Cloud Security

Sysdig Announces Drift Control to Prevent Runtime Container Attacks

Sysdig Announces Drift Control to Prevent Runtime Container Attacks
Written by ga_dahmani
Sysdig Announces Drift Control to Prevent Runtime Container Attacks

News and research before hearing about it on CNBC and others. Request your free 1-week trial to Street Insider Premium here.

The company also partners with Proofpoint to block malware and crypto mining threats.

SAN FRANCISCO–(BUSINESS WIRE)–Sysdig, the unified container and cloud security leader, announced Drift Control to prevent container runtime attacks. Teams can detect, prevent, and speed response to incidents of containers that were changed during production, also known as container bypass. In addition, Sysdig improved detection of malware and cryptomining with new threat intelligence feeds from Proofpoint Emerging Threats (ET) Intelligence and the Sysdig Threat Research team. To be successful in the cloud, teams need a single view of risk with no blind spots, including having prevention that flags and blocks container diversion.

Read: Preventing Runtime Container Attacks with Sysdig Drift Control

New critical vulnerabilities discovered, including Log4j and Spring4Shell, are a reminder that threat detection is critical in both the cloud and the data center. This detection should provide multiple layers of protection. Sysdig, using the Falco open source project, the de facto standard for cloud-native threat detection, covers all common categories of system intrusion attacks identified in Verizon 2022 Data Breach Investigation Report.

With this announcement, Sysdig adds additional layers of detections. The former uses enhanced malware detection and cryptomining with Proofpoint’s threat sources for known and emerging threats. Drift Control, the second additional technique, applies the principle of immutability and provides a preemptive layer of defense for cloud-native workloads. Container immutability ensures that the container software is not modified during its lifetime, preserving consistency from source to execution and preventing actions that could be part of an attack.

Given the dynamic nature of cloud-native environments and legacy practices that carry over to cloud environments, teams often neglect immutability best practices and fail to see the drift, especially at scale. To close the dangerous security gaps created by container drift, Sysdig provides Drift Control to automatically flag and deny deviations from the trusted original container.

Key benefits

  • Detect and prevent container drift with Drift Control: With Sysdig, teams can prevent common runtime attacks by dynamically blocking executables that were not in the original container. Sysdig helps customers follow immutability security best practices and ensure that containers are not changed after deployment to production.
  • Improve detection with the latest threat intelligence sources: Sysdig Secure has added threat intelligence feeds from Proofpoint Emerging Threats (ET) Intelligence and the Sysdig Threat Research team. With these feeds, teams can rely on the most timely and accurate threat information, including malicious IPs and domains, to better protect their environments against threats like Command & Control (C2), malware, backdoors, cryptominers, and anonymization.
  • Accelerate incident response and mitigation with Rapid Response: In In addition to the new prevention and detection capabilities powered by Drift Control and threat intelligence feeds, teams can use Sysdig Secure to drill directly into the compromised or suspect container with secure shell access on demand and investigate the blocked executable and threats. malicious communications detected. Teams can minimize exposure by removing the malicious file locally from the command line. Sysdig maintains a detailed audit trail of all mitigation commands and can upload session history to user-defined external storage.

“When there’s an attack every 11 seconds, it’s important to have multiple layers of defense,” said Omer Azaria, Sysdig’s vice president of research and development. “Sysdig’s new Drift Control capability applies best practices that can stop an attack before damage is done.”


Sysdig Secure customers have access to Drift Control and new threat sources now and for new customers, it’s included in Sysdig Secure at no additional cost.


About Sysdig

Sysdig is driving the standard for cloud and container security. The company pioneered cloud-native runtime threat detection and response by creating Falco and Sysdig as open source standards and key components of the Sysdig platform. With the platform, teams can find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions, and compliance. From containers and Kubernetes to cloud services, teams get a single view of risk from source to execution—no blind spots, no guesswork, no black boxes. The world’s largest and most innovative companies trust Sysdig.

amanda mckinney smith

[email protected]


Source: Sysdig

About the author


Leave a Comment