting IT teams with a list of common vulnerabilities and exposures (CVEs) that should be fixed, Sysdig now provides more much-needed context when, for example, fixing one issue would resolve a hundred other vulnerability alerts, adds Ferri.
That capability is critical because most organizations tend to assign junior-level developers to fix vulnerabilities. Those junior developers aren’t always able to comprehend the relationship between various vulnerability alerts that have been created, she notes.
IT teams can now also apply security policies using Open Policy Agent (OPA) policy-as-code across multiple container environments as part of an effort to improve their overall cloud security posture management.
Earlier this year, Sysdig published a report that finds 85% of the container images running in production environments contain at least one vulnerability. Three-quarters of those vulnerabilities (75%) are rated as “high” or “critical,” according to the report.
The report also notes that less than half of container images (48%) are scanned before runtime. In fact, more than three-quarters (76%) are running as root, which makes it easier for cybercriminals to compromise the entire IT environment once they gain access to that container.
As more responsibility for application security shifts left toward developers, it’s critical to provide them with the tools required to be effective. Otherwise, as developers reuse containers, they will continue to routinely deploy container images that encapsulate multiple vulnerabilities without realizing it.
Unfortunately, far too many developers still assume that because a container only runs for a few seconds that a cybercriminal will not have the time to discover and exploit it. Cybercriminals, however, are now continuously scanning for container vulnerabilities within software supply chains. The presence of containers also indicates to them that an advanced application representing a potentially valuable target has been deployed.
Not everyone, of course, is convinced that developers are up to the application security challenges at hand. Cybersecurity teams are often skeptical that developers will focus on fixing vulnerabilities at the expense of writing additional code. However, they also realize they are dependent on the same developers to fix any vulnerability discovered. As such, making sure developers have tools that surface the most critical vulnerabilities is in the best interests of all concerned.
