The Sysdig 2025 Cloud-Native Security and Usage Report highlights significant advancements in cloud security practices, particularly in AI security and vulnerability management. Despite progress, challenges remain in identity management and maintaining secure workloads, indicating a need for continuous improvement in security processes. Affected: organizations, cloud environments, cyber security sector
Keypoints :
- Cloud threat detection and response has improved significantly.
- There is a 500% increase in workloads running AI or ML packages.
- Percentage of GenAI packages doubled from 15% to 36%.
- Publicly exposed AI workloads dropped by 38% over eight months.
- A significant disparity exists between human users and service accounts in cloud environments.
- Service accounts are 7.5x more risky than human users.
- Organizations are enhancing the configuration of human user accounts.
- Real-time detection and response times have improved, with alerts under 5 seconds and investigations under 4 minutes.
- Vulnerability management is a priority, with critical vulnerabilities reduced to less than 6% at runtime.
- There is a growing trend towards automation in incident response.
MITRE Techniques :
- T1078: Valid Accounts – The report highlights that nearly 40% of breaches originate from credential exploitation.
- T1078.001: Local Accounts – Service accounts represent a significant risk, being 7.5x more likely to be exploited compared to human users.
- T1203: Exploit Public-Facing Application – Timely responses are crucial as new CVEs can be exploited within hours.
- T1202: Data Encrypted for Impact – Incident response processes are being automated to mitigate risks.
- T1082: System Information Discovery – Improved ability to manage and audit user accounts enhances security posture.
Indicator of Compromise :
- No specific IOCs explicitly mentioned in the text.
Full Story: https://sysdig.com/blog/sysdig-2025-cloud-native-security-and-usage-report/