In the News

It’s almost a year since Sysdig’s behavioral activity monitoring tool Falco entered the sandbox of the Cloud Native Computing Foundation (CNCF). We talked to the company’s new chief open source advocate Kris Nova and co-founder Loris Degioanni to check in about the project’s progress and talk about the state of Kubernetes security and open source licensing in general.

Sysdig is doubling down on its efforts to make its open source Falco project the de facto means for pulling security metrics for runtime security and intrusion detection. The company has already contributed Falco to the Cloud Native Computing Foundation (CNCF) and has hired Kris Nova, a CNCF ambassador who worked for Heptio (now part of VMware) and Deis (now part of Microsoft).

The latest release by cloud-native security company Sysdig is an effort to wrangle the complexity of modern distributed software architecture. Version 2.4 of Sysdig Secure — part of the company’s Visibility and Security Platform (VSP) — includes runtime profiling and anomaly detection, which builds on previous updates to VSP announced earlier this year that provided visibility improvements based on the “context-rich and deep performance and security data from hosts, containers, orchestrators, network, process, and files” provided by its use of the enhanced Berkeley Packet Filter (eBPF).

The team behind Sysdig Secure has released version 2.4 of the container security product, sprinkling runtime profiling and a new policy editor into the mix.

At the Black Hat USA conference, Sysdig today announced it has extended the capabilities of Sysdig Secure to include runtime profiling and anomaly detection enabled by machine learning algorithms with Kubernetes environments. At the same time, Sysdig unveiled Falco Rule Builder, a more flexible user interface (UI) for creating runtime security policies, which integrates tightly with Sysdig Secure.

Today Sysdig announced a new update to their Cloud Native Visibility and Security Platform, with the release of Sysdig Secure 2.4. The new version of the Secure product includes some pretty nifty enhancements.

Container security company Sysdig Inc. is beefing up its Kubernetes monitoring system with a couple of new capabilities that leverage its latest advancements in machine learning. They include runtime profiling as well as a new user interface called Falco Rule Builder that makes it easier to create runtime security policies. Sysdig adheres to what it calls a “unified approach” to container security, which involves monitoring for threats and also providing forensic tools to investigate any potential issues.

Falco works by looking at file changes, network activity, the process table, and other data for suspicious behavior and then sending alerts through a pluggable back end. It inspects events at the system call level of a host through a kernel module or an extended BPF probe. Falco contains a rich set of rules that you can edit for flagging specific abnormal behaviors and for creating allow lists for normal computer operations.

Sysdig sees into the Linux kernel via a kernel module or eBPF. It can therefore see everything that is happening on a Linux box. All processes. All IO. All users, all commands, all args. All containers.

Falco works by looking at file changes, network activity, the process table, and other data for suspicious behavior and then sending alerts through a pluggable back end. Falco contains a rich set of rules that you can edit for flagging specific abnormal behaviors and for creating allow lists for normal computer operations.

In this interview, conducted at KubeCon + CloudNativeCon (Barcelona), we discussed the state of security in the cloud-native world.

Recognizing that there is no such thing as perfect security, practitioners like to layer up to increase the chances of keeping the bad guys at bay, so-called defense in depth strategies. Container environments present some new challenges, so require a few additional security layers.

The container realm requires new thinking about security. Legacy tools that enterprises try to bring forward to secure their new container environments simply are not up to the challenge. And worse yet, many of the new container-specific security products are limited in scope, which means organizations that go that route will end up with a parcel of new siloed tools that require too much manual correlation.

In-Q-Tel -- the intelligence community’s venture capital arm -- this week disclosed another pair of investments in commercial technology outfits to determine how those companies’ offerings can be deployed to defense and IC agencies.

Applications deployed to a Kubernetes cluster in IBM Cloud will likely generate some level of diagnostic output (i.e., logs). As a developer or an operator, you may want to access and analyze different types of logs—such as worker logs, pod logs, app logs, or network logs—to troubleshoot problems and preempt issues.