5/5/5 Benchmark emphasizes the need to detect, triage, and respond to attacks at cloud speed
SAN FRANCISCO–(BUSINESS WIRE)–SANS CyberFest 2023 – Sysdig, the leader in cloud security powered by runtime insights, today released at SANS CyberFest 2023 the 5/5/5 Benchmark for Cloud Detection and Response, a new framework that outlines how quickly organizations should detect, triage, and respond to attacks in the cloud. Operating securely in the cloud requires a mindset shift in regard to time, and with that, cloud security programs need to hold themselves to a modernized benchmark: five seconds to detect, five minutes to correlate insights and understand what’s happening, and five additional minutes to respond. Recent findings by the Sysdig Threat Research Team published in the 2023 Global Cloud Threat Report note that, after discovering an exploitable target, malicious actors require less than 10 minutes to execute an attack.
Download the 5/5/5 Benchmark for Cloud Detection and Response.
Cloud attacks are swift and sophisticated, requiring robust threat detection and response programs that move at the speed of the cloud. On-premises attacks take 16 days on average and antiquated frameworks challenge security teams to respond to a breach within 60 minutes, which is simply insufficient for the cloud. Bad actors are exploiting the automation and scale of the cloud, along with new techniques, to accelerate all stages of an attack and inflict damage within minutes. The 5/5/5 Benchmark guides organizations to detect and respond to cloud attacks faster than adversaries can complete them.
- Detect threats within five seconds. Organizations should be able to gather detection signals from their cloud security tools in real time to ensure visibility into ephemeral assets.
- Correlate and triage within five minutes. Teams should be able to gather full context for all correlated signals within five minutes of receiving the first relevant alert.
- Initiate a response within five minutes. Organizations should be able to initiate a tactical response within five minutes of confirming that an attack is in progress.
What people are saying
“People are always looking for security metrics, especially when the industry evolves into new operating models. We have plenty of ‘best practices,’ but no real way to quantify cloud security agility — until now,” said Anna Belak, Director, Office of Cybersecurity Strategy at Sysdig. “The 5/5/5 Benchmark, built in partnership with our customers, industry analysts, and the Sysdig Threat Research Team, sets a new standard for operating securely in the cloud.”
“As organizations move to the cloud, traditional on-premises security standards become outdated and too slow. In the cloud, both innovation and attacks happen quickly – companies need security tools, processes, and standards designed to operate at the speed of cloud-native environments,” said Phil Bues, Research Manager for IDC Cloud Security.
“I don’t want to know 15 minutes after someone breached my system. I need to know instantly so that we can shut it down before the blast radius expands,” said Kuldeep Tomar, Head of Information Security at India’s leading digital skill games company and 5/5/5 Benchmark Advisor. “To move at the necessary speed, you need to not only be alerted to the right things, but also respond appropriately. Having a benchmark gives us a goal to hold ourselves to.”
In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights and open source Falco. Sysdig correlates signals across cloud workloads, identities, and services to uncover hidden attack paths and prioritize real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation. Sysdig. Secure Every Second.