From Falco to Sysdig: How Financial Firm Syfe Simplified Compliance and Threat Detection

Company Overview

Syfe is an international digital investment platform that helps customers manage their wealth and investments with a secure cloud-native infrastructure. In addition to personalized wealth management, Syfe offers a brokerage service that enables customers to trade securities in major markets, including Singapore and the United States.

Solutions

Scaling Security: From Foundation to Full Integration

“While Falco gave us foundational security, Sysdig enabled us to fully integrate security into how we deploy applications,” Garg said. “With Sysdig, security isn’t just a checkpoint – it’s seamlessly embedded into our workflows, giving us the visibility and control needed to protect our cloud environments effectively.”

Garg worked closely with Sysdig to manage the transition from Falco to the Sysdig Platform, rapidly completing the migration. Syfe fully integrated its licenses, and the benefits were immediate. One of the biggest advantages was eliminating the need for multiple open source tools. Instead of juggling various security solutions, Syfe centralized everything within Sysdig, integrating it seamlessly with Amazon Web Services (AWS). This provided not only better visibility but also the ability to make faster, more informed security decisions, reducing response time 80% to 90%.

Managing Threat Detection: An Elite Threat Research Team

Managing Falco’s detection rules required ongoing manual effort – especially as new cloud attack techniques emerged. Sysdig eliminated this operational burden by providing prebuilt, continuously updated threat detection rules through the Sysdig Threat Research Team. This team actively tracks emerging threats, proactively adding detections before new techniques are even public, ensuring that Syfe is always protected against the latest vulnerabilities.

“With Falco, we spent valuable time writing and maintaining custom detection rules,” Garg said. “Sysdig’s Threat Research Team has one of the best pulses on the latest attacks. With their insight, they continuously refine and update detections within Sysdig, ensuring that we’re always one step ahead of attackers.”

By automating rule management and detection processes, Sysdig allowed Syfe’s security team to reduce time spent on manual rule updates by 90%-95%, freeing them up to focus on higher-priority security initiatives.

Vulnerability Prioritization: Achieving Automated Workflows

Sysdig also transformed Syfe’s vulnerability management processes. Its previous scanning tool required external database downloads, and results were only visible within the continuous integration/continuous delivery pipeline, creating development bottlenecks. With Sysdig, these challenges disappeared. No external downloads are required, and all vulnerability data is now accessible through a centralized dashboard and alerts.

“With Sysdig, we can generate a report and automatically deliver it to whoever is responsible for fixing the vulnerability,” Garg said. “They receive clear ownership and a defined path forward, which makes them far more motivated to take action. This has also greatly improved coordination between our teams.”

The result of introducing vulnerability management with Sysdig? A faster, more secure development pipeline, further strengthened by Sysdig’s runtime vulnerability scanning.

“Our approach to DevOps is to automate as much as possible while enabling our developers,” Garg said. “Sysdig has helped us achieve this by streamlining security workflows and automating critical security processes. It also helped us identify and fix several critical vulnerabilities we were previously unaware of. Now, we get critical data points, such as whether a vulnerable build or library is loaded into memory, helping us prioritize security risks effectively.”

Through Sysdig’s dashboard and automated alerts, developers and engineers can quickly identify vulnerable builds, understand prioritization, and access clear remediation steps. Automated reporting ensures that no vulnerabilities are overlooked, improving response times and strengthening Syfe’s security posture.

Compliance Gains: CIS AWS Foundations Benchmark from 60% to >90%

Sysdig has made compliance coordination significantly more efficient for Syfe’s teams. By consolidating multiple tools into a single platform, they can now run all security checks through one solution. Automated notifications further streamline the process, ensuring that the right stakeholders are alerted without manual intervention.

Since deploying Sysdig, Syfe’s Center for Internet Security (CIS) AWS Foundations Benchmark score has risen from roughly 60% to over 90%.

Syfe is now expanding its compliance efforts, focusing on CIS benchmarks for its EKS deployment. The long-term goal is to broaden compliance coverage across additional frameworks.

“Compliance requirements vary by region,” Garg said. “Our goal is to be fully prepared when regulators from any of our markets approach us with questions. We want our security measures to be so strong that we never receive a negative assessment – and Sysdig gives us the visibility and control to ensure that we meet the highest standards every single day.”

Secure Access: Strengthening Protection with AWS

Before deploying Sysdig, Syfe relied on custom integrations to connect with AWS security tools. With Sysdig, those manual efforts became unnecessary. Sysdig’s prebuilt policies automatically generate alerts from AWS security services, and by integrating AWS audit logs, Syfe now gains deeper, more actionable security insights.

“Sysdig helps us analyze logs far more efficiently,” Garg said. “We receive alerts for database password changes, part of our automated test environment setup, and for suspicious activity like multiple failed logins.”

Beyond improved logging and monitoring, Sysdig has also enhanced identity and access management (IAM). When Syfe transitioned from traditional IAM to AWS IAM, they eliminated long-term access keys, which posed a significant security risk. However, one of their open source tools did not integrate well with the new system, forcing them to reintroduce access keys, which reintroduced potential vulnerabilities.

“Forgotten access keys can easily be exposed on GitHub or other repositories,” Garg said. “It might seem like a minor issue, but over time, it can become a major security risk. Sysdig not only helped us identify outdated access keys, but also flagged users with unused permissions, ensuring tighter control over identity security.”

Cloud Security AI: Enhancing Human Response

“With Sysdig, we transitioned from a reactive to a proactive security approach,” said Garg. “Building visibility was crucial for us, but Sysdig has allowed us to do so much more than that.”

One standout feature has been Sysdig Sage™, an advanced security solution that uses generative artificial intelligence to help security teams quickly analyze risks, investigate threats, and access key security insights without manual effort. Instead of searching through dashboards or documentation, Sysdig Sage employs multistep reasoning and contextual awareness to accelerate the resolution of complex cloud attacks.

“Rather than navigating through the interface or documentation, we simply ask Sysdig Sage,” Garg said. “It streamlines our workflows, reduces time spent on investigations, and ensures that we can respond to security issues faster than ever.”

“Initially, we viewed Sysdig mainly as a tool for container security,” Garg said. “But we’ve realized it provides a holistic solution that covers our entire infrastructure – AWS, pipelines, Kubernetes, integrations, and code base. Sysdig is one of the best commercial security tools we use. And if I had to choose again, I’d pick Sysdig every time. The support, features, and overall experience are exceptional.”

To learn more about Syfe, visit syfe.com.