Sysdig today extended the reach of the cloud detection and response platform by adding the ability to correlate identity behavior with workload activity and cloud resources.

Maya Levine, a product manager for Sysdig, said Cloud Identity Insights collects data using a next-generation instance of Sysdig agent software, that is based on updated implementations of a probe that leverages extended Berkeley Packet Filtering (eBPF) and open-source Falco software for detecting anomalies indicative of cyberthreats in a way that has now been extended to the cloud computing environment.

In addition to that agent now consuming 50% less resources, cybersecurity teams can leverage that lightweight probe and agent software to implement policies that quarantine workloads whenever suspicious activity is detected, noted Levine. Cloud Identity Insights will also automatically recommend policy optimizations by evaluating the permissions exploited by a compromised account during the incident in a way that highlights the riskiest roles and users in the environment.

Cloud Identity Insights immediately generates real-time alerts when, for example, reconnaissance activity is detected or existing privileges start to be escalated.

That’s critical because a large percentage of cloud breaches can be traced back to compromised credentials used to gain access to multiple cloud services, noted Levine. Whenever there is a breach, it’s too challenging today for most cybersecurity teams to draw a direct line to an incident and the human or machine identity that was compromised, said Levine.

Cloud Identity Insights will enable cybersecurity teams to uncover the activities of cybercriminals that have become adept at hiding their presence within cloud computing environments, she noted.

In recent months, Sysdig has been making a case for a 5/5/5 benchmark that calls for organizations to be able to detect suspicious activity in five seconds, correlate the potential impact in less than five minutes and respond in under five minutes. Cloud Identity Insights promises to help cybersecurity teams achieve that goal using telemetry data that can be used to respond more adroitly using the Sysdig cloud native application protection platform (CNAPP).

Unfortunately, it can take months for cybersecurity teams to detect and contain a breach when relying on legacy platforms. Increasingly cybersecurity teams are now expected to be able to detect suspicious activity in seconds as part of an effort to limit the blast radius of any potential breach. After all, the longer it takes to detect and contain a breach the more damage will be inflicted.

Cloud computing environments are more challenging given the highly dynamic nature of the workloads deployed on those platforms. In general, cloud computing platforms are more secure than on-premises IT environments, but the processes used to provision workloads in the cloud are from a cybersecurity perspective often deeply flawed. The challenge and the opportunity now is to find the budget dollars required to secure those environments using tools and platforms specifically designed to handle the unique attributes of cloud computing environments that are often updated multiple times daily.