The cloud’s worst kept secret? Vulnerabilities

1 year ago AndyC

Graham
Cluley
Security
News
is
sponsored
this
week
by
the
folks
at

Sysdig.
Thanks
to
the
great
team
there
for
their
support!

The
unmanageable
number
of
vulnerabilities
in
the
cloud
is
the
worst-kept
secret.

Graham
Cluley
Security
News
is
sponsored
this
week
by
the
folks
at

Sysdig.
Thanks
to
the
great
team
there
for
their
support!

The
unmanageable
number
of
vulnerabilities
in
the
cloud
is
the
worst-kept
secret.
The
Sysdig
2023
Cloud-Native
Security
and
Usage
report
found
that

87%
of
container
images
have
high
or
critical
vulnerabilities!
Surely
not
everything
is
important!
What
is
important?
And
what
can
you
ignore?

There’s
hope,
the
answer
is
“a
lot!”

By
focusing
on
in
use
risk
exposure,
or
the
vulnerable
packages
that
are
actually
in
use
at
runtime,
teams
can
focus
their
efforts
on
a
smaller
fraction
of
the
fixable
vulnerabilities,
the
ones
that
actually
represent
true
risk.
The
Sysdig
report
found
that

15%
of
critical
and
high
vulnerabilities
with
an
available
fix
are
in
packages
loaded
at
runtime.
That’s
a
massive
difference!

Reducing
the
number
of
vulnerabilities
by
85%
down
to
15%
provides
a
more
actionable
number
for
cybersecurity
teams.
By
standardizing
your
approach
on
in
use
risk
exposure,
you
can
save
time
and
focus
that
effort
elsewhere,
like
producing
new
applications.

This
year,
the
Sysdig
2023
Cloud-Native
Security
and
Usage
report
focused
on
key
cloud
challenges,
including

software
supply
chain
risk,

zero
trust,
and

cost
management.
After
analyzing
billions
of
containers,
Sysdig
hopes
to
help
the
industry
understand
the
current
state
of
the
cloud
and
best
practices
that
should
inform
your
2023
cybersecurity
strategies.
Read
the

key
report
takeaways
from
Sysdig.

Download
the
full

Cloud-Native
Security
and
Usage
Report
to
uncover
the
latest
insights
like:

How
companies
can
save
up
to
$10M
in
cloud
costs
87%
of
images
include
a
high
or
critical
vulnerability
90%
of
accounts
have
excessive
permissions

Learn
More
➔

About
Sysdig

Sysdig
delivers
cloud
and
container
security
so
you
can
stop
attacks
with
no
wasted
time.
Detect
threats
in
real-time
using
ML,
curated
rules
and
Sysdig
Threat
Research
Policies.
Prioritize
vulnerabilities
based
on
in-use
risk
exposure
and
fix
fast
with
context.
Gain
agentless
visibility
combined
with
runtime
security
powered
by
eBPF
and
Falco.

If
you’re
interested
in
sponsoring
my
site
for
a
week,
and
reaching
an
IT-savvy
audience
that
cares
about
computer
security,
you
can

find
more
information
here.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts