Graham Cluley Security News reported this week, SisdigThank you to the amazing team for your support!
The unmanageable number of vulnerabilities in the cloud is your worst kept secret. Sysdig 2023 Cloud-Native Security and Usage report states: 87% of container images have high or critical vulnerabilities. Certainly not everything matters! what is important? And what can you ignore?
There is hope. The answer is “a lot!”
By focusing on in-use risk exposure, or vulnerable packages that are actually in use at runtime, teams focus their efforts on a small fraction of remediable vulnerabilities that actually represent real risk. can do. According to the Sysdig report, 15% of critical, high-level vulnerabilities for which fixes are available are in packages loaded at runtime. That’s a big difference!
Reducing the number of vulnerabilities from 85% to 15% provides a more actionable number for cybersecurity teams. By standardizing your approach to risk exposure in use, you can save time and focus that effort elsewhere, such as creating new applications.
This year, the Sysdig 2023 Cloud-Native Security and Usage report focused on key cloud challenges, including: Software supply chain risk, zero trustand Cost managementAfter analyzing billions of containers, Sysdig hopes to help the industry understand the state of the cloud and the best practices that will help inform your 2023 cybersecurity strategy. Read key reporting points from Sysdig.
Download the full Cloud-Native Security and Usage Report to uncover the latest insights, including:
- How businesses can save up to $10 million in cloud costs
- 87% of images contain advanced or critical vulnerabilities
- 90% of accounts have excessive permissions
Details ➔
About Sysdig
Sysdig provides cloud and container security so you can stop attacks without wasting time. Detect threats in real time using ML, curated rules, and Sysdig Threat Research policies. Prioritize vulnerabilities based on in-use risk exposure and quickly remediate in context. Combine runtime security with eBPF and Falco for agentless visibility.
If you’re interested in sponsoring my site for a week to reach IT-savvy users interested in computer security, you can find out more here.