Sysdig: Prioritizing Risk with Risk Spotlight

With security problems to the left of us and to the right of us, it’s blasted hard to tell the difference between a serious security hole and a minor one. That’s where the security company Sysdig, comes in with Risk Spotlight, its new vulnerability prioritization feature. The goal? Reduce alert fatigue and effectively prioritize remediation.

Threat Detection

It does this, according to Pawan Shankar, Sysdig’s director of product marketing, by using the open source Falco threat detection engine. Armed with this data, Sysdig claims Risk Spotlight:

• Reduces vulnerability noise by up to 95%: Risk Spotlight eliminates the noise from vulnerabilities that pose no immediate risk by identifying the packages only used at runtime. This helps DevOps and developer teams understand the real risk in their container environments and minimizes alert fatigue.
• Manages risk with actionable insights: Risk Spotlight delivers vulnerability details — such as the CVSS vector from multiple sources, the fix version, and any available exploits — to manage vulnerability risk at scale.
• Provides Comprehensive vulnerability management for containers from source to run: Risk Spotlight provides a single view of vulnerability risk across the container lifecycle — from build to runtime. The new UI also speeds remediation by giving developers a package-centric view of vulnerabilities, along with the fix or upgrade they need to apply. Developers can also apply security best practices early by removing unused packages during the build process.

Better Practical Security

The result? Better practical security. As Loris Degioanni, Sysdig’s Founder and CTO explained, “Detecting threats at runtime across containers, hosts, and cloud services is fundamental for cloud native security. Then using that runtime intelligence to prioritize vulnerabilities provides developers with a reasonable list of the highest impact issues to fix. Scrolling line-by-line through an endless spreadsheet of issues is inefficient for developers and slows down software releases.”

Another point to this approach, according to Daniella Pontes Sysdig’s Senior Product Marketing Manager is that while, “readily available container images of third-party and open source code enabled much faster cycles, [it] also facilitated the introduction of vulnerabilities in the application. One single container could have hundreds of vulnerabilities; more complex application environments can reach tens of thousands.”

Sure you can just pay attention to the vulnerabilities with the highest Common Vulnerability Scoring System (CVSS) scores, but that misses the point. Pontes continued, “vulnerabilities with high scores may not pose any actual risk to your application, they could be just noise. On the other hand, a medium vulnerability could provide an entry point to attackers, which could evolve to a broad and harmful impact. So, prioritization based only on CVSS scores is inefficient and ineffective.”

Focus on the Issues

What Risk Spotlight does is focus on the issues that matter to you, your team, and your projects. Not some hypothetical vulnerability that would have no real effect on your programs.

Sounds promising to you? Give it a try. Risk Spotlight is available now to Sysdig Secure users at no additional cost.