Sysdig Secure
Sysdig Secure provides container, Kubernetes, and cloud security for the entire enterprise, from pipeline development through incident response.
The following section describes Sysdig Secure features and the tools that provide them.
Runtime Threat Detection
Runtime threat detection is provided by the Sysdig agent, which processes syscall events and metrics, creates capture files, and performs auditing and compliance. It provides detailed visibility into container and host activity, helping to detect and prevent threats.
There is also a serverless agent available for ECS Fargate.
Install the Sysdig Agent on Kubernetes | Hosts | ECS on EC2
Install the Serverless Agent on ECS Fargate
Vulnerability Management
Vulnerability management is the systematic process of identifying, evaluating, and addressing security-related software bugs in your organization, as identified by trusted third-party vulnerability feeds. Key concepts areas of VM include vulnerability identification, risk assessment and prioritization. Sysdig addresses vuln findings at each stage of the software lifecycle.
Vulnerability Pipeline Scanning
The sysdig-cli-scanner
tool allows you to scan a container image stored locally (such as a developer’s machine) or in a remote registry. You can also integrate the sysdig-cli-scanner
as part of any instrumentation or CI/CD pipeline to scan any container image right after it is built. Native plugins for some CI/CD software, such as Jenkins, are also available directly from their marketplace.
Install as a binary on your pipeline
Registry Scanning
This registry scanning component deploys the Sysdig Registry Scanner as a scheduled cron job in your Kubernetes cluster. It scans container images stored in the registry for vulnerabilities and compliance issues before they are deployed.
Install the Registry Scanner for a range of registry vendors.
Runtime Scanning
Runtime scanning includes both Kubernetes workloads and hosts.
Sysdig’s runtime scanner automatically observes and reports on all the runtime workloads in containers, keeping a close-to-real time view of images and workloads executing on the different Kubernetes scopes of your infrastructure. Perform periodic re-scans, guaranteeing that the vulnerabilities associated with the Runtime workloads and images are up-to-date with the latest vulnerabilities feed databases. It will automatically match a newly reported vulnerability to your runtime workloads without requiring any additional user interaction.
Installed with the Sysdig Agent on Kubernetes |Hosts
Vulnerability Host Scanning
The host scanning component for vulnerabilities analyzes the software packages installed on hosts and shows the scan results in the Runtime view page. Perform periodic re-scans, guaranteeing that the vulnerabilities associated with the software packages installed are up-to-date with the latest vulnerabilities feed databases. It will automatically match a newly reported vulnerability to your hosts without requiring any additional user interaction.
Installed with the Sysdig Agent on Kubernetes or directly on a host as container or host as package
OR
Installed agentlessly for AWS cloud accounts
In addition:
While runtime scanning scans containers in Kubernetes environments, host scanning can be extended to scan non-Kubernetes containers.
Extend Host Scanning for non-Kubernetes containers
Compliance
Kubernetes (KSPM)
To scan for compliance violations in Kubernetes environments:
KSPM Analyzer
This Kubernetes Security Posture Management component analyzes your host’s configuration and sends the output to be evaluated against compliance policies. The scan results are displayed in Sysdig Secure’s Compliance UI. Install on Kubernetes
KSPM Collector
This component enables the collection and sending of Kubernetes resource manifests to be evaluated against Compliance policies. The scan results are displayed in Sysdig Secure’s Compliance UI.
Install on Kubernetes
Containers (Non-Kubernetes)
Posture Host Analyzer
For hosts running Docker without a Kubernetes orchestrator, to scan, evaluate against Compliance policies, and display scan results in Sysdig Secure’s Compliance UI.
Install on Linux Host running Docker
Response
Rapid Response
This component allows designated advanced users to investigate and troubleshoot events from a remote shell. This feature helps in quick incident response and resolution.
Install on Kubernetes or on a host as a container
Admission Controller
Kubernetes Audit Logging
This component deploys the Sysdig Admission Controller in your Kubernetes cluster to enable audit logging. It helps in enforcing security policies and preventing the deployment of vulnerable images.
Cloud Account Features
Integrate Sysdig Secure features to your cloud environments to provide unified threat detection, compliance, forensics, and analysis. The Agentless CSPM and Threat Detection features are available on AWS, Azure, and GCP. CIEM (Identity and Access) is currently available on AWS.
Agentless CSPM
Includes:
- Inventory: Search and gain visibility into resources across your cloud (GCP, Azure, and AWS) and Kubernetes environments. Each resource is enriched with a 360 overview - misconfigurations, compliance violations, vulnerabilities, and more.
- Compliance:: Review and remediate risk and compliance violations of your business zones against the policies with which you need to comply.
- IAC: Highlights and resolves misconfigurations and policy violations early in the development lifecycle, moving security as close to source as early as possible.
Threat Detection for Cloud
Includes:
- Threat Detection For Cloud: Analyzing Cloud platform logs for known threats.
- Managed Threat Research: Discover new Zero Day Attacks against your cloud.
Identity and Access (CIEM)
Available for AWS and includes:
- Least Permissive Analysis: By analyzing CloudTrail logs, we offer suggestions following the principle of least privilege (PoLP) - eliminating excessive permissions from all identity entities.
- Identity Hygiene: Prioritize what matters using risk labels (multi-factor authentication, inactive user, admin access) that automatically map to identity and access management violations.
- JIRA Remediation: Assign identity-related remediations through JIRA.
Go to Connect Cloud Accounts to choose the cloud provider and cloud components for your environment.
Get Started
Install Sysdig Agent and components, based on your environment
Connect peripherals such as:
See also Installation Requirements
Warranty Disclaimer
Customer understands and agrees that it is impossible under any current available technology for any security software to identify one hundred percent (100%) of cloud threats, vulnerabilities, malicious software or attacker’s behavior. Sysdig Secure relies upon threat feeds, behavioral analysis, machine learning, and other techniques, but these may not be enough to discover all attacks. Additionally, Customer understands and agrees that Sysdig Secure may incorrectly identify cloud threats, vulnerabilities, potentially malicious software or attacker’s behavior as a potential threat (“False Positive”). SYSDIG DOES NOT GUARANTEE OR WARRANT THAT IT WILL FIND, LOCATE, OR DISCOVER ALL THREATS OR THAT ALL THREATS IT SURFACES ARE FREE FROM FALSE POSITIVES, AND IN USING SYSDIG SECURE CUSTOMER ASSUMES ALL RISK AND LIABILITY.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.