Sysdig Secure

Sysdig Secure is a Cloud-Native Application Protection Platform (CNAPP), delivering Cloud Detection & Response (CDR), vulnerability management, posture management, and identity & entitlement management. Powered by runtime insights and strong reporting capabilities, Sysdig helps you detect, prioritize, and respond to real-time threats across your clouds, containers, and workloads.

Key Features

Sysdig Secure protects modern, multi-cloud and containerized environments with the following core features:

Sysdig Sage

Sysdig Sage is an AI-powered security assistant built into Sysdig Secure, designed to help teams work smarter and faster. Sysdig Sage accelerates search, vulnerability management, threat investigation and response by providing precise security insights in context, and helping you navigate the user interface to better visualize and respond to threats.

Cloud-Native Application Protection Platform (CNAPP)

  • Sysdig Secure is a Cloud-Native Application Protection (CNAPP) powered by runtime insights. It provides:
    • Risk prioritization to help you remediate on the most critical security issues.
    • Real-time threat detection built on open-source Falco rules.
    • AI-powered security assistance with Sysdig Sage across Search, Vulnerability Management, and Detection and Response workflows.
    • A unified view of all cloud risks and threats with Cloud Attack Graph.

Cloud Detection & Response (CDR)

  • Sysdig Secure continuously monitors running workloads (such as containers and Kubernetes clusters) for suspicious activities, delivering Runtime Threat Detection and Response.

  • Sysdig Secure uses Falco, the open-source threat detection engine, to trigger real-time alerts based on predefined or custom security policies. This enables you to prioritize active risks and stop threats in real time.

  • Activity Audit and Forensics - provides a detailed audit trail of user and system activity. In case of an incident, it can reconstruct events to provide deep forensic insights, including which files were accessed or modified, what commands were run, and who performed specific actions.

Vulnerability Management (VM)

  • Vulnerability Management - scans images and running containers for vulnerabilities and provides prioritized reports, enabling teams to focus on fixing the most critical security issues. It integrates with CI/CD pipelines to ensure images are scanned before they are deployed, preventing vulnerable components from being pushed to production.

  • Image Scanning - scans container images for known vulnerabilities in the package dependencies (e.g., OS packages, libraries). It integrates with registries and CI/CD workflows to automate image scanning throughout the development lifecycle.

  • Integrated DevSecOps Workflow - integrates security into the DevOps pipeline, enabling organizations to shift left on security. By providing real-time feedback to developers, teams can quickly fix issues before they affect production systems.

Kubernetes and Cloud Security Posture Management

  • Compliance Enforcement - helps organizations meet various compliance requirements (such as PCI-DSS, GDPR, NIST) by automating configuration checks and providing audit-ready reports. It monitors for compliance at both the infrastructure and application levels.

  • Kubernetes and Cloud Security Posture Management (CSPM) - offers deep visibility into Kubernetes clusters, allowing teams to monitor configurations, enforce security policies, and detect misconfigurations or violations of best practices. It also supports multi-cloud environments by ensuring compliance and security across AWS, Azure, and Google Cloud platforms.

  • Security Policy Management - enables you to define and enforce custom security policies. These policies can be applied to containers, hosts, and orchestrators (Kubernetes). You can also set up runtime policies to detect and respond to unauthorized activities.

  • Activity Audit and Forensics - provides a detailed audit trail of user and system activity. In case of an incident, it can reconstruct events to provide deep forensic insights, including which files were accessed or modified, what commands were run, and who performed specific actions.

Quick Start

Here are the steps to get started with Sysdig Secure:

Warranty Disclaimer

Customer acknowledges and agrees that it is impossible under any current available technology for any security and/or monitoring software to identify one hundred percent (100%) of cloud threats and risks, vulnerabilities, Errors, malicious software, or an attacker’s behavior (collectively, the “Threats”). Sysdig Secure and Monitor (the “Services”) rely upon threat feeds, behavioral analysis, machine learning, and other techniques that are subject to the limitations set forth in this Documentation. However, these techniques may not be enough to discover all Threats. Further, Customer acknowledges and understands that the Sysdig Services may incorrectly identify Threats, resulting in a false positive. Lastly, Customer acknowledges and understands that by procuring Sysdig’s Services, the Services are just one tool in Customer’s overall cloud strategy and do not represent a shift in responsibility for Customer’s business. Customer remains responsible for ensuring that it has appropriate data security measures in place.