Connect Cloud Accounts

The Sysdig Secure platform for cloud accounts enables teams to secure builds, detect and respond to runtime threats, and continuously manage cloud configurations, permissions, and compliance. AWS and GCP support all the agentless cloud features from Sysdig. Azure supports agentless CSPM, CDR, and vulnerability scanning.

Cloud Features

Agentless Compliance and Posture Management (CSPM)

Sysdig’s Compliance and Posture Management for cloud accounts includes:

Inventory: Search and gain visibility into resources across your cloud and Kubernetes environments. Each resource is enriched with a 360-overview of misconfigurations, compliance violations, vulnerabilities, and more.
Compliance: Review and remediate risk and compliance violations of your business zones against the policies with which you need to comply.
Infrastructure as Code (IaC): This feature highlights and resolves misconfigurations and policy violations early in the development lifecycle, moving security close to the source as early as possible.

Cloud Detection and Response (CDR)

Also known as Threat Detection, this includes:

Threat Detection For Cloud: Sysdig analyzes Cloud platform logs for known threats.
Managed Threat Research: Discover new Zero Day Attacks against your cloud.

Cloud Infrastructure Entitlement Management (CIEM)

Sysdig’s Cloud Infrastructure Entitlement Management (CIEM), also known as Identity and Access Management (IAM), provides:

Least Permissive Analysis: Sysdig analyzes CloudTrail logs and offers suggestions based on the principle of least privilege (PoLP), which involves eliminating excessive permissions from all identity entities.
Identity Hygiene: Prioritize what matters using risk labels (multi-factor authentication, inactive user, admin access) that automatically map to IAM violations.
Jira Remediation: Assign identity-related remediations through Jira.

Agentless Vulnerability Scanning

Sysdig’s Agentless Vulnerability Host Scanning, also known as Vulnerability Management (VM), provides runtime vulnerability detection in cloud accounts.

Installation Planning

Sysdig’s cloud features rely on the following components:

CSPM: Trust relationship.
CDR: Log ingestion.
CIEM: Log ingestion and Trust relationship.
VM: Volume access.

CSPM is set up when you connect a cloud account. The installation wizards in the UI take you through the installation scenarios for your cloud provider, which involve setting up the required component for the feature you desire.

AWS

Agentless Install:
- Cloud Security Posture Management (CSPM)
- Cloud Infrastructure Entitlement Management (CIEM)
- Cloud Detection and Response (CDR)
- Vulnerability Scanning (VM)
Legacy Agent-Based with CIEM: Agent-based CDR with CIEM, plus Agentless CSPM, installed using a script

GCP

Agentless Install:
- Cloud Security Posture Management (CSPM)
- Cloud Infrastructure Entitlement Management (CIEM)
- Cloud Detection and Response (CDR)
- Vulnerability Scanning (VM)
Agent-Based Threat Detection: Agent-based Threat Detection using a script

Azure

Agentless Install:

Cloud Security Posture Management (CSPM)
Cloud Detection and Response (CDR)
Vulnerability Scanning (VM)

Onboarding Types

Single onboarding scopes a single AWS account, GCP project, and Azure subscription. The target can either belong to an organization or operate independently. It is primarily recommended for feature testing before configuring the organizational setup.
Organizational onboarding scopes an AWS or GCP organization, or an Azure tenant. This installation is recommended to scope all the member items within the organizational landscape.

Quick Start

To secure a cloud account:

Log in to Sysdig Secure as admin and select Integrations > Cloud Accounts and choose AWS, GCP, or Azure.
From the relevant account page, follow the wizard prompts to connect the account.
- AWS
- Azure
- GCP

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.