Kubernetes / Security / Observability

Sysdig Update Provides Security and Visibility to Cloud Native Applications

17 Apr 2019 7:36am, by

Sysdig has continued to expand the ways its customers can slice and dice the fine grained information it gathers about your cloud native applications, now with the beta launch of its Visibility and Security Platform (VSP) 2.0. In a statement, the company says the new platform gives enterprises “the first and only unified view of the risk, health, and performance of their cloud-native environments,” which provides “performance metrics, compliance dashboards, security events, and more.”

Sysdig Chief Technology Officer and founder Loris Degioanni explained in an interview that the company’s product has evolved to handle the needs of enterprises running cloud native applications in production, which he feels should no longer be handled by siloed point solutions.

“There is 10x data in cloud native environments than in traditional environments. There’s much more context needed. There are orchestrators and other entities playing together. The units of computation are ephemeral and the process of CI/CD changes everything completely,” said Degioanni. “Rather than offering a point solution, Sysdig has packaged everything together in single platform with the best data and integration. This launch is about having a solution that allows you to run Kubernetes and cloud native based apps in production and being able to solve all the problems that an enterprise needs to solve when running Kubernetes in production.”

According to Degioanni, Sysdig’s real advantage comes from its work with the enhanced Berkeley Packet Filter (eBPF), which a company statement says allows a single agent “to collect context-rich and deep performance and security data from hosts, containers, orchestrators, network, process, and files across clouds.” VSP 2.0 then gives users a single place to view this data with regard to their needs in “a single, comprehensive view of the enterprise environment which provides risk, health, and performance data across thousands of clusters for many thousands of microservices.”

“Traditionally, to obtain information this rich, you would have to modify the kernel of the operating system. This would give you superpowers in visibility but would also make the security teams nervous. Thanks to eBPF and the work done there, it’s like getting a little VM in the kernel of the system,” explained Degioanni. “This VM can only run programs that are validated beforehand. You have super flexibility to run these programs inside the kernel in a way that’s not dangerous and be confident that it won’t create security issues in your deployments.”

With the new version of VSP, Degioanni said that the number of containers the platform could monitor and secure on a single host increased by roughly 5x, with the number of metrics the platform could handle increasing by nearly 10x. In addition to an increased scale, VSP 2.0 offers “out-of-the-box dashboards for capacity planning, control plane health and compliance trends, new default alerting rules, Kubernetes benchmark results, out-of-the-box Kubernetes Audit policies and integration with a kube-admission controller.”

VSP 2.0 also provides support for new runtimes, including CRI-O and containerd, and the ability to use Kubernetes metadata to further pinpoint root causes and assess risk profiles. A preview version of VSP 2.0 will be available to existing customers in May 2019.

Feature image by Scott Webb on Unsplash.

The New Stack is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Sysdig.