Cybereason Blog | Cybersecurity News and Analysis

Extend Cloud Detection and Response with Sysdig and Cybereason

Written by Cybereason Global SOC Team | Aug 9, 2023 1:00:00 PM

Open XDR integration enriches Sysdig CDR signals to correlate and identify Malicious Operations across the broader enterprise.

As organizations increase investment across cloud services and infrastructure, unique challenges arise around excessive permissions, misconfigurations, and unsecured resources. This adds uncertainty and additional work for security teams, who must manage risk at the pace of business while still protecting the complete corporate environment. We’re excited to be partnering with Sysdig, a leader in cloud detection and response, to integrate our platforms and enable teams to manage cloud risk with XDR context from the broader enterprise.

Sysdig’s cloud-native application protection platform (CNAPP) offers real-time Cloud Detection and Response (CDR), as well as vulnerability, entitlement and posture management. Combined with Cybereason XDR, organizations can extend protection and operation-centric threat detection and response across the complete organization, enabling teams to secure their most valuable assets in a time-efficient, visual manner.

Highlights of the planned integration, with General Availability targeting Q4 2023, include:

  • Sysdig's Cloud Detection and Response module (powered by Falco open source software) detects suspicious events and generates alerts. These events, which also include runtime insights, will then be pulled by Cybereason XDR.
  • Cybereason XDR will further enrich and correlate these signals against its data, which includes EDR, Identity, Cloud, and Network partner integrations.
  • This will allow joint customers to identify Malicious Operations (MalOps) that cross critical thresholds, paired with XDR response recommendations and MDR response capabilities.
  • The integration is currently in Early Access.

 

How will the integration work?

Important Cloud Detection and Response events identified by Sysdig are transmitted to Cybereason XDR (it pulls these from the Sysdig API). Cybereason XDR will ingest and display this information as a part of its “Suspicious Events”. XDR then further correlates these events with activity from Endpoint, Network, Identity, and Cloud data sources within Cybereason. 

High-priority threats, known as MalOps, will be displayed as visual attack stories, complete with response recommendations and triage from the 24/7 Cybereason Managed Detection and Response team.

The above shows a spear-phishing attack visualized within Cybereason XDR with data from Sysdig about AWS Cloud accounts being compromised. Sysdig alerts Cybereason that a disallowed user for AWS has elevated his/her privileges, then Cybereason correlates that this user did have an anomalous login and may have had the AWS account credential compromised via spear phishing attack.

This integration is a significant development in the Cybereason & Sysdig partnership. By combining our strengths, we aim to create a solution that will help customers better protect their complete cloud risk. 


Roadmap Disclaimer

This document contains forward looking statements. All information relating to product roadmap and/or future functionality/capabilities is provided solely as a non-binding expression of the present intent and is not and should not be deemed to constitute any form of commitment, promise or legal obligation to develop,  offer or deliver any product, upgrade, enhancement, software, hardware, documentation or functionality whatsoever.  The development (if any), release (if any) and timing of any feature or functionality is and will remain at the Parties’ sole and absolute discretion.