Sysdig

India’s Largest Crypto Exchange Triples Threat Remediation Speed with Sysdig

jumpcloud company logo

VIEW PDF
~70%
reduction in misconfigurations within six months
12x
faster vulnerability remediation
67% less
time spent on reporting tasks

Business Challenges

  • Lack of real-time cloud visibility, making threat detection difficult
  • Compliance barriers around open-source security solutions blocked SOC 2 certification
  • Slow manual remediation process delayed fixes for months
  • Struggled to detect unauthorized crypto mining
  • Fragmented security tools led to coverage gaps
Sysdig is our main warrior, defending against threats and cyberattacks. In the cloud, we have full visibility and control through a single console.”
Sumit Birajdar Director, Security Engineering, Cyber Defense and Enterprise IT, CoinDCX

Company Overview

CoinDCX is a leading cryptocurrency exchange based in India, offering an environment for trading a wide array of cryptocurrencies. Operating as an exchange for over 16 million users, the platform hosts more than 500 crypto assets. The company has experienced significant growth, with initiatives targeting millennials and Generation Z to expand its user base to over 50 million. CoinDCX emphasizes security and regulatory compliance, positioning itself as a key player in India’s rapidly evolving digital asset market.

Industry: Financial Technology

Infrastructure: Amazon Web Services

Orchestration: Amazon EKS

Solution: Sysdig Secure

Challenges

Limited Cloud Visibility and Identity Complexity

Operating in a fast-paced crypto environment, CoinDCX relied heavily on the cloud to support scale and flexibility. But with that came security trade-offs.

“The cloud brought a lot of ease to the tech team and business operations, but it also made things challenging for my team,” said Sumit Birajdar, Director, Security Engineering, Cyber Defense and Enterprise IT at CoinDCX. “We didn’t have real-time visibility, so we had to stay on our toes for misconfigurations and vulnerabilities. It consumed a lot of our time.”

The company’s vast infrastructure made it hard to track ownership of components, enforce consistent policies, or even distinguish between misconfigurations and actual threats. At one point, the team uncovered over 5,000 misconfigurations across their environment, a volume that overwhelmed manual processes and obscured real risk. Many security tools were designed to focus on either containerized or noncontainerized environments, but not both. As a result, CoinDCX had to juggle multiple solutions, leading to siloed data and fragmented security workflows.

Slow, Manual Remediation Workflows

Even after identifying vulnerabilities, CoinDCX struggled to remediate them efficiently. Some noncritical fixes took up to three months, exposing CoinDCX and their customers to unnecessary risk.

“We had to put significant effort into compiling reports and manually explaining the fixes to other teams,” Birajdar said. “It was time-consuming and frustrating for everyone involved.”

Sharing information with developers involved manual steps: compiling reports, formatting data, and explaining how to fix each issue. The lack of automation created delays, confusion, and friction between the security and development teams.

Gaps in Compliance and Scalability with Open Source Tools

Early on, CoinDCX explored Falco, the open source threat detection engine, as a potential low-cost, high-impact option for runtime visibility. While the tool showed strong detection capabilities, it wasn’t built for the enterprise-level compliance and scalability their team required.

“As we matured, we needed a platform with documentation, support, and clarity,” Birajdar said. “We couldn’t rely on open source for our most critical infrastructure.”

The company’s compliance roadmap, including International Organization for Standardization (ISO) 27001, required features Falco couldn’t offer, like automated reporting, centralized policy enforcement, and broader environment coverage. These compliance certifications were a prerequisite for CoinDCX’s international expansion, making the need for a licensed, unified platform to support both security operations and long-term compliance a critical business requirement.

Because Sysdig is built on Falco, it’s not a black box. If we need a detection that isn't included out of the box, we can build and deploy it ourselves the same day.”
Sumit Birajdar Director, Security Engineering, Cyber Defense and Enterprise IT, CoinDCX

Solutions

Finding the Right Tool for the Job

CoinDCX’s approach to security tool selection followed three principles:

  • Thoroughly evaluate solutions to ensure they meet all requirements.
  • Build a best-in-breed security stack from endpoint to cloud, avoiding all-in-one platforms.
  • Establish operational metrics to drive continuous improvement.

“We specifically avoided vendors offering all-in-one security,” Birajdar said. “These tools were often so tightly integrated that replacing individual components was impossible – you had to swap out the entire suite.”

Instead, they looked for a platform that could integrate multiple capabilities without forcing them into a rigid, all-or-nothing suite.

With this philosophy in mind, CoinDCX conducted proof-of-concept tests with multiple cloud and runtime security solutions. One vendor met most requirements but fell short on runtime security, offering unnecessary features and a complex licensing model. Another excelled in noncontainer security but lacked robust runtime capabilities in Elastic Kubernetes Service (EKS), which made up most of CoinDCX’s infrastructure.

Only one solution checked every box without compromise: Sysdig.

Sysdig stood out for its runtime security custom detection rules, built on Falco, and its streamlined licensing model. But just as importantly, Sysdig also offered powerful capabilities for cloud security posture management (CSPM). CoinDCX adopted Sysdig’s CSPM module in late 2024, and within six months saw a 60% to 70% drop in cloud misconfigurations, significantly improving their overall security hygiene.

