Sysdig Secure for cloud

Sysdig Secure for cloud is the software that connects Sysdig Secure features to your cloud environments to provide unified threat detection, compliance, forensics, and analysis.

Because modern cloud applications are no longer just virtualized compute resources, but a superset of cloud services on which businesses depend, controlling the security of your cloud accounts is essential. Errors can expose an organization to risks that could bring resources down, infiltrate workloads, exfiltrate secrets, create unseen assets, or otherwise compromise the business or reputation. As the number of cloud services and configurations available grows exponentially, using a cloud security platform protects against having an unseen misconfiguration turn into a serious security issue.

Check Sysdig Secure - Secure for cloud to review the features provided per cloud.

Multiple Installation Options

Sysdig Secure for cloud is available on a variety of cloud providers, with simplified installation instructions available from the Data Sources screen.

Terraform based

Supported cloud providers at this time are:

Full Install

Agentless (CSPM Only)

Cloud-Native templates

Native template deployment for

Helm Chart based (feature limited)

Core component for Sysdig Secure for Cloud, is called cloud-connector, which is also available through following methods:

Note: Installing this component will only allow you threat detection and image scaning features, although together with SysdigCompliance IAM role, it can handle Compliance and Identity and Access Posture too.

Deployment Summary

Features

  • Threat Detection: Requires a Compute Deployment
  • Compliance: Requires Sysdig Role Setup
  • Identity and Access Management: Requires Compute Deployment and Sysdig Role Setup
  • Image Scanning: Requires a Compute Deployment, and will Spawn Scanning Service

Single vs. Organizational

  • Single: Targets a single account/project/subscription. Only a single workload is spawned in the specified account/project/subscription, that will target the resources of the account.
  • Organizational: Targets the whole organization/tenant. Only a single workload is spawned in the specified account/project/subscription, that will target the whole organization/tenant.

Summary

CloudSingle SetupOrganizational SetupEvent SourceCompute Deployment OptionsSysdig Role SetupImage Scanning OptionsSpawned Scanning Service
AWSAccountOrganization with member accountsCloudtrailECS, Apprunner, K8sIAM Role with Trusted IdentityECS deployed images,
ECR, Public Repositories
Codebuild project
GCPProjectOrganization with member projectsProject/Organization Sink,
GCR PubSub Topic
CloudRun, K8sWorkload Identity FederationCloudRun deployed images,
GCR, Public Repositories
Cloudbuild task
AzureSubscriptionTenant subscriptionsEventHub, EventgridAzure Container Instances(ACI), K8sAzure LighthouseACI deployed images,
ACR, Public Repositories
ACR Task

See Also