Business Challenges
- Lack of visibility into container environments
- Drowning in unimportant alerts
- Gaps in timely threat detection
- Inefficient remediation, including alerts that lacked actionable information, straining security-engineering collaboration
Company Overview
JumpCloud is a leading cloud-based platform that provides unified identity, device, and access management for distributed workforces. Trusted by over 250,000 organizations in more than 160 countries, JumpCloud enables organizations to streamline IT operations, enhance security, and simplify user management across their entire ecosystem.
Operating in a security-conscious environment, JumpCloud places a strong emphasis on minimizing risk and proactively defending against evolving cyberthreats.
Challenges
Seeing Through the Black Box
Containers offer efficiency and scalability from an engineering perspective, but for security teams, they present a unique challenge: lack of visibility. By abstracting away much of the underlying environment, containers are a security blind spot. “We had all these black-box blobs across our environment,” said Robert Phan, Chief Information Security Officer (CISO) at JumpCloud. “We needed a way to see inside, to understand their posture and state. Traditional tools simply couldn’t provide that level of visibility.”
Prioritization Alone Falls Short Without Action
Managing vulnerabilities in a containerized environment was another major challenge. Ideally, JumpCloud’s teams would use distroless images and single-binary containers, but in practice, that wasn’t always feasible.
“The reality was that we also had some bloated containers loaded with dependencies, each introducing its own vulnerabilities,” Phan said.
Identifying, prioritizing, and remediating those vulnerabilities without overwhelming the security or engineering teams is critical to success in a cloud-native world.
“Throwing a thousand tickets at engineers and telling them to fix everything isn’t a viable strategy,” Phan said. “It not only creates unnecessary friction between security and engineering, but it also leaves us vulnerable. Threat actors aren’t waiting around for a patch.”
Drowning in Alerts, Starved for Insights
Speed is everything in cloud security. On average, an attacker can exploit a vulnerability within 10 minutes of discovering it. JumpCloud needed to be faster, but its existing security tools made that very difficult.
“The alert noise was so overwhelming from the solution we used before Sysdig that finding actionable alerts took a lot of time,” Phan said. “However, as an identity and mobile device management provider, we didn’t have the luxury of delayed response times. We needed to address threats in real time.”
Real-time detection and response became a top priority.
“We needed visibility and proactive security, as well as reactive capabilities at every access point,” Phan said. “Every security professional aims to prevent cyberincidents, but the reality is that prevention isn’t perfect. Breaches will happen. You have to be prepared. Being able to detect and respond instantly is nonnegotiable for us.”
The 555 Benchmark: A detection and response benchmark designed for the cloud
Ten minutes – that’s all it takes to execute an attack in the cloud after discovering an exploitable target. Outpacing attackers in the cloud requires that security teams meet the 555 Benchmark, which specifies five seconds to detect, five minutes to triage, and five minutes to respond to threats. Learn more here
Instead of adding another tool to JumpCloud’s stack, they sought out a platform that combined vulnerability management, cloud security posture management, threat detection and response, and cloud workload protection. Threat detection in seconds was at the top of their criteria list. Sysdig provided all four use cases, in addition to the visibility, speed, and security JumpCloud required. Given that many on Phan’s team had extensive experience with Falco, the open source runtime security tool that underpins Sysdig’s threat detection capabilities, the decision to evaluate Sysdig was a natural next step.
Solutions
Breaking the Bottlenecks in Vulnerability Management
With Sysdig, JumpCloud has streamlined its vulnerability management processes, significantly reducing critical vulnerabilities in its container environment. A key factor in this success is Sysdig’s sophisticated vulnerability prioritization, which allows the security team to focus on what matters most.
“One of the first things my team latched on to was how easy it was to prioritize vulnerability remediation,” Phan said. “We could filter vulnerabilities not just by severity, but also by factors like exploitability and attack paths. We loved that there were so many ways to splice the data.”
Beyond prioritization, Sysdig has helped JumpCloud adopt an iterative approach to remediation, preventing engineers from being overwhelmed by an avalanche of issues. Instead of assigning massive vulnerability backlogs, the security team now gradually rolls out tasks in order of criticality, providing engineers with visibility into the real world impact of their fixes.”
“If you dump a giant pile of vulnerabilities on an engineer, and the first one they check isn’t a real risk, their motivation plummets,” Phan said. “But when you show an engineer exactly how a critical vulnerability exposes the company, getting them to take action is a much easier sell. Instead of expecting them to scale a mountain, you’re giving them a series of manageable steps with clear, tangible outcomes.”
Turning Alert Noise into Actionable Intelligence
“We use a suite of tools to detect threats across every layer of our environment,” Phan said. “When it comes to container and workload security, Sysdig stands out. It gives us complete visibility into an area where we previously had blind spots.”
That visibility is critical, especially for identifying unintended security risks.
