Sysdig Secure 2.0 Improves Container Security Capabilities


At DockerCon 18, Sysdig updates its container security platform with new compliance and security analytics features.

Sysdig Secure 2

SAN FRANCISCO —  Sydig announced its Secure 2.0 platform on June 13, providing organizations with new capabilities that go beyond the container runtime, to help secure cloud native application deployments.

Sysdig Secure 2.0 adds vulnerability management, compliance, and security analytics on top of the platform’s existing container runtime security features. The new product release was announced at DockerCon 18, where Sysdig is an exhibitor among multiple other container management and security vendors.

“One of the most important use cases that we heard from our customers is the need for vulnerability management, the ability to peer into developers’ software at build time and look for known vulnerabilities before that code ever gets to production,” Apurva Davé, CMO and VP Customer Success at Sysdig, told eWEEK. “After finding those issues, we can alert operators, fail builds, and block code from going into production.”

Dave explained that the Sysdig Secure 1.0 platform was focused on runtime security and was largely based on the open-source Sysdig Falco project. With the first release he said that Sysdig provided organizations with a way to set up policies to detect, block, and audit both user activity and application activity. With Secure 2.0, Dave said that Sydig is expanding into more use cases with the expanded feature set.

A foundational element of Sysdig Secure 2.0 is something the company calls – the Sysdig Cloud-Native Intelligence Platform. Dave explained that the platform includes a host-based agent, which can automatically see all containers, apps, and processes, without the need for  an individual to do all the configuration. 

“As opposed to using sidecars or code injection, we instrument the kernel in a high performance, non-blocking manner that we think is more efficient and better fits the container model,” Dave said. “This method is simultaneously seeing all performance metrics, like Prometheus metrics, statsd metrics, and host performance metrics, and security events, like a human opening a shell inside a container, or a database opening an outbound connection.”

Dave said that the Sysdig Cloud-Native Intelligence Platform backend processes and stores all the collected data, performs anomaly detection, and triggers alerts when systems see any configuration drifts or potential compromises.

“With one point of instrumentation, we give users access to far more data than they would get with other approaches, whether that’s from a monitoring or a security context,” Dave said.

“Beyond understanding software vulnerabilities, the CISO needs to know that the environment has been configured and is operating correctly to meet all appropriate compliance regulations,” Dave said. “We’ve extended our instrumentation approach so that it can run scheduled compliance checks on the applications, containers and hosts. 

Dave said that Sysdig Secure works with many compliance regimes and currently has over 200 base compliance checks. He added that Sydig has also built a flexible engine that allows companies to easily create their own custom compliance controls. Looking forward, Dave said that his company has a robust roadmap ahead for the continued evolution of Sysdig Secure.

“We’re thinking very heavily about DevSecOps and the integrated experience to deliver code faster,” Dave said. “In short, we want to take our rich data and expose it to each stakeholder in the organization in a way that lets them know how their cloud-native environment is operating.”

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.


Leave A Reply