When it comes to cloud security and compliance, it’s easy to feel like you’re drowning in a sea of regulations and requirements. But don’t worry; we’re all in the same boat! That’s why we’re thrilled to share our latest point-of-view (POV) paper, “Practical Cloud Security in the Era of Cybersecurity Regulation,” which is crafted with our deep industry expertise and experience.

As AI adoptions become increasingly integral to all aspects of society worldwide, there is a heightened global race to establish artificial intelligence governance frameworks that ensure their safe, private, and ethical use. Nations and regions are actively developing policies and guidelines to manage AI’s expansive influence and mitigate associated risks. This global effort reflects a recognition of the profound impact that AI has on everything from consumer rights to national security.

Network policies are essential for securing your Kubernetes clusters. They allow you to control which pods can communicate with each other, and to what extent. However, it can be difficult to keep track of all of your network policies and to ensure that they are configured correctly. This is especially true if you have a large and complex cluster with more than 100 nodes. One way to address this challenge is to leverage Prometheus and AlertManager embedded in Calico Enterprise/Cloud.

Cuttlefish malware targets SOHO routers, nation states and cybercriminals share compromised networks, and threat actors use Docker Hub to spread malware and phishing scams.

Today at RSA Conference 2024, Mend.io and Sysdig unveiled a joint solution targeted at helping developers, DevOps, and security teams accelerate secure software delivery from development to deployment. The integration incorporates the exchange of runtime insights and application ownership context between Sysdig Secure and Mend Container to provide users with superior, end-to-end, and risk-based vulnerability prioritization and remediation across development and production environments.

The Sysdig Threat Research Team (TRT) recently observed a new attack that leveraged stolen cloud credentials in order to target ten cloud-hosted large language model (LLM) services, known as LLMjacking. The credentials were obtained from a popular target, a system running a vulnerable version of Laravel (CVE-2021-3129). Attacks against LLM-based Artificial Intelligence (AI) systems have been discussed often, but mostly around prompt abuse and altering training data.

In the ever-evolving landscape of cloud security, staying ahead of threats is paramount. Success requires well-orchestrated cybersecurity solutions that work together from prevention to defense. Today we launched our latest initiative, the Runtime Insights Partner Ecosystem, which brings together leading solutions that strengthen cloud security through integration and collaboration.

Observability, especially in the context of cloud-native applications, is important for several reasons. First and foremost is security. By design, cloud-native applications rely on multiple, dynamic, distributed, and highly ephemeral components or microservices, with each microservice operating and scaling independently to deliver the application functionality.

When it comes to securing applications in the cloud, adaptation is not just a strategy but a necessity. We’re currently experiencing a monumental shift driven by the mass adoption of AI, fundamentally changing the way companies operate. From optimizing efficiency through automation to transforming the customer experience with speed and personalization, AI has empowered developers with exciting new capabilities.