“One thing people forget is that insider threats aren’t always malicious. Most of the time, it’s a well-meaning employee making an honest mistake,” Phan said. “With Sysdig, we can spot those actions immediately, understand their impact, and respond appropriately.”
Beyond visibility, alert prioritization has dramatically improved. Instead of drowning in security notifications, JumpCloud now receives actionable alerts, which are routed directly to Slack and PagerDuty for immediate response.
“With other tools on the market, the alert noise was so overwhelming, it was completely unmanageable. I had to dig through logs and manually piece together what happened, and it was a slow, reactive process,” Phan said. “With Sysdig, that changed. After tuning, the alerts are high value and immediately actionable, so much so that we now manually investigate every single one. Sysdig brings the full picture to the surface instantly, making it much faster and easier to respond effectively.”
Sysdig’s forensic capabilities also enhance investigations by providing detailed alert tracing.
“Sysdig gives us plenty of data in the initial alert payload, but what really stands out is its forensic depth,” Phan said. “The ability to drill down, correlate data, and track root causes is incredibly efficient. Our engineers love how straightforward it is. It gives them exactly what they need to do their jobs. They can triage and respond to an event in minutes instead of spending hours researching.”
Ultimately, what Phan finds most compelling about Sysdig is how it organizes and presents security data.
“Once you start using Sysdig, it really sells itself,” Phan said. “A lot of tools flood you with as much information as possible with no regard for its value or presentation. They throw out all these charts and all this data and all these alerts, but no real assistance on how to eat the elephant.”
“Sysdig doesn’t waste your time with things that don’t need your attention,” he said. “It’s one of the things my team and I love about the platform. From a design perspective, it helps us stay focused on the vulnerabilities and events that are actually a priority. This means that we can secure our organization quickly and efficiently.”
Bridging the Gap Between Security and Engineering
From the start, JumpCloud sought a security solution that would provide oversight without stifling engineering agility.
“I don’t want our security team to be in the position of constantly telling engineers they can’t innovate because there are some unknowns involved,” Phan said. “I want them to work the way they choose. With Sysdig’s runtime monitoring, we get visibility into both posture and activity, which allows us to enable – not hinder – engineering.”
The result? A balance of freedom and accountability.
“Engineers know they can do what they need to do, but they also know we’re watching,” Phan said. “And that’s okay, because we trust our ability to detect and respond quickly.”
JumpCloud has also gamified vulnerability management, using Sysdig’s filtering capabilities to create an engaging, competitive approach to remediation. This has resulted in a roughly 80% reduction in container vulnerabilities. The security team can set specific goals for engineers, then remove filters one by one as those goals are met.
“We always celebrate wins,” Phan said. “We have leaderboards, and we encourage teams to compete. Who can meet their service-level agreements the fastest? Who has the fewest vulnerabilities in a given category? Sysdig helps us break remediation into bite-sized, achievable tasks, which keeps engagement high and progress steady.”
Extending the Power of Falco with Sysdig’s Unified Platform
JumpCloud’s familiarity with Falco initially led them to explore Sysdig. While Falco provided powerful threat detection, Phan and his team realized that managing and interpreting Falco’s data required significant engineering effort.
“Falco is a fantastic tool, but it requires engineers and operators to manually interpret the data and draft new detections,” Phan said. “We ultimately found that partnering with Sysdig made more sense. It gave us Falco’s power, but packaged within a platform that provided greater efficiency, visibility, and automation.”
The decision to fully adopt Sysdig wasn’t just about technical capabilities. It also came down to return on investment and support.
“We evaluated several tools, but from a business value perspective, Sysdig was the clear choice,” Phan said. “If we had tried to build a similar solution ourselves, we would have needed to hire several more engineers and still spend months developing something far less complete. Sysdig gave us everything we needed out of the box, and the support we’ve received has been unmatched.”
At the end of the day, JumpCloud understands that cybersecurity is an asymmetric battle. Attackers have the upper hand. But with Sysdig, they’ve shifted the balance.
“Attackers will always have an edge. That’s the reality of security,” Phan said. “But by adding Sysdig to our defense-in-depth strategy, we’ve significantly reduced that advantage and strengthened our overall resilience.”
To learn more about JumpCloud, visit jumpcloud.com.
About Sysdig
In the cloud, every second counts. Attacks unfold in minutes and security teams must protect the business without slowing it down. Sysdig, named Customers’ Choice in the Gartner® “Voice of the Customer” report for cloud-native application protection platforms (CNAPPs), stops cloud attacks in seconds and instantly detects changes in risk with real-time insights and open source Falco. Sysdig Sage™, the industry’s first artificial intelligence (AI) cloud security analyst, uplevels human response and enables security, developers, and DevOps to work together, faster. By correlating signals across cloud workloads, identities, and services, Sysdig uncovers hidden attack paths and prioritizes real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation.
Sysdig. Secure Every Second.
Take the Next Step!
See how you can secure every second in the cloud.