Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
Having the ability to detect and respond to threats in the shortest time possible is one of the most important capabilities a security team can have. The faster they can respond to a data breach, the lower the level of disruption and operational impact.
The problem is that this is easier said than done. It can be very difficult to identify malicious activity in the environment and initiate a response when relying on manual administrative approaches.
However, technologies like artificial intelligence (AI) and machine learning have the potential to accelerate an enterprise’s detection and response efforts.
Today at the Black Hat Conference, unified container and cloud security provider, Sysdig, announced the launch of a new machine learning-driven cloud detection and response (CDR) solution to defend against cryptojacking attempts.
Sysdig’s announcement identifies machine learning as a critical technology that enterprises and decision makers can turn to more broadly to accelerate their efforts to detect and mitigate vulnerabilities.
Getting to grips with cryptojacking
While the cryptocurrency market has experienced some significant knocks over the past few months, malicious cryptomining remains a serious threat, with the volume of cryptojacking attacks rising 30% to 66.7 million between January to June 2022.
Cryptojacking presents unique challenges for enterprise security teams because cybercriminals will look to hijack a target’s computing resources with malware to mine for cryptocurrency, while trying to remain undetected for as long as possible. The longer they remain undetected, the greater the financial benefit of the attack.
Despite these attempts to avoid detection, technologies like machine learning have the potential to rapidly detect and respond to cryptojacking attempts in decentralized cloud environments.
“Sysdig gives real-time visibility at scale to address risk across containers and multiple clouds, eliminating security blind spots,” said Daniella Pontes, senior product marketing manager at Sysdig.
“We use context to prioritize security alerts so teams can focus on high-impact security events and improve efficiency. By understanding the entire source to runtime flow and suggesting guided remediation, we shorten time to resolution,” Pontes said.
Essentially, Sysdig’s ML-powered solution enables security teams to identify and prioritize the remediation of software vulnerabilities and anomalies before its too late.
The solution works by using a focused ML model that’s specifically trained to recognise cryptominer behavior running in containers, offering deep container visibility and the capability to analyze process activity and other system behaviors.
It’s an approach that the organization says is so effective that it claims its threat engine and detection algorithms block cryptojacking attempts with 99% precision.
A look at the cloud security posture management market
Sysdig is one of the most significant competitors in the cloud security posture management (CSPM) market, which researchers expect will grow from a value of $4.2 billion in 2022 to a total of $8.6 billion by 2027.
One of Sysdig’s biggest competitors in the market is CrowdStrike. Its Falcon Horizon solution offers automated discovery of cloud-native assets and can detect misconfigurations, vulnerabilities and security threats with integrated threat intelligence.
Sysdig is also competing against providers like Rapid7, with InsightCloudSec. This tool offers real-time analysis and automation capabilities to help security teams protect workloads during runtime, with vulnerability assessments and automated remediation to eliminate misconfigurations and vulnerabilities.
According to Pontes, one of the key differentiators between Sysdig and other providers is that the former is moving away from using machine learning for more general anomaly detection, and toward using it for more specific purposes or use cases like detecting cryptomining.
“Our solution is based on an ML model trained to recognise the anatomy of cryptominers from the process activity in running containers. We use our deep visibility into containers at runtime to collect the necessary type of data to be able to identify cryptominers’ behavior,” Pontes said.