Connect Cloud Accounts

Cloud Features

Agentless Compliance and Posture Management (CSPM)

Sysdig’s Compliance and Posture Management for cloud accounts includes:

• Inventory: Search and gain visibility into resources across your cloud and Kubernetes environments. Each resource is enriched with a 360-overview of misconfigurations, compliance violations, vulnerabilities, and more.
• Compliance: Review and remediate risk and compliance violations of your business zones against the policies with which you need to comply.
• Infrastructure as Code (IaC): This feature highlights and resolves misconfigurations and policy violations early in the development lifecycle, moving security close to the source as early as possible.

Cloud Detection and Response (CDR)

Also known as Threat Detection, this includes:

• Threat Detection For Cloud: Sysdig analyzes Cloud platform logs for known threats.
• Managed Threat Research: Discover new Zero Day Attacks against your cloud.

Cloud Infrastructure Entitlement Management (CIEM)

Sysdig’s Cloud Infrastructure Entitlement Management (CIEM), also known as Identity and Access Management (IAM), provides:

• Least Permissive Analysis: Sysdig analyzes CloudTrail logs and offers suggestions based on the principle of least privilege (PoLP), which involves eliminating excessive permissions from all identity entities.
• Identity Hygiene: Prioritize what matters using risk labels (multi-factor authentication, inactive user, admin access) that automatically map to IAM violations.
• Jira Remediation: Assign identity-related remediations through Jira.

Agentless Vulnerability Scanning

Sysdig’s Agentless Vulnerability Host Scanning, also known as Vulnerability Management (VM), provides runtime vulnerability detection in cloud accounts.

Installation Planning

Sysdig’s cloud features rely on the following components:

• CSPM: Trust relationship.
• CDR: Log ingestion.
• CIEM: Log ingestion and Trust relationship.
• VM: Volume access.

CSPM is set up when you connect a cloud account. The installation wizards in the UI take you through the installation scenarios for your cloud provider, which involve setting up the required component for the feature you desire.

Supported Features

AWS

• Agentless:
  • Cloud Security Posture Management (CSPM)
  • Cloud Infrastructure Entitlement Management (CIEM)
  • Cloud Detection and Response (CDR)
  • Vulnerability Scanning (VM)
• Legacy Agent-Based:
  • Cloud Detection and Response (CDR)

GCP

• Agentless:
  • Cloud Security Posture Management (CSPM)
  • Cloud Infrastructure Entitlement Management (CIEM)
  • Cloud Detection and Response (CDR)
  • Vulnerability Scanning (VM)
• Legacy Agent-Based:
  • Cloud Detection and Response (CDR)

Azure

• Agentless:
  • Cloud Security Posture Management (CSPM)
  • Cloud Infrastructure Entitlement Management (CIEM)
  • Cloud Detection and Response (CDR)
  • Vulnerability Scanning (VM)
• Legacy Agent-Based:
  • Cloud Detection and Response (CDR)

Oracle Cloud

• Agentless:
  • Cloud Security Posture Management (CSPM)

Onboarding Types

• Single onboarding is scoped to a single AWS account, GCP project, or Azure subscription. The target can either belong to an organization or operate independently. It is primarily recommended for feature testing before configuring the organizational setup.

• Organizational onboarding covers an entire AWS Organization, GCP Organization, Azure Tenant or Oracle Cloud Tenancy. This installation is recommended to secure your whole environment.

Quick Start

To connect a cloud account:

1. Log in to Sysdig Secure as admin and select Integrations > Cloud Accounts and choose AWS, GCP, Azure or Oracle Cloud.
2. From the relevant account page, follow the wizard prompts to connect the account.

• AWS
• Azure
• GCP
• Oracle Cloud