Sysdig

Securing SaaS Delivery and Customer Confidence with Sysdig

80%
REDUCTION OF VULNERABILITY NOISE
20%
TIME SAVINGS BY CONSOLIDATING
INTO A CNAPP
6
MINUTE TIMEFRAME TO SECURELY DEPLOY CODE THROUGH INTEGRATED CHECKS

Business Need

  • Extend compliance controls and processes to containerized environments
  • Improve risk score by remediating vulnerabilities
  • Free up security engineers to support digital transformation
  • Gain full visibility across multicloud infrastructure and operations
  • Maintain security standards while transitioning to SaaS service delivery model
“We had a visibility gap before Sysdig. With Sysdig, we understand in real time where our risk lies.”
Cloud Security Lead

Company Overview

In a world where leveraging data is not just an advantage but a necessity, navigating the complexities of data management without breaking the budget or overwhelming your technology stack can be a formidable challenge.

As a leading player in the industry, this global data productivity organization is founded on the steadfast belief that the key to efficient data utilization lies in harnessing the power of the cloud. Its platform offers a seamless and unified environment to build, deploy, and scale data pipelines with unprecedented efficiency.

Empowering both coders and noncoders alike, the platform facilitates the easy movement, transformation, and orchestration of data pipelines, all with the added benefit of instant deployment. Trusted by thousands of enterprises, this accessibility ensures that the power of data productivity is in the hands of everyone within an organization.

Industry: Software Technology

Infrastructure: Amazon Web Services, Google Cloud, Microsoft Azure

Orchestration: Amazon Elastic Kubernetes Service

Solution: Sysdig Secure

Challenges

Breaking the Bottleneck of Cloud Migration

The company’s software was originally built on-premises, but to expand its target market and provide better service to clients, the team decided that it would step into the world of software-as-a-service (SaaS) delivery.

“Our very large engineering team wanted to move away from the Amazon Machine Image model into clouds and containers,” said the company’s cloud security lead. “While that was fantastic on their end, from a security point of view, it represented a black hole of stuff I couldn’t monitor or review. Our security tooling was designed in a world of static servers, not SaaS.”

“Although we used several static image scanning tools to check our container repositories for vulnerabilities, that wasn’t enough to keep pace,” he said. In addition to their static tooling, they had another problem – how to empower hundreds of developers with a team of just three people. That team also needed to collaborate with Application Security; Governance, Risk and Compliance (GRC); Site Reliability Engineering (SRE); and Release Engineering amid an uneven release cadence.

The company’s compliance requirements introduced even more complications. They needed to deploy their new service model in a way that wouldn’t jeopardize their ISO 27001 or SOC 2 Type II certifications. Because they had customers across every industry, they also needed to ensure that they could support other regulatory frameworks such as PCI DSS, FedRAMP, and HIPAA if necessary.

“We had security controls in place around vulnerability management, endpoint detection and response, monitoring, and access with regards to both ISO and SOC 2,” the cloud security lead said. “However, all of those controls were baked into our old server. We needed to find a way to bridge that gap, especially around workload and vulnerability management.”

“We’ve always had a focus on security, and we needed our new service to be commensurate with our old. We couldn’t achieve that level of security with existing tools, but with Sysdig we can provide what customers expect and demand. I have full confidence in both their platform and their expertise as a security partner.”
Cloud Security Lead

Solutions

Rejecting the Black Box Approach

The company began their journey speaking to a Sysdig competitor. “After a very long proof-of-concept process, we ultimately selected Sysdig as our preferred option,” the cloud security lead said. “The real decider was that the competitor’s tool was a black box. I couldn’t read the rules, and it seemed like even the vendor’s support team didn’t know what their ML model was doing.”

Sysdig, on the other hand, was based on Falco, an open source solution for threat detection in hosts, containers, and the cloud. It allowed the company to identify and eliminate vulnerabilities, threats, and misconfigurations in real time while maintaining a high level of transparency.

