Sweet Security Unfurls Cloud-Native Runtime Protection Platform

Sweet Security today launched a Cloud Runtime Security Suite platform for securing cloud-native application runtimes. The platform uses a sensor that streams application data to its servers that runs a framework to profile workload behavior anomalies.

Fresh from raising $12 million in funding, Sweet Security CEO Dror Kashti said existing threat detection tools provide limited functionality or aren’t optimized for cloud-native environments.

Step 1 of 7

14%

Which of the following best describes how you currently monitor and manage systems across your hybrid cloud environment?(Required)

Multiple separate tools for different environments

Multiple separate tools for different monitoring and management functions

Single consolidated dashboard

Custom built monitoring and management solution

No full monitoring and management solution

Don’t know

How valuable would it be for your monitoring and management solution to incorporate predictive analytics to help you identify and address system issues that are critical and not waste time or effort working through all the data and “noise” that is not critical?(Required)

Extremely valuable

Moderately valuable

Somewhat valuable

Slightly valuable

Not valuable

How do you most typically address potential system issues BEFORE they impact your operations?(Required)

Automated workflows and playbooks to remediate potential issues as soon as they are detected

An orchestrated response process that leverages automation, AI, and human expertise to rapidly respond to potential issues

Advanced monitoring tools such as predictive analytics and anomaly detection to proactively identify and address potential issues

Respond to issues as they arise, using manual processes and troubleshooting techniques

A combination of automated remediation, orchestrated response, and/or proactive monitoring to address potential system issues

Don’t know

Other

What methods does your organization use to control and monitor cloud/IT spending?(Required)

Centralized procurement processes

Pre-approved budget thresholds

Automated cost monitoring tools

Department-level spending controls

Regular cost audits and reviews

Cloud cost optimization platform

Approval workflows for resource provisioning

Native financial operations tools provided by the cloud provider

No formal controls in place

Don’t know

Other

Please specify:

Which methods do you rely on most to detect security vulnerabilities in your systems?(Required)

Automated scanning tools

Manual assessments

Vendor notifications

Threat modeling (for early detection)

None of these

Don’t know

Other

Please specify:

What are the TWO most common ways you prioritize vulnerabilities to address within your environment?(Required)

Based on potential impact

Based on exploitability

Regulatory compliance requirements

Based on CVSS scores

Risk-based analysis of multiple factors

First-in-first-out approach

No formal prioritization process

Don’t know

How do you typically handle system updates and security patches?(Required)

Automated updates and patches

Manually review and apply updates and patches on a regular schedule

A combination of automation and manual review

Apply updates and patches on an as-needed basis.

Outsourced update and patch management

No defined process

Don’t know

Other

Δ

The Sweet Security sensor provides insights into attacks both before they are launched and as they occur, said Kashti.
Designed to be deployed in less than five minutes, the sensor feeds data back to an attack detection model Sweet Security has developed for cloud-native application runtime environments. Those models provide application security teams with the context required to effectively respond to the threats based on the actual runtime topology, noted Kashti.

That approach also streamlines the large volume of alerts that would otherwise be generated across cloud-native application environments that are made up of multiple microservices.

At a time when more applications than ever are constructed using containers to create microservices, securing applications has become more challenging. Despite those challenges, however, organizations are also being held more accountable for securing their applications both as they are built and after they are deployed. Various laws and regulations will require organizations to demonstrate they’re making a good-faith effort to secure their applications whenever there has been a breach.

Historically, too many organizations allowed developers to aggregate software components without always checking to see if they were compromised. Many of the same vulnerabilities that impact legacy applications still exist in a cloud-native application environment. The only difference is they are encapsulated in a container that may only run for a few seconds. When there are thousands of containers running, however, it doesn’t take much for cybercriminals to exploit them.

Cybercriminals are also becoming increasingly adept at injecting malware into software components in the hope that it will find its way into downstream cloud-native application environments. In fact, it’s been demonstrated that malware can “jailbreak” from a container to give cybercriminals access to the entire runtime environment that multiple applications share.

It’s not clear how much focus there is on securing cloud-native application environments, but as more mission-critical applications are built and deployed on Kubernetes clusters, it’s only a matter of time before cybercriminals look for ways to compromise the software supply chain relied on to build and deploy them. Fortunately, more organizations are also embracing DevSecOps best practices to better secure those supply chains.

In the meantime, however, there’s a considerable number of cloud-native applications that have already been deployed. The level of technical debt that needs to be addressed only increases with each application deployed. In an ideal world, those vulnerabilities would be addressed before an application is ever deployed. In practice, however, the applications’ runtime is the last line of defense.