Sysdig Announces Sysdig Secure 2.0
June 14, 2018

Sysdig introduced Sysdig Secure 2.0, a way for enterprises to secure containers and microservices.

The latest version adds vulnerability management, more than two hundred compliance checks, and security analytics. The Sysdig Cloud-Native Intelligence Platform is the only technology to offer unified security, monitoring, and forensics for containers and microservices, giving users a robust view of the health and risk profiles of their cloud-native applications.

Sysdig Secure’s vulnerability management capabilities help organizations bring application security, compliance, and quality closer to the developer. Sysdig Secure ensures that as companies scale, their security scales at the same rate, allowing DevOps to deploy knowing all images and containers are vulnerability free, the microservices are in compliance, and they can defend their applications from compromise.

Vulnerability Management:

- Static image scanning – Sysdig Secure 2.0 can parse container images and identify vulnerable packages, libraries, and configurations before a deployment, ultimately enabling a more secure environment and driving consistent processes across development teams.

- CI/CD integrations – Sysdig Secure 2.0 adds a native Jenkins plugin, which adds a Sysdig Secure step to the CI pipeline and enables companies to automate container image scanning. With each fail build, the system automatically evaluates the image against policy and forces compliance before an image progresses in the pipeline.

- Quarantine or kill vulnerable images – Sysdig Secure 2.0 can take actions like killing or quarantining a container if vulnerabilities or exposed credentials are found, reducing the risk of a security breach.

- Runtime vulnerability management and scanning – Sysdig Secure 2.0 manages, tracks, and updates vulnerability data for containers in production. Sysdig Secure 2.0 also enriches it with Kubernetes metadata to provide context when fixing vulnerabilities across distributed applications.

Compliance:

- Sysdig Secure 2.0 eases the pain of measuring and enforcing compliance across a distributed environment through compliance controls, audit checks, policies, and results.
- Sysdig automatically scans the infrastructure with requirements based on Center for Internet Security (CIS) configurations and hardening benchmarks. Sysdig allows users to scope and schedule Docker and Kubernetes benchmarks to measure and maintain compliance.

Security Analytics:

Effective container runtime security hinges on security response teams being able to quickly detect, analyze, and respond to security threats on live containers – from detection, to remediation, to forensics. Sysdig Secure 2.0 provides rich metrics about events, compliance, and vulnerabilities over time, enabling deeper analytics and a better understanding of the environment. Security metrics tied back to containers, images, hosts, and Kubernetes entities enable users to easily determine how different organizations, applications, and services are trending in the security posture.

“Due to the newness of containers and the dynamic environment, container security for cloud-native applications poses several new challenges,” said Loris Degioanni, CTO and founder, Sysdig. “Sysdig Secure 2.0 ensures that developers, operations, and risk professionals have a single source of intelligence to monitor and secure their applications.”

Sysdig Secure is available as a standalone technology or as a part of the unified Sysdig Cloud-Native Intelligence Platform, which includes Sysdig Monitor. Sysdig Secure 2.0 is currently available as a private beta.

The Latest

November 15, 2018

Serverless infrastructure environments are set to become the dominant paradigm for enterprise technology deployments, according to a new report — Why the Fuss About Serverless? — released by Leading Edge Forum ...

November 14, 2018

What to automate? Which parts of the delivery process are good candidates? Which applications will benefit from automation? At first, those sound like silly questions. Automate all your repetitive processes. If you think that you'll do the same thing manually more than once, automate it. Why would you waste your creative potential and knowledge by doing things that are much better done by scripts? Yet, an average company does not adhere to that logic. Why is that? ...

November 13, 2018

I'd love to see more security automation deeply integrated into the development process. Everybody knows since the 1990s that security as an afterthought just doesn't work, yet we keep doing it. The reason, I think, is because it's very hard to automate security ...

November 09, 2018

DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 5, the final installment, covers deployment and production ...

November 08, 2018

DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 4 is all about security ...

November 07, 2018

DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 3 covers the development environment and the infrastructure ...

November 06, 2018

DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 2 covers the coding process ...

November 05, 2018

Everyone talks about automating the software development lifecycle (SDLC) but the first question should be: What should you automate? With this question in mind, DEVOPSdigest asked experts from across the IT industry for their opinions on what steps in the SDLC should be automated. Part 1 starts with by-far the most popular recommendation: Testing ...

October 31, 2018

Halloween is a time for all things spooky, but not when it comes to your mobile app experience. A poor experience can not only scare off your customers but keep them away for good ...

October 30, 2018

As organizations have embraced open source, they have become polyglot — using multiple programming languages and technology stacks to accomplish software and hardware related tasks. Enterprises are caught between the benefits provided by a polyglot environment and the complexities and challenges these environments bring. Ultimately, if the situation remains unchecked, polyglot will kill your enterprise ...

Share this