“Being able to see the rules and change them if necessary added an extra layer of assurance,” he said. “And we knew that if we needed to investigate further, we had the ability to do so; we just needed to write a new Falco rule.”

Transparency wasn’t the only selling point that brought the organization around to Sysdig. The comprehensive visibility Sysdig provides enables teams to clearly identify activity and determine if there are active threats.

Shining a Light Under a Rock

When the company first deployed Sysdig, the cloud security lead not only had visibility under the hood of his new tool; he also had visibility into his environment.

“Sysdig managed to shine a light under that dark rock that was giving me sleepless nights,” the cloud security lead said. “It validated the work that our AppSec team has been doing while also putting my fears to rest. Now, if there is suspicious activity in our environment, my team is immediately alerted and can respond to it.”

“Having insight and context across our multicloud environments enabled us to understand our environment as a whole. This visibility made everything easier, including increasing development time to market.”

Because it’s their infrastructure that Sysdig is monitoring and reporting on, the company’s SRE team also benefits from information Sysdig provides about the deployed Kubernetes infrastructure. The company’s GRC team relies on the platform to measure and monitor the effectiveness of compliance controls. Finally, release engineering integrated Sysdig’s vulnerability pipelines into the company’s continuous integration/continuous delivery pipeline.

“Because of the way we integrated Sysdig, we were able to shift security left without having to train every developer on the platform,” the cloud security lead said. “Developers can now simply make a pull request in the source code, and the platform will notify them whether or not there’s a problem. Compliance also likes that the platform gives them the ability to self-service without consuming resources from the security team.”

“Our GRC team lead was also really excited about some of the compliance reports he could get out of Sysdig,” he added.

Prioritizing Vulnerabilities So the Focus is on True Risk

The organization also found the ability to filter vulnerabilities to be incredibly useful. Breaking them down by average age, image, and namespace gives the team a complete view of how well teams are maintaining their service-level agreements. Runtime insights from Sysdig, meanwhile, drive faster remediation by providing information on what is in use during production, and therefore what poses the greatest risk.

“With Sysdig, we can go back to our system owners with a very high-level view of their vulnerabilities and show them which ones are actively being used,” the cloud security lead said. “We can enforce accountability when it comes to remediation because we aren’t telling them to fix everything; rather, we can tell them exactly which ones warrant their attention.”

Sysdig has also allowed the cloud security team to effectively change the narrative around security, conveying information about risks and vulnerabilities in a way that’s both actionable and intuitive – and in so doing, they’ve improved security literacy across the organization.

“People have started to understand the value of things like build packs in terms of helping with maintainability of vulnerabilities,” the cloud security lead said. “They’re also starting to understand the value of building and maintaining their own images. We’ve even had a few really proactive developers kicking down my door because they want to use the Sysdig platform themselves.”

Moving Toward Fewer Tools and Greater Visibility

Although the company completed its deployment of Sysdig, the team has no intention of standing still.

“One of our design goals in shifting to SaaS is to become cloud-agnostic,” the cloud security lead said. “If we can maintain portability between the various clouds, that gives us significant selling power. That’s ultimately tomorrow’s problem, though.”

“For now, Sysdig has helped us bring our security and compliance capabilities into a containerized world,” the cloud security lead concluded. “I have full confidence in the findings the solution provides. I no longer need to worry about black holes or wonder if we’re sticking our heads in the sand and ignoring a problem somewhere on our network.”

“Developers can spend their time creating new products or fixing a never-ending mountain of vulnerabilities. Runtime insights make them extremely efficient. They fix what needs to be fixed and then get back to building revenue-generating software.”
Cloud Security Lead

About Sysdig

In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights and open source Falco. We correlate signals across cloud workloads, identities, and services to uncover hidden attack paths and prioritize real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation.

Sysdig. Secure Every Second.

To learn more about Sysdig, visit sysdig.com

Take the Next Step!

See how you can secure every second in the cloud.