Connect Cloud Accounts

The Sysdig Secure platform for cloud accounts enables teams to secure builds, detect and respond to runtime threats, and continuously manage cloud configurations, permissions, and compliance. AWS, GCP and Azure support all the agentless cloud features from Sysdig. Oracle Cloud supports agentless CSPM.

Cloud Features

Agentless Compliance and Posture Management (CSPM)

Sysdig’s Compliance and Posture Management for cloud accounts includes:

  • Inventory: Search and gain visibility into resources across your cloud and Kubernetes environments. Each resource is enriched to provide a 360-overview of misconfigurations, compliance violations, vulnerabilities, and more.
  • Compliance: Review and remediate risk and compliance violations of your business zones against the policies with which you need to comply.
  • Infrastructure as Code (IaC): This feature highlights and resolves misconfigurations and policy violations early in the development lifecycle, moving security close to the source as early as possible.
  • Basic Cloud Infrastructure Entitlement Management (CIEM): Improve your Identity hygiene by identifying Risks based on Connected IAM Resources and Permission Criticality, such as Data Exfiltration Risk in 1 Hop and Risky AWS Users. Use Search to filter for Identities with configuration-based Identity findings such as No MFA and Administrative Permissions.

Cloud Detection and Response (CDR)

Also known as Threat Detection, this includes:

  • Threat Detection for Cloud: Sysdig analyzes Cloud platform logs for known threats.
  • Managed Threat Research: Discover new Zero Day Attacks against your cloud.

Advanced Cloud Infrastructure Entitlement Management (CIEM)

Sysdig’s Advanced Cloud Infrastructure Entitlement Management (CIEM), also known as Identity and Access Management (IAM), provides:

  • Least Permissive Analysis: Sysdig analyzes cloud platform logs and offers suggestions based on the principle of least privilege (PoLP), which involves eliminating excessive permissions from all identity entities.
  • Usage-Based Context: Clean up IAM Policies and Principals that are going unused, and understand which high-risk permissions are actively used versus unnecessary.

Agentless Vulnerability Scanning

Sysdig’s Agentless Vulnerability Host Scanning, also known as Vulnerability Management (VM), provides runtime vulnerability detection in cloud accounts.

Malware Scanning

Malware Scanning (currently in Technical Preview) extends the capabilities of Vulnerabilities Scanning to catch dormant threats. While Sysdig Secure already protects your environment by monitoring file activity at runtime, malware can hide in files that aren’t actively being executed or modified.

Malware Scanning fingerprints all Executable and Linkable Format (ELF) files with a SHA-256 hash. These hash values are compared against Sysdig’s up-to-date databases of known malware signatures. If malware is detected, findings are displayed in the UI (see View Malware Scanning Results) and included in your Software Bill of Materials (SBOM).

You can use provider-supported tagging to control scan scope at the VM or volume level.

Malware scanning follows the same snapshot 24-hour schedule as vulnerability management.

Prerequisites

  • The supported cloud providers are AWS, Azure, and GCP.
  • Vulnerability Management Host Scanning must be enabled.
  • Only Linux-based virtual machines are supported.

Enable Malware Scanning

Follow these links to enable Malware Scanning for:

Installation Planning

Sysdig’s cloud features rely on the following components:

  • CSPM: Trust relationship.
  • CDR: Log ingestion.
  • CIEM: Log ingestion and Trust relationship.
  • VM: Volume access.

CSPM is set up when you connect a cloud account. The installation wizards in the UI take you through the installation scenarios for your cloud provider, which involve setting up the required component for the feature you desire.

Supported Features

Cloud ProviderCloud Security Posture Management (CSPM)Cloud Infrastructure Entitlement Management (CIEM)Cloud Detection and Response (CDR)Vulnerability Host ScanningVulnerability Workload Scanning
AWS
GCP
Azure
Oracle Cloud

Onboarding Types

  • Single onboarding is scoped to a single AWS account, GCP project, or Azure subscription. The target can either belong to an organization or operate independently. It is primarily recommended for feature testing before configuring the organizational setup.

  • Organizational onboarding covers an entire AWS Organization, GCP Organization, Azure Tenant or Oracle Cloud Tenancy. This installation is recommended to secure your whole environment.

Quick Start

To connect a cloud account:

  1. Log in to Sysdig Secure as admin and select Integrations > Cloud Accounts and choose AWS, GCP, Azure or Oracle Cloud.
  2. From the relevant account page, follow the wizard prompts to connect the account.