CA-SYSDIG-INC

26.1.2022 13:02:10 CET | Business Wire | Press release

Sysdig Security and Usage Report Finds More than 75% of Running Containers Have Severe Vulnerabilities

Sysdig, Inc., the unified container and cloud security leader, today announced findings from its Sysdig 2022 Cloud-Native Security and Usage Report. The report reveals that as teams rush to expand, container security and usage best practices are sacrificed, leaving openings for attackers. In addition, operational controls lag, potentially resulting in hundreds of thousands of dollars being wasted on poor capacity planning. All of these are indicators that cloud and container adoption is maturing beyond early, “expert” adopters, but moving quickly with an inexperienced team can increase risk and cost.

The fifth annual report reveals how global Sysdig customers of all sizes and across industries are using and securing cloud and container environments. This real-world, real-time data provides insight into usage of billions of containers run yearly, including usage trends, and security, compliance, runtime, and cloud practices.

Read the highlights in the Sysdig 2022 Cloud-Native Security And Usage Report blog .

Highlights From the Report

75% of containers have “high” or “critical” patchable vulnerabilities
Organizations take educated risks for the sake of moving quickly; however, 85% of images that run in production contain at least one patchable vulnerability. Furthermore, 75% of images contain patchable vulnerabilities of “high” or “critical” severity. This implies a fairly significant level of risk acceptance, which is not unusual for high agility operating models, but can be very dangerous.

Nearly 3 out of every 4 accounts contain exposed S3 buckets
Seventy-three percent of cloud accounts contain exposed S3 buckets and 36% of all existing S3 buckets are open to public access. The amount of risk associated with an open bucket varies according to the sensitivity of the data stored there. However, leaving buckets open is rarely necessary and it's usually a shortcut that cloud teams should avoid.

27% of users have unnecessary root access, most without MFA enabled
Cloud security best practices and the CIS Benchmark for AWS indicate that organizations should avoid using the root user for administrative and daily tasks, yet 27% of organizations continue to do so. Forty-eight percent of customers don’t have multi-factor authentication (MFA) enabled on these highly privileged accounts, which makes it easier for attackers to compromise the organization if the account credentials are leaked or stolen.

$400,000+ per cluster overspend on cloud service provider bills
Capacity management and planning are difficult in fast changing Kubernetes environments and limits on how many resources a container can use can go undefined. Sixty percent of containers had no CPU limits defined and 51% had no memory limits defined. Of those clusters that did have CPU limits, an average of 34% of CPU cores were unused. Without knowing the utilization of clusters, organizations could be wasting money due to overallocation or causing performance issues by running out of resources. Given the average cost of Amazon Web Services CPU pricing, an organization with 20 Kubernetes clusters could be overspending up to $400,000 yearly.

Other Interesting Findings

Non-humans outnumber humans in the cloud , with 88% of roles assigned to nonhumans, such as applications, cloud services, and commercial tools. While this isn’t necessarily a bad thing, a best practice is to follow the principle of least privilege and explicitly assign the minimum necessary permissions to each role. Granting excessive permissions is fast and easy for admins but adds risk.
Container density grew again in 2021 , a nearly 15% increase year-over year and a 360% increase in four years. As containers increase in density, setting resource limits becomes more important, a best practice not being followed as DevOps teams rush to expand cloud environments.
Massive growth for Falco , the CNCF open-source project contributed by Sysdig. The project now has over 40 million downloads, which represents 370% growth since becoming an Incubating project in January 2020. Falco has secured its position as the runtime cloud and container security standard.
Containers running as root continue to rise . Forty-eight percent of images are scanned before runtime, yet 76% of containers are running as root, a 31% increase from last year. Slow adoption of best practices may indicate broad adoption of container technologies by organizations that have not yet evolved their DevSecOps processes. Privileged containers are easier for attackers to compromise.

Learn More About the Report

Download the full Sysdig 2022 Cloud-Native Security And Usage Report .
Read the report highlights in this year’s blog .
View the interactive infographic .
Read the previous reports .

About Sysdig

Sysdig is driving the standard for cloud and container security. The company pioneered cloud-native runtime threat detection and response by creating Falco and Sysdig as open source standards and key building blocks of the Sysdig platform. With the platform, teams can find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance. From containers and Kubernetes to cloud services, teams get a single view of risk from source to run, with no blind spots, no noise, no black boxes. The largest and most innovative companies around the world rely on Sysdig.

