Container images: 87 percent with high-risk vulnerabilities

March 1, 2023
| No comments
Container images: 87 percent with high-risk vulnerabilities

Share post

According to the Sysdig study, 87 percent of container images are said to have high-risk vulnerabilities. The 2023 Cloud-Native Security and Usage Report finds massive risk in the supply chain, along with more than $10 million in wasteful spending on large-scale cloud deployments.

Sysdig, the leader in cloud and container security, announces the results of the "Sysdig 2023 Cloud-Native Security and Usage Report". The report, which focuses on two themes this year, shows that supply chain risk and readiness to implement a Zero Trust architecture are the top unsolved security issues in cloud and container environments. The report also reveals that tens of millions of dollars in cloud spend is wasted on over-allocated capacity.

The sixth annual report provides real-world data on how global organizations of all sizes and industries are using and securing cloud and container environments. The datasets include billions of containers, thousands of cloud accounts, and hundreds of thousands of applications that Sysdig customers have run over the past year.

Highlights of the report

87 percent of container images have major or critical vulnerabilities

Due to the nature of modern design and sharing of open source images, security teams face a large number of container vulnerabilities. The reality is that teams cannot fix everything. They struggle to find the right parameters to prioritize vulnerabilities and reduce their workload.

The report gives hope to security teams

Only 15 percent of the critical and major vulnerabilities for which a fix is ​​available are actually in packages that are loaded at runtime. By filtering which vulnerability packages are actually being used, organizational teams can focus their efforts on the small subset of remediable vulnerabilities that pose real risk. Reducing the total number of vulnerabilities to address from 85 percent to 15 percent that pose a real threat gives cybersecurity teams a much more manageable task.

90 percent of the permissions granted are not used

The principles of the Zero Trust architecture emphasize that organizations should avoid granting overly permissive access rights. Data from the report shows that 90 percent of all permissions are unused. When attackers compromise credentials of identities with privileged access or excessive privileges, they gain deep insight into a cloud environment.

No CPU limits are defined for 59 percent of the containers. In addition, 69 percent of the requested CPU resources remain unused

Without information about the utilization of Kubernetes environments, developers don't know where their cloud resources are over- or under-committed. Businesses of all sizes could therefore overspend 40 percent. For large deployments, optimizing an environment could save an average of $10 million in cloud costs.

72 percent of the containers live less than five minutes

Gathering troubleshooting information after a container is gone is almost impossible. In addition, the lifespan of a container has been reduced by 28 percent this year. This decline suggests that organizations are making better use of container orchestration and underscores the need for security measures that can keep up with the ephemeral nature of the cloud.

Supply chains amplify security issues

Sysdig 2023 Cloud-Native Security and Usage Report (Image: Sysdig).

“Looking back at last year's report shows that container adoption is continuing, as evidenced by the decline in container lifespans. However, misconfigurations and vulnerabilities continue to plague cloud environments. Supply chains increase the manifestation of security problems. Managing permissions, both for users and for services, is another area where I would like to see more rigorous practice,” said Michael Isbitski, director of cybersecurity strategy at Sysdig. “This year's report shows great growth while also outlining best practices that I hope teams will adopt by the 2024 report. This includes, for example, looking at the actual exposure to understand the actual risk and prioritizing remediation of vulnerabilities that have real impact.”

More at SYSdig.com

 

About Sysdig 

Sysdig sets the standard for cloud and container security. The company pioneered runtime detection and response to cloud threats by developing Falco and Sysdig as open-source standards and key building blocks of the Sysdig platform.

 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Stories
, , , , ,