“From day one, Sysdig delivered visibility and insights we simply didn’t have before. Especially around posture and misconfigurations,” Birajdar said. “Misconfigs are often the first thing attackers look for, so fixing those proactively became our top priority.”

Rather than just identifying misconfigurations, Sysdig helped the team enforce policies to keep them from recurring, hardening CoinDCX’s infrastructure and laying the foundation for long-term compliance.

Ultimately, CoinDCX deployed Sysdig for cloud workload protection, runtime threat detection, and posture management, centralizing key capabilities in a flexible platform that balanced immediate detection with proactive defense.

Customizable Vulnerability Management and Real-Time Detection, Minus the Black Box

CoinDCX kicked off its Sysdig deployment by creating custom policies and zones around critical components and vulnerabilities.

“For identity threats and cloud detection and response, we wanted to enable Sysdig on a specific set of priority accounts,” Birajdar said. “We didn’t want to apply it everywhere at once. That approach, combined with the platform’s customizability, has helped us respond to threats more effectively and manage vulnerabilities more efficiently.”

CoinDCX also extended Sysdig’s vulnerability management beyond containers to cover noncontainer environments. “A key advantage has been the ability to create custom rules tailored to infrastructure-specific issues, particularly in distinguishing between legitimate crypto activities and malicious threats like unauthorized crypto mining,” Birajdar said.

Crypto jacking was relatively new when CoinDCX started working with Sysdig. “Detecting and responding to crypto jacking has become a core area of focus for our team. It’s an unfortunate reality of our industry. Thankfully, Sysdig is very effective at flagging these kinds of transactions,” Birajdar said.

Now, CoinDCX is working to integrate Sysdig cloud detection and response (CDR) and identity-related logs into its continuous monitoring systems. This will enhance the cyber defense team’s ability to detect unauthorized identity-related actions while providing deeper insights into the company’s production systems.

Eliminating Roadblocks to Remediation

Beyond providing granular control over real-time threat detection, Sysdig has helped CoinDCX completely overhaul its vulnerability management process. Previously, the security team manually compiled and delivered reports to stakeholders. Now the process is fully automated, significantly improving communication between security and development teams.

“With Sysdig, we’re able to quickly assign vulnerabilities to the right people,” Birajdar said. “We send automated emails to developers with all the relevant details: what needs to be fixed, why it matters, and how to resolve it. We’ve gone from applying fixes every three months to once a week, a 12 times improvement in mean time to repair.”

The security team has also automated reports for leadership, streamlining executive visibility into the company’s security posture.

“At a leadership level, the key question is always, ‘Are we secure?’” Birajdar said. “Sysdig allows us to answer that question easily. Instead of spending time assembling reports, we can focus on higher-value security initiatives while driving continuous improvement in our vulnerability management processes.”

Sysdig’s continuous insights and automated reporting have also benefited CoinDCX’s development team. Developers can now proactively address redundant components and vulnerabilities while automatically generating reports on their fixes.

“Before deploying Sysdig, we had three people dedicated full time to cloud security,” Birajdar said. “Now, two of them are focusing on broader security initiatives. At the same time, we’ve significantly reduced vulnerabilities and misconfigurations, while putting policies in place to prevent future issues. This means that we’re able to both improve development velocity and reduce risk. We don’t have to choose between the two anymore.”

Forging a Path to a Compliant Future

Sysdig is also supporting CoinDCX’s long-term compliance goals. Already ISO 27001 certified, the company is now working toward Service Organization Control (SOC) 2 Type II certification, aiming for full compliance while expanding internationally.

“Fixing misconfigurations and addressing vulnerabilities has always been our immediate priority,” Birajdar said. “But compliance is our long-term goal. Right now, crypto and Web 3.0 aren’t regulated everywhere. But with Sysdig, we have everything we need to lead by example, which turns security from an impediment to an enabler of business growth.”

“When we chose Sysdig, it wasn’t just about securing our infrastructure,” he said. “It was about prioritizing what matters: efficiency, visibility, and proactive compliance. Sysdig hasn’t just improved our security approach, it has completely transformed it.”

To learn more about CoinDCX, visit coindcx.com.

Thanks to Sysdig, my security engineers can focus on their primary job rather than on constantly producing reports.”
Sumit Birajdar Director, Security Engineering, Cyber Defense and Enterprise IT, CoinDCX

About Sysdig

In the cloud, every second counts. Attacks unfold in minutes and security teams must protect the business without slowing it down. Sysdig, named Customers’ Choice in the Gartner® “Voice of the Customer” report for cloud-native application protection platforms (CNAPPs), stops cloud attacks in seconds and instantly detects changes in risk with real-time insights and open source Falco. Sysdig Sage™, the industry’s first artificial intelligence (AI) cloud security analyst, uplevels human response and enables security, developers, and DevOps to work together, faster. By correlating signals across cloud workloads, identities, and services, Sysdig uncovers hidden attack paths and prioritizes real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation.

Sysdig. Secure Every Second.

Take the Next Step!

See how you can secure every second in the cloud.

Request Demo