Installation

To use Sysdig Secure, follow the installation instructions in this section. Review the features and components and choose the installation path that fits your environment.

Sysdig Secure provides container, Kubernetes, and cloud security for the entire enterprise, from pipeline development through incident response.

Host Shield and Cluster Shield

The Sysdig Host Shield and Cluster Shield streamline the deployment, management, and configuration of the Sysdig suite of security and compliance tools. By consolidating multiple deployments into just two containerized components, the Host Shield and Cluster Shield simplify operations in Kubernetes environments, helping you maintain the security and compliance posture of your systems. You use the shield chart to install the Host and Cluster Shield components in your Kubernetes environment.

The Sysdig Cluster Shield and Host Shield are the installation components of Sysdig Secure. They unify multiple previously-separate agent deployments into a single containerized component.

This integration simplifies deploying, configuring, and managing Sysdig’s security and compliance tools at the cluster level. By streamlining operations in Kubernetes environments, Cluster Shield and Host Shield help you efficiently maintain the security and compliance posture of your system.

Benefits

Simplified Installation and Upgrades

Unified installation process: Only two artifacts to install simplifies Sysdig onboarding.
Streamlined upgrade paths: Reduced complexity and consistency across environments through simplified upgrade processes.

Unified Versioning

Single source: Centralized versioning information and release notes for the consolidated components.
Easier tracking: Simplified monitoring of new features, defect fixes, and performance enhancements.

Improved Compatibility and Support

Enhanced compatibility: Improved support across Sysdig suite of tools.
Streamlined support process: A unified shield approach simplifies troubleshooting and resolution efforts.

Host Shield

Host Shield consolidates the following features in one application:

Runtime Threat Detection
Host Vulnerability Scanning
KSPM for the Host
Rapid Response

Cluster Shield

Cluster Shield consolidates the following features in one application:

Container Vulnerability Scanning
Kubernetes Audit Threat Detection
KSPM for the Cluster

Features Overview

The following section describes Sysdig Secure features and the tools that provide them.

Runtime Threat Detection

The Sysdig Agent provides runtime threat detection, which processes syscall events and metrics, creates capture files, and performs auditing and compliance. It provides detailed visibility into container and host activity, helping to detect and prevent threats.

Sysdig also provides a serverless agent available for ECS Fargate.

Install Sysdig Shield on Kubernetes | Hosts | Cloud Workloads

Vulnerability Management

Vulnerability management is the systematic process of identifying, evaluating, and addressing security-related software bugs in your organization, as identified by trusted third-party vulnerability feeds. Key concepts areas of Vulnerability management include vulnerability identification, risk assessment and prioritization. Sysdig addresses vulnerability findings at each stage of the software lifecycle.

Vulnerability Pipeline Scanning

The sysdig-cli-scanner tool allows you to scan a container image stored locally, such as a developer machine, or in a remote registry. You can also integrate the sysdig-cli-scanner as part of any instrumentation or CI/CD pipeline to scan any container image right after it is built. Native plugins for some CI/CD software, such as Jenkins, are also available directly from their marketplace.

Install as a binary on your pipeline

Registry Scanning

This registry scanning component deploys the Sysdig Registry Scanner as a scheduled cron job in your Kubernetes cluster. It scans container images stored in the registry for vulnerabilities and compliance issues before they are deployed.

Install the Registry Scanner for a range of registry vendors.

Runtime Scanning

The Sysdig Runtime Scanner includes both Kubernetes workloads and hosts scanning with automatic updates. The scanner automatically observes and reports on all the runtime workloads in containers, keeping a close-to-real time view of images and workloads executing on the different Kubernetes scopes of your infrastructure. Perform periodic re-scans to ensure that the vulnerabilities associated with the runtime workloads and images are up-to-date with the latest vulnerabilities feed databases. It automatically matches a newly-reported vulnerability to your runtime workloads without requiring any additional user interaction.

Installed with the Sysdig Agent on Kubernetes | Hosts

Vulnerability Host Scanning

Vulnerability host scanning analyzes software packages installed on hosts with periodic re-scans. It automatically matches a newly-reported vulnerability to your hosts without requiring any additional user interaction.

Install options:

With Sysdig Agent on Kubernetes
On host as container or package
Agentless for AWS cloud accounts
Extended for non-Kubernetes containers

Compliance

Kubernetes (KSPM)

KSPM Analyzer: This Kubernetes Security Posture Management component analyzes your host’s configuration and sends the output to be evaluated against compliance policies. The scan results are displayed in Sysdig Secure’s Compliance UI.
KSPM Collector: This component enables the collection and sending of Kubernetes resource manifests to be evaluated against Compliance policies. Install on Kubernetes

Containers (Non-Kubernetes)

Posture Host Analyzer: This component is for hosts running Docker without a Kubernetes orchestrator, to scan, evaluate against Compliance policies, and display scan results in Sysdig Secure’s Compliance UI. Install on Linux Host running Docker

Response

Rapid Response

The Rapid Response feature lets designated advanced users investigate and troubleshoot events from a remote shell. It helps in quick incident response and resolution.

Install on Kubernetes or on a host as a container

Admission Controller

Kubernetes Audit Logging

This component deploys the Sysdig Admission Controller in your Kubernetes cluster to enable audit logging. It helps in enforcing security policies and preventing the deployment of vulnerable images.

Install on Kubernetes

Cloud Account Features

Integrate Sysdig Secure features with your cloud environments to provide unified threat detection, compliance, forensics, and analysis. The Agentless CSPM and Threat Detection features are available on AWS, Azure, and GCP. CIEM (Identity and Access) is currently available on AWS.

Connect Cloud Accounts

Agentless CSPM

This includes:

Inventory: Search and gain visibility into resources across your cloud (GCP, Azure, and AWS) and Kubernetes environments. Each resource is enriched with a 360 degree overview - misconfigurations, compliance violations, vulnerabilities, and more.
Compliance:: Review and remediate risk and compliance violations of your business zones against the policies with which you need to comply.
IAC: Highlights and resolves misconfigurations and policy violations early in the development lifecycle, moving security as close to source as early as possible.

Threat Detection for Cloud

This feature provides:

Threat Detection for Cloud: Use this to analyze cloud platform logs for known threats.
Managed Threat Research: Discover new Zero Day Attacks against your cloud.

Identity and Access (CIEM)

Available for AWS: Identity and Access Management, also known as Cloud Infrastructure Entitlement Management (CIEM).

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.