Installation
Sysdig Shield
Host Shield and Cluster Shield, known collectively as Sysdig Shield, are the installation components of Sysdig Secure. With two containerized components, Host Shield and Cluster Shield help you maintain the security and compliance posture of your systems, and streamline the deployment, management, and configuration of the Sysdig suite of tools.
Sysdig Shield is the new installation method, replacing Classic Agent installation with the following benefits:
- Easier installation and troubleshooting.
- Simplified architecture, with multiple components consolidated into just two containerized components.
- Improved compatibility and support across Sysdig platform.
- Centralized the feature updates of Kubernetes Security Posture Management(KSPM), Vulnerability Management (VM) and Runtime into Host Shield and Cluster Shield release notes.
Host Shield
Host Shield consolidates the following features in one application:
- Runtime Threat Detection
- Host Vulnerability Scanning
- Kubernetes Security Posture Management (KSPM) for Hosts
- Rapid Response
Cluster Shield
Cluster Shield consolidates the following features in one application:
- Container Vulnerability Scanning
- Kubernetes Audit Threat Detection
- Kubernetes Security Posture Management (KSPM) for Clusters
Features Overview
The following section describes Sysdig Secure features and the tools that provide them.
Runtime Threat Detection
Sysdig provides runtime threat detection, which processes syscall events and metrics, creates capture files, and performs auditing and compliance. This provides detailed visibility into container and host activity, helping to detect and prevent threats.
Install Sysdig Shield on Kubernetes | Hosts.
Install Serverless Agent for Linux on Serverless.
Vulnerability Management
Vulnerability management is the systematic process of identifying, evaluating, and addressing security-related software bugs in your organization, as identified by trusted third-party vulnerability feeds. Key concepts areas of Vulnerability management include vulnerability identification, risk assessment and prioritization. Sysdig addresses vulnerability findings at each stage of the software lifecycle.
Vulnerability Pipeline Scanning
The Sysdig CLI Scanner lets you scan a container image stored locally, such as on a developer machine, or in a remote registry. You can also integrate the sysdig-cli-scanner into any instrumentation or CI/CD pipeline to scan any container image right after it is built. Native plugins for some CI/CD software, such as Jenkins, are also available directly from their marketplace.
Registry Scanning
The Sysdig Registry Scanner scans container images stored in registries for vulnerabilities and compliance issues before they are deployed. You can deploy the Registry Scanner as a scheduled cron job in your Kubernetes cluster.
Runtime Scanning
The Sysdig Runtime Scanner includes both Kubernetes workloads and hosts scanning with automatic updates. The scanner automatically observes and reports on all the runtime workloads in containers, keeping a close-to-real time view of images and workloads executing on the different Kubernetes scopes of your infrastructure. Perform periodic re-scans to ensure that the vulnerabilities associated with the runtime workloads and images are up-to-date with the latest vulnerabilities feed databases. It automatically matches a newly-reported vulnerability to your runtime workloads without requiring any additional user interaction.
- Install the Sysdig Agent on Kubernetes | Hosts
Vulnerability Host Scanning
Vulnerability Host Scanning analyzes software packages installed on hosts with periodic scans, and checks for newly-reported vulnerabilities
- Install Sysdig Shield on Kubernetes | Hosts.
- Configure Vulnerability Management for AWS.
- Deploy the Host Scanner for non-Kubernetes containers.
Compliance
Sysdig Shield offers Compliance for Kubernetes and non-Kubernetes containers.
Kubernetes (KSPM)
Sysdig Shield offers Kubernetes Security Posture Management (KSPM) with two features. The Collector collects Kubernetes resources manifests, and the Analyzer analyzes your host’s configuration. Sysdig evaluates these against Compliance policies, and the results are displayed in Sysdig Secure’s Compliance UI.
- Install Sysdig Shield Kubernetes | Hosts.
Containers (Non-Kubernetes)
For hosts running Docker without a Kubernetes orchestrator, the Posture Host Analyzer scans and evaluates against Compliance policies, and displays scan results in Sysdig Secure’s Compliance UI.
Install on Linux Host running Docker
Response
Rapid Response
Sysdig Shield offers Rapid Response for Linux nodes and standalone hosts. Rapid Response lets designated advanced users investigate and troubleshoot events from a remote shell. It helps in quick incident response and resolution.
Enable Rapid Response with Sysdig Shield on:
This feature is not available for Windows nodes or standalone hosts.
Admission Controller
Kubernetes Audit Logging
This feature deploys the Sysdig Admission Controller in your Kubernetes cluster to enable audit logging. It helps in enforcing security policies and preventing the deployment of vulnerable images.
Cloud Account Features
Integrate Sysdig Secure features with your cloud environments to provide unified threat detection, compliance, forensics, and analysis. The Agentless CSPM and Threat Detection features are available on AWS, Azure, and GCP. CIEM (Identity and Access) is currently available on AWS.
Agentless CSPM
This includes:
- Inventory: Search and gain visibility into resources across your cloud (GCP, Azure, and AWS) and Kubernetes environments. Each resource is enriched with a 360 degree overview - misconfigurations, compliance violations, vulnerabilities, and more.
- Compliance:: Review and remediate risk and compliance violations of your business zones against the policies with which you need to comply.
- IAC: Highlights and resolves misconfigurations and policy violations early in the development lifecycle, moving security as close to source as early as possible.
Threat Detection for Cloud
This feature provides:
- Threat Detection for Cloud: Use this to analyze cloud platform logs for known threats.
- Managed Threat Research: Discover new Zero Day Attacks against your cloud.
Identity and Access (CIEM)
Available for AWS: Identity and Access Management, also known as Cloud Infrastructure Entitlement Management (CIEM).
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.