Sysdig Secure

Key Features

Sysdig Secure provides comprehensive security throughout the container lifecycle, from development to production. It provides the following features:

• Runtime Threat Detection and Response - continuously monitors running workloads (such as containers and Kubernetes clusters) for suspicious activities. It uses Falco, the open-source threat detection engine, to trigger real-time alerts based on predefined or custom security policies. This enables you to detect threats such as anomalous process behavior, file integrity changes, or suspicious network connections.

• Vulnerability Management - scans images and running containers for vulnerabilities and provides prioritized reports, enabling teams to focus on fixing the most critical security issues. It integrates with CI/CD pipelines to ensure images are scanned before they are deployed, preventing vulnerable components from being pushed to production.

• Cloud-Native Application Protection (CNAPP) - provides end-to-end visibility across build, run, and respond phases of an application’s lifecycle. This includes scanning, runtime protection, and continuous compliance across hybrid and multi-cloud environments.

• Compliance Enforcement - helps organizations meet various compliance requirements (such as PCI-DSS, GDPR, NIST) by automating configuration checks and providing audit-ready reports. It monitors for compliance at both the infrastructure and application levels.

• Kubernetes and Cloud Security Posture Management (CSPM) - offers deep visibility into Kubernetes clusters, allowing teams to monitor configurations, enforce security policies, and detect misconfigurations or violations of best practices. It also supports multi-cloud environments by ensuring compliance and security across AWS, Azure, and Google Cloud platforms.

• Image Scanning - scans container images for known vulnerabilities in the package dependencies (e.g., OS packages, libraries). It integrates with registries and CI/CD workflows to automate image scanning throughout the development lifecycle.

• Activity Audit and Forensics - provides a detailed audit trail of user and system activity. In case of an incident, it can reconstruct events to provide deep forensic insights, including which files were accessed or modified, what commands were run, and who performed specific actions.

• Security Policy Management - enables you to define and enforce custom security policies. These policies can be applied to containers, hosts, and orchestrators (Kubernetes). You can also set up runtime policies to detect and respond to unauthorized activities.

• Integrated DevSecOps Workflow - integrates security into the DevOps pipeline, enabling organizations to shift left on security. By providing real-time feedback to developers, teams can quickly fix issues before they affect production systems.

Quick Start

Here are the steps to get started with Sysdig Secure:

• Install Sysdig Agent and components, based on your environment
• Connect Cloud Accounts
• Connect peripherals such as:
  • Sysdig Vulnerability CLI Scanner
  • Sysdig Registry Scanner
  • Rapid Response

Warranty Disclaimer

Customer understands and agrees that it is impossible under any current available technology for any security software to identify one hundred percent (100%) of cloud threats, vulnerabilities, malicious software or attacker’s behavior. Sysdig Secure relies upon threat feeds, behavioral analysis, machine learning, and other techniques, but these may not be enough to discover all attacks. Additionally, Customer understands and agrees that Sysdig Secure may incorrectly identify cloud threats, vulnerabilities, potentially malicious software or attacker’s behavior as a potential threat (“False Positive”). SYSDIG DOES NOT GUARANTEE OR WARRANT THAT IT WILL FIND, LOCATE, OR DISCOVER ALL THREATS OR THAT ALL THREATS IT SURFACES ARE FREE FROM FALSE POSITIVES, AND IN USING SYSDIG SECURE CUSTOMER ASSUMES ALL RISK AND LIABILITY.