Deep network visibility cuts time required to implement Kubernetes microsegmentation
SAN FRANCISCO, KubeCon + CloudNativeCon — November 17, 2020 — Sysdig, Inc., the secure DevOps leader, today announced the launch of Zero Trust network security for Kubernetes. This launch expands Sysdig’s runtime security to add network visibility and segmentation. With total network visibility and automated rule creation, Sysdig reduces the time to implement network security from weeks to hours.Today, Sysdig also announced the expansion of IBM Cloud Monitoring with Sysdig to include Sysdig Secure.
The best strategy for network security is to use native controls, such as Kubernetes network policies, to enforce Zero Trust network segmentation. With this approach, DevOps teams have confidence that their policies are being implemented accurately. The modern software development stack is moving to open standards and security is no exception.
Blog: Implementing Kubernetes-native network security with Sysdig
Watch: Zero Trust network security for Kubernetes with Sysdig
New Zero Trust Network Security with Sysdig
- Quickly Understand Network Communications with New Topology Maps: DevOps teams are often blind to how containerized apps are communicating. This understanding is critical in creating effective policies. Sysdig adds dynamic network topology maps to visualize all communication into and out of a particular pod, service, and application. This detailed visibility allows DevOps teams to spot malicious attempts that take advantage of permissive network policies before it’s too late.
- Save Time with Low-Touch Kubernetes-Native Network Segmentation: Kubernetes network policies are hard to implement. A lot of time is wasted going back-and-forth between developers and DevOps teams to agree on the right network policy. With this announcement, Sysdig saves time by automating least privilege policies based on observed traffic enriched with application and Kubernetes metadata. Teams can easily implement accurate network policies that are not too permissive, but also do not break application functionality. It also helps organizations meet compliance requirements, such as NIST and PCI, which require network segmentation.
- Conduct Thorough Investigations with Process-Level Visibility: Being able to investigate all connections, either accepted or failed, is critical to responding to below-the-radar attempts before it’s too late. With Sysdig Audit Tap, DevOps teams can fingerprint every process connection, giving full process-level visibility into the entire environment, including every network connection attempt. Teams can monitor every connection made by a process, even if a connection is unsuccessful. Teams can also plug into existing incident response workflows by forwarding events to SIEM tools like Splunk.
Zero Trust is centered on the belief that organizations should never automatically trust anything inside or outside its perimeters and instead must verify before granting access. As cloud and Kubernetes matures, so does interest in applying Zero Trust principles, but DevOps and security teams are inexperienced at applying a Zero Trust network security model to these new environments.
“There are several approaches to Zero Trust that forward-looking security teams can take advantage of. We believe using a Kubernetes-native approach that goes beyond traditional firewalling to enforce segmentation at the namespace and service level is the strongest approach,” said Omer Azaria, Vice President of Engineering, Security at Sysdig. “For developers and DevOps teams, we provide an easy button for implementing Kubernetes network policies. From the cloud security architect’s opinion, Kubernetes network policies provide guardrails that keep security and compliance in check as developers move quickly in the cloud.”
The Sysdig Secure DevOps Platform allows cloud teams to confidently secure containers, Kubernetes, and cloud services. With Sysdig, cloud teams secure the build pipeline, detect and respond to runtime threats, continuously validate compliance, and monitor and troubleshoot cloud infrastructure and services.
Availability
The new network security workflow is available in the Sysdig Enterprise tier at no additional cost. Current Sysdig Enterprise customers have access now and they will see the new dashboards when they log in today.
Join Sysdig at KubeCon
Visit the Sysdig booth and join one of our many activities at KubeCon + CloudNativeCon NA.
Connect with Sysdig
- Join us: Dec. 10, 2020 for Zero Trust network security for containers and Kubernetes
- Get started with Sysdig
- Get more news in the Sysdig newsroom
- Read the Sysdig blog
- Follow Sysdig on Twitter, YouTube and LinkedIn
- Join a Sysdig Event
Media contact
Amanda McKinney Smith(703) 473-4051
[email protected]
In the cloud, every second counts. Attacks unfold in minutes and security teams must protect the business without slowing it down. Sysdig, the leader and outperformer in the “2024 GigaOm Radar for Cloud-Native Application Protection Platforms (CNAPPs),” stops cloud attacks in seconds and instantly detects changes in risk with real-time insights and open source Falco. Sysdig Sage™, the industry’s first AI cloud security analyst, uplevels human response and enables security, developers, and DevOps to work together, faster. By correlating signals across cloud workloads, identities, and services, Sysdig uncovers hidden attack paths and prioritizes real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation.
Sysdig. Secure Every Second.