If you’re running containers and Kubernetes on IBM Cloud, you can now enable the key security workflows of Sysdig Secure as a service within your IBM Cloud deployments. This makes it easier for you to implement security tools and policies to ensure your containers and your Kubernetes environment are protected and running as intended. The new container and Kubernetes security features are integrated into IBM Cloud Monitoring with Sysdig and offered as an additional service plan. With it, you’ll be able to secure your build pipeline, detect and respond to runtime threats, and validate compliance across your containers and Kubernetes infrastructure.
What security workflows are available on IBM Cloud?Sysdig Secure provides security across the life cycle for containers, Kubernetes and cloud services. We can categorize the security capabilities available to you on IBM Cloud as spanning three main practices as shown in the image below:
Capture detailed audit trails to speed incident response and forensics
Scan container images
|Trigger image scans and set policies to analyze images within your CI/CD pipeline and repositories to identify known vulnerabilities and violations. Check against specific compliance controls such as PCI and NIST.
Monitor CVEs for running containers
|Identify new vulnerabilities in running containers without rescanning images.
Configure alert channels
|Set up notification channels (e.g., PagerDuty, Slack, etc.) to get security event alerts and take action.
Set image scanning alerts
|Receive alerts about new images, scan results, and new CVEs. Get notified if a running image is impacted by newly discovered vulnerabilities.
Enable runtime security policies
|Configure detection policies to identify and respond to anomalous runtime container activity. Verify container compliance and implement file integrity monitoring. Create your own custom policies based on Falco rules.
Run compliance tasks
|Monitor the configuration of your environment compared to CIS benchmarks and best practices. Use compliance dashboards and metrics to visualize progress.
|Filter user and service interactions to accelerate incident response. Perform forensics to understand security breaches, meet compliance requirements, and recover quickly.
Secure your build pipeline, detect and respond to #Kubernetes runtime threats, and continuously validate compliance with Sysdig Secure – Now on IBM Cloud!Click to tweet