In the News

The team behind Sysdig Secure has released version 2.4 of the container security product, sprinkling runtime profiling and a new policy editor into the mix.

At the Black Hat USA conference, Sysdig today announced it has extended the capabilities of Sysdig Secure to include runtime profiling and anomaly detection enabled by machine learning algorithms with Kubernetes environments. At the same time, Sysdig unveiled Falco Rule Builder, a more flexible user interface (UI) for creating runtime security policies, which integrates tightly with Sysdig Secure.

Today Sysdig announced a new update to their Cloud Native Visibility and Security Platform, with the release of Sysdig Secure 2.4. The new version of the Secure product includes some pretty nifty enhancements.

Container security company Sysdig Inc. is beefing up its Kubernetes monitoring system with a couple of new capabilities that leverage its latest advancements in machine learning. They include runtime profiling as well as a new user interface called Falco Rule Builder that makes it easier to create runtime security policies. Sysdig adheres to what it calls a “unified approach” to container security, which involves monitoring for threats and also providing forensic tools to investigate any potential issues.

Falco works by looking at file changes, network activity, the process table, and other data for suspicious behavior and then sending alerts through a pluggable back end. It inspects events at the system call level of a host through a kernel module or an extended BPF probe. Falco contains a rich set of rules that you can edit for flagging specific abnormal behaviors and for creating allow lists for normal computer operations.

Sysdig sees into the Linux kernel via a kernel module or eBPF. It can therefore see everything that is happening on a Linux box. All processes. All IO. All users, all commands, all args. All containers.

Falco works by looking at file changes, network activity, the process table, and other data for suspicious behavior and then sending alerts through a pluggable back end. Falco contains a rich set of rules that you can edit for flagging specific abnormal behaviors and for creating allow lists for normal computer operations.

In this interview, conducted at KubeCon + CloudNativeCon (Barcelona), we discussed the state of security in the cloud-native world.

Recognizing that there is no such thing as perfect security, practitioners like to layer up to increase the chances of keeping the bad guys at bay, so-called defense in depth strategies. Container environments present some new challenges, so require a few additional security layers.

The container realm requires new thinking about security. Legacy tools that enterprises try to bring forward to secure their new container environments simply are not up to the challenge. And worse yet, many of the new container-specific security products are limited in scope, which means organizations that go that route will end up with a parcel of new siloed tools that require too much manual correlation.

In-Q-Tel -- the intelligence community’s venture capital arm -- this week disclosed another pair of investments in commercial technology outfits to determine how those companies’ offerings can be deployed to defense and IC agencies.

Applications deployed to a Kubernetes cluster in IBM Cloud will likely generate some level of diagnostic output (i.e., logs). As a developer or an operator, you may want to access and analyze different types of logs—such as worker logs, pod logs, app logs, or network logs—to troubleshoot problems and preempt issues.

The Cloud Native Computing Foundation’s flagship conference, KubeCon + CloudNativeCon Europe, is right around the corner, May 20 - 23, 2019 taking place this year in Fira Gran Via, Barcelona, Spain. Ahead of the show, VMblog was able to speak with Loris Degioanni, founder and CTO of Sysdig.

Sysdig has continued to expand the ways its customers can slice and dice the fine grained information it gathers about your cloud native applications, now with the beta launch of its Visibility and Security Platform (VSP) 2.0.

Sysdig, supplier of intelligent container technology, is now working closely with Amazic, an international full-service IT distributor and training partner with a branch in Nieuw-Vennep.