View source version on businesswire.com: https://www.businesswire.com/news/home/20220126005036/en/

Link:

ClickThru

About Business Wire

Business Wire
101 California Street, 20th Floor
CA 94111 San Francisco

http://businesswire.com

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

VeriSilicon Launches the Industry-Leading Automotive-Grade Intelligent Driving SoC Design Platform29.4.2025 02:00:00 CEST | Press release

Providing one-stop custom service from chip design and verification to automotive-grade certification VeriSilicon (688521.SH) recently announced that its automotive-grade high-performance intelligent driving system-on-chip (SoC) design platform has been verified and successfully implemented in customer projects. Leveraging VeriSilicon’s Silicon Platform as a Service (SiPaaS) business model, this platform provides robust technical support for high-performance computing applications such as autonomous driving and advanced driver assistance systems (ADAS). VeriSilicon’s chip design process has obtained ISO 26262 automotive functional safety management system certification, enabling the company to provide global customers with one-stop custom service for their automotive chips that meet functional safety requirements. Combined with its extensive portfolio of automotive-grade IPs and complete intelligent driving software platform, VeriSilicon offers end-to-end support from chip design and v

IFF Pharma Solutions to Showcase Portfolio at Excipient World 202528.4.2025 23:00:00 CEST | Press release

Sustainability Expert Will Share Key Insights on Industry-Leading Solutions for Improving Environmental Impact IFF (NYSE: IFF) Pharma Solutions, a global leader in polymer innovations, will showcase its sustainable solutions at Excipient World 2025. The team will feature sustainable innovations, controlled-release formulations, and nitrosamine risk mitigation solutions at booth 205 from May 13-14, Gaylord National Resort and Convention Center, National Harbor, Maryland, USA. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250428283122/en/ “At IFF Pharma Solutions, we believe sustainability is not just a responsibility but an opportunity to innovate and inspire,” said Dr. Anne Adden, global strategic marketing director for sustainability and dietary supplements. “We are committed to creating solutions that not only meet the needs of today but also pave the way for a healthier, more sustainable future. Our team of problem-solve

Winka Dubbeldam Appointed Director and CEO of SCI-Arc28.4.2025 20:50:00 CEST | Press release

The Southern California Institute of Architecture (SCI-Arc) is thrilled to share that Prof. Winka Dubbeldam has been appointed as the next Director and Chief Executive Officer of SCI-Arc. A globally recognized Dutch architect, educator, and leader in design innovation, Winka will officially assume the role on September 1, 2025. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250428994100/en/ Winka Dubbeldam Winka brings more than three decades of experience to the forefront of architectural practice and education. She is a full Professor of Architecture and served as Chair at the University of Pennsylvania Stuart Weitzman School of Design for ten years (2013–2023). Previously she initiated and directed the Post-Professional Architecture program for ten years (2003–2013), providing international students with innovative design skills, cutting-edge theoretical and technological knowledge necessary for a productive and innovativ

NIQ announces global data collaboration with The Trade Desk to enhance audience targeting28.4.2025 19:37:00 CEST | Press release

The Trade Desk is the first global technology platform to integrate new-to-market audiences NIQ, a leading consumer intelligence company, today announced a strategic global collaboration with The Trade Desk, a global leader in advertising technology. The collaboration will integrate NIQ's consumer intelligence and global insights on shopping behaviors into The Trade Desk’s platform, supporting marketers to plan and activate ad campaigns more accurately. These new-to-market audiences, now available on The Trade Desk's media buying platform, will enable advertisers to reach their desired audiences in global markets, with effectiveness and precision. "Our collaboration with The Trade Desk represents a significant step forward in our mission to provide actionable insights across the advertising industry, at a global scale," said Joshua Pisano, Global Head of Product, Media at NIQ. "By integrating NIQ’s advanced audiences into The Trade Desk’s leading data marketplace, we are empowering adv

Actus Nutrition Acquires Protein Facility from Foremost Farms USA28.4.2025 19:30:00 CEST | Press release

Deal includes exclusive long-term whey protein supply agreement Actus Nutrition (“Actus”), a leading vertically-integrated nutritional ingredients manufacturer and portfolio company of Butterfly Equity (“Butterfly”), today finalized an agreement to purchase a 99,000 sq. ft. processing facility from Foremost Farms USA (“Foremost Farms”). The facility, located in Sparta, WI, currently manufactures whey protein products, which Actus will continue producing at the location. As part of the deal, Actus and Foremost Farms will begin a long-term exclusive, network wide whey protein partnership supporting growth for both organizations. Actus plans to invest significant capital into the facility to increase capacity and expand its capabilities. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250428226854/en/ Sparta, WI Facility “We’ll be able to hit the ground running because we can plug the Sparta facility into our existing manufactur

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom