Spyderbat, a trailblazer in Cloud and Kubernetes runtime security, announces new enhancements that unify platform and Kubernetes control plane context with kernel-level data plane activity to find—and automatically block—threats in runtime. Spyderbat’s Behavioral Context Web now tracks application activity up and down the app stack, from the Linux kernel and container runtime, to Kubernetes and cloud orchestration. This not only provides unprecedented visibility, but also immediately identifies risk, suppresses false positives and meaningless alerts, and automatically blocks threats as they occur in runtime.
“We all know that attacks don’t live in one place very long. We would traditionally need a few different tools to try to follow attack behavior across containers, Kubernetes and our Cloud, but Spyderbat showed us that they can do it all—they trace attacks up and down the stack.” Says Zach Roof, Security Leader at Credible. “Now every threat comes with an instant incident response report across my environment, and Spyderbat can stop modern attacks like container escapes, or cloud breaches in real time, automatically.”
Today’s attack surface is broader than ever. Modern cloud attacks only need a single vulnerable container to gain persistence, after which attackers mix tactics across both data and control planes to escalate privileges, change security settings, and gain control over entire environments. Identifying these multi-layered attacks requires proactively watching container activity, host activity, cluster activity, Kubernetes configuration activity, and any administrative changes to cloud platforms.
However, until now, security teams have not been provided with the context needed to immediately differentiate benign app and infrastructure behavior from attacks. Passive scanners cannot provide causal deterministic linkages between activities at various levels of the stack, and cloud security teams were therefore left with only a partial map—like having the words in the middle of a sentence without the context of the beginning and end. This lack of context resulted in missed attacks (false negatives), a high volume of alerts (false positives), and long, inconclusive investigations to manually search for where, when, and how attacks occurred.
CIO INFLUENCE:Â CIO Influence Interview with Herb Kelsey, Federal CTO at Dell Technologies
More than Passive Scanning or Best-effort Correlation
The Spyderbat Behavioral Context Web has been enhanced to include new, additional cloud control plane context, along with existing best-in-class data plane context. Now cloud security teams get the industry’s most comprehensive insights into running app activity with clear, deterministic causal mapping—not loose correlation or simple time-based linkages. This means threats, risk, and anomalies are identified and scored in real time, and can therefore be immediately acted upon with an alert, a proactive guardrail, or whatever automated action is appropriate based on policy.
Unlike generation 1 scanners and legacy agent-based products that attempt to reactively correlate unrelated runtime and build time event and log data, Spyderbat proactively traces actions as they move across layers of the stack, to immediately and automatically identify risk and stop threats in runtime.
CIO INFLUENCE:Â CIO Influence Interview with Herb Kelsey, Federal CTO at Dell Technologies
Deep Visibility for Trusted Control
“Years back, when we founded TippingPoint, we learned that just detecting threats wasn’t enough—security teams needed to stop threats in real time, but that took extreme accuracy and line-level speed,” said Marc Willebeek-LeMair, CEO and co-founder of Spyderbat. “Now at Spyderbat, we took that same learning and applied it to cloud-native security. Our kernel-level data gathering and new control plane processing guarantee pinpoint accuracy without a performance hit, all while delivering real-time automated root cause analysis—no log correlation or human effort required. We’re raising the bar with a level of trustable automation that’s second to none.”
Read More:Â CIO Influence Interview with Russ Ernst, Chief Technology Officer at Blancco
[To participate in our interview series, please write to us at sghosh@martechseries.com]