Sysdig integrates CDR to improve cloud security visibility; talks architecture with EdgeIR

The solution leverages the capabilities of Falco, an open-source tool designed for detecting cloud threats. This tool can be implemented on organizational infrastructure with the Sysdig security solution. By doing so, customers gain the advantage of agentless deployment, allowing them to access Falco when processing cloud logs, the company says.

“They are the only vendor that provides a complete platform with multiple defense layers to detect abnormal activity in real-time and surface appropriate context so that we understand the possible impact and can respond quickly,” says Pierre Brunelle, the CEO at Noteable.

Sysdig’s new cloud security solution includes a feature called Kubernetes Live. This feature allows the internal security team to monitor the entire cloud infrastructure and workloads. The Sysdig ProcessTree integration helps to identify and remove threats by tracing the attack path from the user to the process. This includes examining the process lineage and obtaining information about the container and host. Further, it provides details about the malicious user and their impact.

“Sysdig enables us to quickly detect and respond to cloud attacks at cloud speed by knowing what is happening, the exact container or location in the cloud, and what is causing it, versus hours to detect and understand what needs to be done,” says Karl Maire, the platform tech team lead at Fuel50.

A report issued earlier this year by Sysdig on cloud-native security and container utilization highlights misconfiguration and vulnerability as the two primary cloud security concerns. The company thinks standard cloud security tools could be more efficient in detecting potentially harmful actions quickly. This delay could allow hackers to misuse the organization’s resources and result in serious outcomes.

Sysdig joins a growing number of companies highlighting severe issues with supply chain risks in cloud and container environments. Sysdig’s solution aims to enhance threat detection in the software supply chain by introducing new Sysdig GitHub detections. This will enable security teams to receive real-time notifications about critical events.

Q&A: Scaling the workload monitoring architecture

Monitoring Kubernetes and other distributed workloads is a big challenge for companies; putting that data in the context of security events has the potential to create its own performance and scaling challenges.

EdgeIR asked the company to describe how it has scaled its ability to monitor workloads. Eric Carter at Sysdig told EdgeIR that the company’s cloud security solution is used by enterprises like Goldman Sachs, Big Commerce, Worldpay by FIS, and Experian “because the platform is proven at a scale and scope unmatched by others. The top 10 Sysdig customers operate the largest clouds in the world, each managing up to 160k servers and 2-8 million containers.”

“We have built our architecture for scale, using a thoughtful approach of eBPF agents in conjunction with multi-tier enrichment to correlate data across workloads, identities, and cloud services.,” he added. “Today’s announcement extends the scale of our platform horizontally, introducing an agentless version of Falco to perform threat detection on cloud services, identities, and Github,” noting that has more than 60 million downloads.

EdgeIR asked what Sysdig is seeing in terms of how Kubernetes is being deployed and whether customers are using Falco to monitor highly distributed “edge” workloads or if they are mostly focused on monitoring multi-cloud and multi-region workloads.

“Delivering enterprise applications and data workloads closer to the front lines of business at the edge of the network brings the possibility of a new wave of innovation beyond the corporate office. However, computing at the edge brings with it a new set of challenges,” Carter believes.

“With that said, in the grand scheme of technology, we are still in the infancy of cloud. Companies are at various levels of the journey, but overall, most customers are still focused on centralized or regionally distributed K8s versus inserting into edge locations,” he said.

Carter notes that “A lot of data is generated at the edge, but a lot of that is pulled centrally. As cloud adoption matures, we think you will see more Kubernetes adoption at the edge because it offers an effective means for delivery and iterating on apps.

Article Topics

CDN  |  CNAPP  |  GitHub  |  Kubernetes  |  monitoring  |  observability  |  software supply chain  |  Sysdig  |  workload