Container security on IBM Cloud

By Eric Carter - NOVEMBER 17, 2020


container security on IBM Cloud

If you’re running containers and Kubernetes on IBM Cloud, you can now enable the key security workflows of Sysdig Secure as a service within your IBM Cloud deployments. This makes it easier for you to implement security tools and policies to ensure your containers and your Kubernetes environment are protected and running as intended. The new container and Kubernetes security features are integrated into IBM Cloud Monitoring with Sysdig and offered as an additional service plan. With it, you’ll be able to secure your build pipeline, detect and respond to runtime threats, and validate compliance across your containers and Kubernetes infrastructure.

What security workflows are available on IBM Cloud?

Sysdig Secure provides security across the life cycle for containers, Kubernetes and cloud services. We can categorize the security capabilities available to you on IBM Cloud as spanning three main practices as shown in the image below:
Secure Builds
Runtime Protection
Rapid Response
Scan images for vulnerabilities and misconfigurations
Get visibility across the stack to confidently run apps in production

Capture detailed audit trails to speed incident response and forensics

Each of these areas provide a range of capabilities that not only help you manage risk, but also block threats, and enable you to better meet compliance requirements for your business. You’ll be able to see inside containers and better handle the dynamic nature of Kubernetes at scale. Let’s get slightly more specific into a few of the features that you can integrate into your DevOps workflow on IBM Cloud to secure your environment:
Action Descripion
Scan container images Trigger image scans and set policies to analyze images within your CI/CD pipeline and repositories to identify known vulnerabilities and violations. Check against specific compliance controls such as PCI and NIST.
Monitor CVEs for running containers Identify new vulnerabilities in running containers without rescanning images.
Configure alert channels Set up notification channels (e.g., PagerDuty, Slack, etc.) to get security event alerts and take action.
Set image scanning alerts Receive alerts about new images, scan results, and new CVEs. Get notified if a running image is impacted by newly discovered vulnerabilities.
Enable runtime security policies Configure detection policies to identify and respond to anomalous runtime container activity. Verify container compliance and implement file integrity monitoring. Create your own custom policies based on Falco rules.
Run compliance tasks Monitor the configuration of your environment compared to CIS benchmarks and best practices. Use compliance dashboards and metrics to visualize progress.
Audit activity Filter user and service interactions to accelerate incident response. Perform forensics to understand security breaches, meet compliance requirements, and recover quickly.
All of the container, Kubernetes, and cloud security features are available through the Sysdig Secure web UI. IBM Cloud Monitoring with Sysdig and the new Sysdig Secure capabilities are all driven from the same agent and the same cloud-based back end. You can easily switch to the Sysdig Secure context directly from your Sysdig monitoring instance in IBM Cloud. Sysdig Secure runtime security event monitoring Secure your build pipeline, detect and respond to #Kubernetes runtime threats, and continuously validate compliance with Sysdig Secure – Now on IBM Cloud! Click to tweet Application development is transforming with the move to CI/CD, containers and open source. If you find yourself struggling with how – and where – to enable security controls for your containers, Kubernetes, and cloud, check out what Sysdig has to offer. One place to start is to read our Kubernetes Security Guide.

How do you get started with Sysdig Secure on IBM Cloud?

Sysdig Secure is available in Sydney, Australia now and will be available in all regions where Sysdig Monitor is deployed in the coming weeks. If you’re looking to jump right in and get started, check out the IBM blog that outlines the steps to deploying an instance. You can get going in a few simple steps, which typically takes only a few minutes. Don’t have an IBM Cloud account? You can create an account and get started today!

Subscribe and get the latest updates