Sysdig Introduces Sysdig Secure 3.0
November 14, 2019

Sysdig announced Sysdig Secure 3.0 to provide enterprises with threat prevention at runtime using Kubernetes-native Pod Security Policies (PSP).

PSPs are controls in Kubernetes that define the security conditions pods must follow in order to run.

Sysdig Secure 3.0 also includes the first incident response and audit tool for Kubernetes, giving enterprises the ability to reconstruct historical system activity. Enabling these capabilities are three new features: Kubernetes Policy Advisor, Falco Tuning, and Activity Audit. This release focuses on securing Kubernetes environments throughout the entire lifespan – detecting vulnerabilities and misconfigurations during the build phase, blocking threats without impacting performance during the run phase, and enabling incident response, forensics, and audit.

Key Features of Sysdig Secure 3.0:

- Kubernetes Policy Advisor introduces first runtime prevention tool - The time and expertise needed to manually configure security policies often result in costly misconfigurations. With the Kubernetes Policy Advisor, Sysdig Secure auto-generates Pod Security Policies (PSP) to significantly decrease the time spent configuring security. Strict security policies reduce risk, but can also break applications. Sysdig validates policies through simulations, enabling teams to adjust misconfigurations before shifting to production. By leveraging Kubernetes Policy Advisor to create these PSPs, DevOps teams have validated policies that can be enforced using native controls to prevent threats. This saves time and ensures a more secure environment. Sysdig generates the policies and the Kubernetes platform manages enforcement, ensuring performance is not impacted. Tools that tamper with the container infrastructure, modify the host binaries and container images. These modifications can introduce security risks, which have the potential to significantly impact performance.

- Falco Tuning reduces noise generated by false positives - Sysdig Secure is built on Falco, an open source Kubernetes runtime security project that was originally started by Sysdig and since Oct. 2018, it has been a CNCF® Sandbox Project. DevOps teams define security rules for pods using Falco syntax and receive alerts when rules are violated. Sysdig Secure extends Falco’s rich detection for easier security policy management. DevOps teams can reduce the noise from false positives by leveraging Sysdig Secure’s Falco Tuning capabilities. Falco Tuning analyzes recurring events and suggests changes to policies that reduce redundant alerts.

- Activity Audit, Kubernetes-native tool for incident response - More than fifty percent of containers live less than five minutes; therefore, incident response in Kubernetes hinges on having access to forensics data that enables DevOps and security teams to quickly respond to security threats. With Activity Audit, Sysdig Secure captures container activity, including commands, network connections, and Kubernetes API events, and correlates the information with application context and users or services from Kubernetes. SOC teams can search and filter this data for alert triage – to determine the cause of the anomaly – and for incident response. This also provides an audit logging process, a common requirement for Service Organization Control 2 (SOC 2), Payment Card Industry (PCI), International Organization for Standardization (ISO), and Health Insurance Portability and Accountability Act (HIPAA) compliance. With Sysdig Secure, enterprises have the ability to capture all activity information into a capture file for forensics, even if the container no longer exists, making Sysdig Secure the only Kubernetes incident response and audit solution available today.

“When operating containers, the only way to manage risk without slowing down the CI/CD pipeline is to embed security and compliance across the entire Kubernetes lifecycle,” said Suresh Vasudevan, Sysdig CEO. “Kubernetes has the ability to be more secure than VMs, but there are certain security and visibility elements enterprises must address, which includes adopting Kubernetes-native tools and a secure DevOps approach.”

Sysdig Secure combines Kubernetes application context with data from multiple sources to provide security from deployment through response. With Sysdig, enterprises can embed security, maximize availability, and validate compliance. Sysdig Secure is part of the Sysdig Secure DevOps Platform, which enables enterprises to confidently run cloud-native workloads in production. The Sysdig platform is open by design, with the scale, performance, and usability enterprises demand.

Sysdig Secure 3.0 will be available next week to all Sysdig Secure and Sysdig Secure DevOps Platform SaaS customers.

Share this

Industry News

September 28, 2023

Kong announced Kong Konnect Dedicated Cloud Gateways, the simplest and most cost-effective way to run Kong Gateways in the cloud fully managed as a service and on enterprise dedicated infrastructure.

September 28, 2023

Sisense unveiled the public preview of Compose SDK for Fusion.

September 28, 2023

Cloudflare announced Hyperdrive to make every local database global. Now developers can easily build globally distributed applications on Cloudflare Workers, the serverless developer platform used by over one million developers, without being constrained by their existing infrastructure.

September 27, 2023

Kong announced full support for Kong Mesh in Konnect, making Kong Konnect an API lifecycle management platform with built-in support for Kong Gateway Enterprise, Kong Ingress Controller and Kong Mesh via a SaaS control plane.

September 27, 2023

Vultr announced the launch of the Vultr GPU Stack and Container Registry to enable global enterprises and digital startups alike to build, test and operationalize artificial intelligence (AI) models at scale — across any region on the globe. \

September 27, 2023

Salt Security expanded its partnership with CrowdStrike by integrating the Salt Security API Protection Platform with the CrowdStrike Falcon® Platform.

September 26, 2023

Progress announced a partnership with Software Improvement Group (SIG), an independent technology and advisory firm for software quality, security and improvement, to help ensure the long-term maintainability and modernization of business-critical applications built on the Progress® OpenEdge® platform.

September 26, 2023

Solace announced a new version of its Solace Event Portal solution that gives organizations with Apache Kafka deployments better visibility into, and control over, their Kafka event streams, brokers and associated assets.

September 26, 2023

Reply launched a proprietary framework for generative AI-based software development, KICODE Reply.

September 26, 2023

Harness announced the industry-wide Engineering Excellence Collective™, an engineering leadership community.

September 25, 2023

Harness announced four new product modules on the Harness platform.

September 25, 2023

Sylabs announced the release of SingularityCE 4.0.

September 25, 2023

Timescale announced the launch of Timescale Vector, enabling developers to build production AI applications at scale with PostgreSQL.

September 21, 2023

Red Hat and Oracle announced the expansion of their alliance to offer customers a greater choice in deploying applications on Oracle Cloud Infrastructure (OCI). As part of the expanded collaboration, Red Hat OpenShift, the industry’s leading hybrid cloud application platform powered by Kubernetes for architecting, building, and deploying cloud-native applications, will be supported and certified to run on OCI.