In recent months, Sweet has expanded its features within the realm of Cloud Vulnerability Management to include the following new capabilities:
- Scanning images for vulnerabilities
- Managing vulnerable functions
- Streamlining vulnerabilities based on package reputation
- Adhering to compliance with an SBOM
These new enhancements are now available in tandem with our existing vulnerability management capabilities, such as prioritizing CVEs based on runtime data and insight.
Now, before diving deeper into the new enhancements, I wanted to share why Sweet chose to enter the vulnerability management domain in the first place.
In a recent article published by SC Media, the first half of 2024 saw a substantial 30% increase in reported Common Vulnerabilities and Exposures (CVEs) compared to the previous year, totaling 22,254. While only 0.91% of these CVEs were exploited in the wild, this still translates to over 2,000 new unique exploited vulnerabilities circulating on the internet in 2024 alone.
To provide a more precise perspective, we conducted research across our customers’ environments. On average, a cluster contains around 1260 instances of exploited vulnerabilities, with around 17 being critical and 863 categorized as high. Assuming that you are not a small business with one or two clusters, tracking and remediating such a vast number of vulnerabilities is an overwhelming task, particularly in large cloud environments with dozens of clusters. The sheer scale makes it a Sisyphean task that is rarely fully completed.
However, there is good news. By leveraging Sweet’s unique runtime risk indicators, our users are able to save 99% of their time, focusing on just 8 fixes (per cluster per month) of exploited critical or high vulnerabilities on public facing workloads that are executed per month, with only one or two of them labeled as critical. These special risk indicators primarily rely on data from our eBPF sensor, but Sweet also incorporates additional sources and its proprietary AI models. These models provide unique insights, such as package public reputation and the executed and vulnerable function indicator.
In addition to traditional risk indicators like the CVSS score, exploit in the wild, and available fixes, Sweet offers the following risk indicators for each vulnerability:
- Executed
- Loaded
- Executed & Vulnerable Function
- Inbound & Outbound Connections
Now that we’ve covered our high-level insights on effective vulnerability management in 2024 and why we entered this domain, let’s dive into our new features and explore how they can make managing vulnerabilities even easier for you.
Infuse Runtime Insights and Vulnerability Management with Sweet Security
Image Ad-hoc Scanner
With Image Scanner, you can extend your vulnerability management from the runtime phase to the registry phase, supporting various registries such as ECR, GCR, ACR, Docker.io, and more—even before the image enters the CI/CD pipeline. This proactive approach enables you to address two critical use cases:
- Detect & Remediate: Scan public or private images for critical vulnerabilities in the registry. By identifying issues at this early stage, you can save significant time on patching and redeployment before the image moves into the development lifecycle.
- Validate Image Remediation: After discovering and remediating known vulnerabilities using Sweet’s runtime vulnerability inventory, use the ad-hoc scanner as a final check before pushing the patched image to production. This ensures that the vulnerable packages have been successfully removed from the new image.
Executed Vulnerable Functions
This innovative feature combines the latest in generative AI with advanced runtime detection to provide unparalleled accuracy in vulnerability management. Setting buzzwords aside, this capability is unique to Sweet. It enriches runtime data by identifying the specific functions executed within each package that are vulnerable.
As a result, Sweet delivers the most precise risk indicator for its users in the VM industry, significantly reducing false positives and ensuring that you focus only on the vulnerabilities that truly matter.
Package Reputation
Package Reputation focuses on highlighting the risks associated with third-party packages. In 2024, package reputation has become a vital component in security tools due to the growing dependence on open-source and third-party software. High-profile incidents, such as the XZ Utils attack, where vulnerabilities in widely used packages were exploited, underscore the dangers of using unvetted or compromised dependencies. By incorporating package reputation checks within Sweet, users can proactively identify and mitigate potentially harmful packages, strengthening their defense against supply chain attacks—even before a CVE is published.
SBOM
Our Software Bill of Materials (SBOM) feature provides a complete package inventory of your environment, including both vulnerable and invulnerable packages. It supports OS native packages as well as dependencies. With SBOM, you can easily view related vulnerabilities, risk indicators, and package reputation information for each package, allowing you to accurately assess the risk level of each one. Additionally, this feature enables you to meet compliance requirements by exporting a detailed SBOM report.
Vulnerability Management with Sweet Security
The rapidly evolving threat of vulnerabilities, coupled with the surge in new CVEs, demands that we start adopting innovative detection methods to prioritize and patch the vulnerabilities that make an impact on security.
With Sweet’s enhanced vulnerability management, you gain access to all the critical information and tools needed to secure your environment effectively, reducing remediation time and strengthening your organization’s security posture.
If you’d like to learn more about our technology and offering, schedule a demo today!