Containers / Kubernetes / Security

Sysdig Hones in on Unifying Security and Monitoring

18 Jun 2018 8:46am, by

Sysdig, which bills itself as the first container-native Docker monitoring solution, is cozying up further to the security and compliance side of things with its beta release of Sysdig Secure 2.0.

It’s the commercial product built atop open source Project Falco, used for monitoring container performance by tracking kernel system calls.

Secure 2.0 adds vulnerability management, compliance and security analytics to the platform’s existing container runtime security features.

The initial version allowed customers to set policies to detect, block and audit both user and application activity.

Sysdig’s kernel-level instrumentation means you can see everything going on — applications, containers, underlying host activity, network activity — and marries that with the rich metadata that comes from the container world, explained marketing chief Apurva Davê, making it a natural for unifying security and monitoring.

The Sysdig Cloud-Native Intelligence Platform performs anomaly detection and triggers alerts about configuration drift or potential compromises.

Since its venture into security last fall, about half the company’s customers use it for security monitoring, he said.

The latest release adds vulnerability management, more than 200 compliance checks and security analytics.

It provides:

  • Static image scanning to identify vulnerable packages, libraries, and configurations before deployment.
  • CI/CD integration — A native Jenkins plugin to automate container image scanning and evaluate the image against policy.
  • The ability to quarantine or kill vulnerable images if vulnerabilities or exposed credentials are found.
  • Runtime vulnerability management and scanning– Sysdig Secure 2.0 manages, tracks, and updates vulnerability data for containers in production, enriching it with Kubernetes metadata to provide context when fixing vulnerabilities across distributed applications.

It integrates with all the known vulnerability databases and language modules as well, such as Ruby, Node.js, Python, etc. In addition, it implements the Docker and Kubernetes benchmarks from the Center for Internet Security (CIS) to run hundreds of compliance tests to tell you whether you’ve configured your nodes or containers securely.

“It can be really complex for risk and security professionals to figure out if this new environment is secure,” Davê said. “By automating all these compliance checks and giving [customers] visualization of that data, we greatly simplify the process of making sure their environment meets the compliance requirements they have overall.”

Secure 2.0 also enabler deeper analytics through security metrics tied back to containers, images, hosts and Kubernetes providing visibility into how different applications and services are trending over time.

Customers also are able to create their own custom compliance controls and custom compliance dashboards, including rich topology maps that will show every microservice. Developers who want to see the performance and risk of their apps will be able to see it in one place.

The company announced at DockerCon2018, plans to work with IBM on a deep integration for the Sysdig Cloud-Native Intelligence Platform in IBM Cloud. It has similar integrations with AWS and Google. Davê said it will go a step further than its work with Mesosphere, Red Hat and Docker to ensure their technologies work together.

“Moving to a new application stack if a really hard challenge for customers,” Davê said. “They don’t need to [make it more complex] by adding on layers and layers of products and have to figure out how to operate them separately.”

So deeper integrations with their native platforms to make life simpler for customers is its goal with all the cloud vendors.

Feature image via Pixabay.

The New Stack is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Docker, Sysdig.