Sysdig container security tool prioritizes vulnerabilities, reduces alerts

Container and cloud security provider Sysdig has launched Risk Spotlight, a vulnerability prioritization tool based on runtime intelligence, designed to enable  security teams to prioritize remediation — particularly regarding vulnerabiities related to container technology — without affecting development speed.

While working with open-source packages, developers often bring associated vulnerabilities into their software environment that may not warrant immediate attention if they do not affect production applications. When all these vulnerabilities get flagged by security systems, it leads to increased alert noise that gets difficult for the developers to handle.

Risk Spotlight will generate alerts about vulnerabilities that are tied to packages used at runtime in production software, and which present a real chance of exploitation. “Without context, developers find themselves scrolling through hundreds, even thousands, of vulnerabilities in spreadsheets trying to figure out which fixes matter,” says Knox Anderson, vice president of product at Sysdig. “Sysdig Secure has runtime intelligence that can identify the packages that are exposed and the vulnerabilities impacting those packages. This intelligence provides a filter to highlight these vulnerabilities for developers to fix immediately.”

Container technology like Docker — self-contained, lightweight software packages — have brought major improvements to the speed with which companies can deploy and scale their applications, but have also increased the possibility of introducing vulnerabilities into their software stacks. As a result, there are now a number of container security tools on the market, and alerts generated by these systems can be overwhelming.

“Frequent alerts about cybersecurity threats can lead to so-called ‘alert fatigue,’ which numbs the staff to cyber alerts, resulting in longer response times or missed alerts. The fatigue, in turn, can create burnout among SOC analysts,” says Gary McAlum, TAG Cyber senior analyst, “However, all alerts are not equal and there are a vast number of false positives or even low-level issues that can obscure the potential significant event that truly needs investigation.”

Risk Spotlight will be available to existing Sysdig Secure customers at no additional cost. Sysdig Secure is part of Sysdig’s container intelligence system, a unified platform designed to deliver security, monitoring, and forensics in a cloud, container and microservices-friendly architecture integrated with Docker and Kubernete

Mitigate risk while reducing alerts

Risk Spotlight, Sysdig claims, packs in a comprehensive mitigation solution that delivers multiple features to round out vulnerability remediation:

• Vulnerability noise reduction: Risk Spotlight promises 95% alert noise reduction by identifying and eliminating vulnerabilities associated with packages not used at runtime.
• Manage risk with actionable insights: Risk Spotlight delivers vulnerability details — such as the Common Vulnerability Scoring System (CVSS) vector from multiple sources, the fix version, and any available exploits — to manage vulnerability risk at scale.
• Comprehensive vulnerability management for containers: The software provides a single view of vulnerability risk across container lifecycle — from build to runtime. The interface also includes a package-centric view of vulnerabilities with appropriate fixes and upgrades for developers.

“Sysdig’s intelligence provides a filter to prioritize the important vulnerabilities for developers to fix immediately,” says Knox. “This typically reduces the list of vulnerabilities from between 60% and 95% to a manageable handful of vulnerabilities that can be quickly fixed without slowing down development.”

Reduction of unnessary alerts would be a welcome feature for developers, according to TAG’s McAlum. “Any significant reduction in the low-level or false-positive alerts would be a huge help to security analysts. However, the remaining 5% volume is still a significant number of alerts that need to be triaged, managed, or resolved in some cases. This is where Risk Spotlight will provide a huge lift by effectively prioritizing the remaining alerts based on risk then providing recommended remediation,” McAlum says.

The addition of the feature will help Sysdig distinguish itself among its competitors, he says. “The addition of Risk Spotlight to (Sysdig’s) existing suite of features is a natural evolution in providing a single view of vulnerability risk across the development lifecycle from build to production along with improved remediation capabilities.”