SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Sysdig introduces 5/5/5 Benchmark for Cloud Detection & Response at SANS CyberFest
Wed, 1st Nov 2023

Sysdig, a leading figure in cloud security powered by runtime insights, has launched a new measure for Cloud Detection and Response. Unveiled at SANS CyberFest 2023, the '5/5/5 Benchmark for Cloud Detection and Response' is a fresh framework that underscores the speed at which organisations should detect, tackle, and respond to cloud-based attacks.

The novel benchmark requires organisations to cultivate a revised mindset concerning time. The cloud security programs must abide by this updated metric: detection within five seconds, correlation of insights and comprehension within five minutes, followed by a response in an additional five minutes. The up-to-date framework is designed to match the pace necessary for robust cloud security, as malicious actors reportedly need less than 10 minutes to carry out an attack after finding a viable target. This information was highlighted by recent research from the Sysdig Threat Research Team.

Cloud attacks are sophisticated and swift, necessitating strong threat detection and response structures that function at the cloud's pace. Traditional on-site attacks can span up to 16 days, and outmoded frameworks task security teams to respond within 60 minutes after a breach. Such timescales are ineffective against threats in the cloud environment. By utilising the automation and scalability of the cloud, along with novel techniques, bad actors can accelerate all stages of an attack and cause damage within minutes. The 5/5/5 Benchmark guides organisations to detect and react to cloud attacks more rapidly than the attackers can fulfil them.

The new benchmark encourages organisations to detect threats within five seconds, gather correlated signals within five minutes of the initial alert, and kickstart a tactical response within five minutes of confirming an attack is underway. This approach to operation in the cloud requires visibility into ephemeral threats in real-time, full context for all combined alerts within five minutes, and the ability to counter a security breach within five minutes of verification.

Anna Belak, Director of the Office of Cybersecurity Strategy at Sysdig, said, "People are always looking for security metrics, especially when the industry evolves into new operating models. We have plenty of 'best practices,' but no real way to quantify cloud security agility until now. The 5/5/5 Benchmark, built in partnership with our customers, industry analysts, and the Sysdig Threat Research Team, sets a new standard for operating securely in the cloud."

Research Manager for IDC Cloud Security, Phil Bues, commented on the industry shift, stating, "As organisations move to the cloud, traditional on-premises security standards become outdated and too slow. In the cloud, both innovation and attacks happen quickly — companies need security tools, processes, and standards designed to operate at the speed of cloud-native environments."

Head of Information Security at India's leading digital skill games company and 5/5/5 Benchmark Advisor, Kuldeep Tomar, emphasised the need for immediate alerts, saying, "I don't want to know 15 minutes after someone breached my system. I need to know instantly so that we can shut it down before the blast radius expands. To move at the necessary speed, you need to not only be alerted to the right things but also respond appropriately. Having a benchmark gives us a goal to hold ourselves to."