Container security startup Sysdig Inc. today announced the eneral availability of a new feature called Drift Control aimed at preventing cyberattacks at runtime.

With Drift Control, the company said, teams can detect, prevent and speed up incident response for software containers that have been modified in production. Sysdig sells tools for securing container environments that are used to host modern software applications that can run on any computing platform.

The company’s main product is Sysdig Monitor, a cloud-native intelligence platform that helps manage large deployments of containers. It also sells Sysdig Secure, which detects vulnerabilities by tapping into the data generated by system calls in a container environment.

With today’s launch of Drift Control, Sysdig Secure can now enforce the “immutability principle” to ensure containers aren’t modified between deployment and production. That prevents the software in containers from being modified at any time during its lifetime, thereby eliminating the risk that the modifications might create vulnerabilities for hackers to exploit and gain access.

Sysdig said that’s required because the dynamic nature of cloud-native environments means teams often neglect immutability best practices. As a result, they’re blind to container drift, especially when it comes to deployments at large scale. To close the dangerous gaps caused by container drift, Sysdig Drift Control will automatically flag and block any deviations from trusted containers. In this way, it blocks executables that were not present in the original image.

“When there is an attack made every 11 seconds, it is important to have multiple layers of defense,” said Sysdig Vice President of Research and Development Omer Azaria. “Sysdig’s new Drift Control capability enforces best practices that can stop an attack before damage is done.”

In addition to Drift Control, Sysdig has announced enhanced malware and cryptomining detection capabilities in Sysdig Secure with the introduction of intelligence feeds from Proofpoint Emerging Threats Intelligence and its Threat Research Team. These feeds provide developers and system administrators with access to more timely and accurate intelligence around the latest risks, such as the Internet Protocol addresses and domains used by command-and-control, malware, backdoor, cryptominers and anonymization threats.

A further update to Sysdig Secure helps teams to dig directly into any compromised or suspicious container they discover, the company said. Sysdig Rapid Response provides on-demand secure shell access to investigate the blocked executables and communications. Teams can therefore minimize exposure by removing any malicious files locally from the command line. Sysdig Secure will also keep a detailed audit trail of all mitigation commands made.

Holger Mueller of Constellation Research Inc. told SiliconANGLE that it’s so surprise containers are attracting more attention from nefarious actors, as they have emerged as the favorite way for developers to deliver modern workloads and next-generation applications.

“It means bad actors are constantly looking for ways to insert malicious codes into running containers,” Mueller said. “Sysdig appears to have found a solution to prevent this with its drift control option becoming available. It looks to be a key step to secure container runtime environments and a key capability that will help the good guys, but we wait to see what the bad guys will come up with next to work around this new defense.”

Sysdig said Drift Control, Rapid Response and the new threat intelligence feeds are all available now at no additional cost to customers.

Photo: tawatchai07/Freepik