Cloud security vendor Sysdig has released its 5/5/5 Benchmark for cloud detection and response, a new framework that outlines how quickly organisations should detect, triage, and respond to attacks in the cloud.
“Cloud security programmes need to hold themselves to a modernised benchmark: five seconds to detect, five minutes to correlate insights and understand what’s happening, and five additional minutes to respond,” said the supplier.
After discovering an exploitable target, malicious actors require less than 10 minutes to execute an attack, it added.
The 5/5/5 Benchmark aims to guide organisations to detect and respond to cloud attacks faster than adversaries can complete them.
The challenge:
-Organisations should be able to gather detection signals from their cloud security tools in real time to ensure visibility into ephemeral assets.
-Teams should be able to gather full context for all correlated signals within five minutes of receiving the first relevant alert.
-Firms should be able to initiate a tactical response within five minutes of confirming that an attack is in progress.
“People are always looking for security metrics, especially when the industry evolves into new operating models. We have plenty of ‘best practices’, but no real way to quantify cloud security agility, until now,” said Anna Belak, director, office of cyber security strategy, Sysdig. “The 5/5/5 Benchmark, built in partnership with our customers, industry analysts, and the Sysdig threat research team, sets a new standard for operating securely in the cloud.”