Blog Icon

Blog Post

Sysdig extends security control with VMware Tanzu Service Mesh

NEW!! LIVE WEBINAR: Zero Trust Network Security for Containers and Kubernetes - Dec 10, 2020 10am Pacific / 1pm Eastern

Sysdig is working with VMware to deliver enhanced microservice and cloud security. Leveraging the container runtime security capabilities of Sysdig Secure along with the operations and security policies of VMware Tanzu Service Mesh, built on VMware NSX, customers will be better able to accelerate Kubernetes and cloud adoption, as well as application modernization.

As more and more organizations go multi-cloud, standardizing the management, security, and monitoring of workloads, wherever they may run, helps to smooth operations. And, by addressing the unique requirements of cloud-native environments from the start, enterprises can get a head-start on managing cloud security risk as they move to containers and Kubernetes.

Extending Tanzu Service Mesh with Sysdig Secure

Tanzu Service Mesh enables a transparent and language-independent way to observe, automate, control and better secure microservices at an API level. Sysdig Secure, part of the Sysdig Secure DevOps Platform, is a Kubernetes security and compliance solution for better securing cloud-native workloads. It embeds security into the build, run and response stages of the container lifecycle. By combining Sysdig Secure with Tanzu Service Mesh, users can increase security and compliance capabilities to prevent vulnerabilities, stop threats, accelerate incident response, and enable forensics.

One of the key capabilities of Tanzu Service Mesh is to enable service owners, operators, and DevSecOps teams the ability to apply operational controls across services to help secure communications between microservices, data, and users across multiple cloud-native platforms. The integration of Sysdig Secure with Tanzu Service Mesh is targeted at extending the depth of security intelligence available for Tanzu Service Mesh users with critical findings that help drive better policy decisions.

Read the blog: Forging A Path to Continuous, Risk-based Security with VMware NSX Service Mesh for additional insight into the evolution of the Tanzu security model.

Increasing visibility and control in multi-cluster environments

The unified management, global policies, and seamless communications available with Tanzu Service Mesh enable greater control across complex, multi-cluster mesh topologies regardless of where they run. This empowers developers, infrastructure operations and security teams to more effectively collaborate to enable clusters to be more secure, operate efficiently and deliver the service levels that applications expect.

Visibility into security events is critical for security teams and DevOps to understand and address incidents occurring across cloud deployments in real-time. Using a third-party findings API available with Tanzu Service Mesh, policy events from Sysdig Secure can be forwarded to give additional information that will help drive remediation.

Security insights with Sysdig Secure

Sysdig Secure provides threat detection and forensics capabilities that help Tanzu Service Mesh users understand their container and environment activity and take appropriate action. This not only helps provide assurance that your environment is secure, compliant, and resilient but also ensures you respond faster in the event of a security threat.

Threat Detection

Runtime threat detection, built on open source Falco, helps you identify and block suspicious activity and anomalies in your container environment. Here are a few examples, including how Tanzu Service Mesh capabilities help enable your security response.

Terminal shell in a container

Sysdig Secure detects command-Line Interface execution (terminal shell) in a running container in violation of a configured policy. This event represents risk in that it might indicate an attacker attempting to manipulate the system, download malware, or initiate other malicious activity. By providing the details to Tanzu Service Mesh a user can then apply controls to isolate the pod/container and reduce the exposure of the activity. This capability is designed to help organizations better meet compliance, auditing and intrusion detection requirements.

Attempt to search for private keys or passwords

Sysdig Secure detects when a user or system performs a search for private keys or passwords. This activity represents the risk that someone is attempting to gain credentials that would allow access to systems, application or data. In this case, Tanzu Service Mesh can be used to isolate pods where this activity is taking place.

MITRE ATT&CK framework detections

Sysdig Secure detects system events that seem abnormal based on the adversary tactics and techniques as defined by the MITRE ATT&CK framework. From this information, activities deemed to be a threat or anomalous can be remediated by isolating the involved pods and containers.

Incident Response and Forensics

After any threat has been contained using the controls available with Tanzu Service Mesh, for further incident response and forensics investigation, you can now jump into the Sysdig Secure UI and explore the details of the event:

Sysdig Security events that help Tanzu Service Mesh users


Now you can dig deeper by checking the Activity Audit and perform a post-mortem analysis, correlating all the activities from the same context in a timeline to find the Kubernetes user that launched the shell along with the activity that happened inside that terminal session:

Activity Audit of the event


If the Runtime Policy that you created included triggering a capture file, you can also analyze the detailed capture information directly from the UI. This lets you inspect metrics, executed commands, system calls, sockets and files, and even examine I/O streams to check the data that was transmitted, read or written during the incident:

image alt text

Conclusions

The integration of the Sysdig Secure DevOps Platform with Tanzu Service Mesh provides enhanced security intelligence that extends threat prevention, detection, and response. As a result, the addition of in-depth cloud insights enables CISOs, SREs and DevOps professionals with more comprehensive security governance to reduce business risk.

We’re excited to work with VMware as they execute their Kubernetes strategy. We’re here to help VMware customers as they adopt VMware cloud-native solutions and invite you to request a free trial of the Sysdig Secure DevOps Platform.

Stay up to date

Sign up to receive our newest.

Related Posts

Sysdig Secure 3.0 introduces native prevention and incident response for Kubernetes

How to monitor Istio, the Kubernetes service mesh

K8s security guide.