It’s almost a year since Sysdig’s behavioral activity monitoring tool Falco entered the sandbox of the Cloud Native Computing Foundation (CNCF). We talked to the company’s new chief open source advocate Kris Nova and co-founder Loris Degioanni to check in about the project’s progress and talk about the state of Kubernetes security and open source licensing in general.
Sysdig is doubling down on its efforts to make its open source Falco project the de facto means for pulling security metrics for runtime security and intrusion detection. The company has already contributed Falco to the Cloud Native Computing Foundation (CNCF) and has hired Kris Nova, a CNCF ambassador who worked for Heptio (now part of VMware) and Deis (now part of Microsoft).
The team behind Sysdig Secure has released version 2.4 of the container security product, sprinkling runtime profiling and a new policy editor into the mix.
The latest release by cloud-native security company Sysdig is an effort to wrangle the complexity of modern distributed software architecture. Version 2.4 of Sysdig Secure — part of the company’s Visibility and Security Platform (VSP) — includes runtime profiling and anomaly detection, which builds on previous updates to VSP announced earlier this year that provided visibility improvements based on the “context-rich and deep performance and security data from hosts, containers, orchestrators, network, process, and files” provided by its use of the enhanced Berkeley Packet Filter (eBPF).
At the Black Hat USA conference, Sysdig today announced it has extended the capabilities of Sysdig Secure to include runtime profiling and anomaly detection enabled by machine learning algorithms with Kubernetes environments. At the same time, Sysdig unveiled Falco Rule Builder, a more flexible user interface (UI) for creating runtime security policies, which integrates tightly with Sysdig Secure.
Today Sysdig announced a new update to their Cloud Native Visibility and Security Platform, with the release of Sysdig Secure 2.4. The new version of the Secure product includes some pretty nifty enhancements.
Container security company Sysdig Inc. is beefing up its Kubernetes monitoring system with a couple of new capabilities that leverage its latest advancements in machine learning. They include runtime profiling as well as a new user interface called Falco Rule Builder that makes it easier to create runtime security policies. Sysdig adheres to what it calls a “unified approach” to container security, which involves monitoring for threats and also providing forensic tools to investigate any potential issues.
Falco works by looking at file changes, network activity, the process table, and other data for suspicious behavior and then sending alerts through a pluggable back end. It inspects events at the system call level of a host through a kernel module or an extended BPF probe. Falco contains a rich set of rules that you can edit for flagging specific abnormal behaviors and for creating allow lists for normal computer operations.
Sysdig sees into the Linux kernel via a kernel module or eBPF. It can therefore see everything that is happening on a Linux box. All processes. All IO. All users, all commands, all args. All containers.
Falco works by looking at file changes, network activity, the process table, and other data for suspicious behavior and then sending alerts through a pluggable back end. Falco contains a rich set of rules that you can edit for flagging specific abnormal behaviors and for creating allow lists for normal computer operations.