Scale Cloud Custodian for CSPM with Sysdig Secure
Sysdig Secure extends Cloud Custodian to continuously manage cloud security posture
Watch On Demand! FIND, FOCUS, and FIX the Cloud Threats that Matter with Accenture, AWS, Expel, Snyk, Sysdig and SANS
What Is Cloud Custodian?
Cloud Custodian is an open-source rules engine for cloud configuration management. It is a Cloud Native Computing Foundation® (CNCF®) Sandbox project. Sysdig Secure uses the Cloud Custodian project to offer Cloud Security Posture Management (CSPM) for AWS, Azure and GCP. Using Cloud Custodian under the hood, Sysdig continuously manages cloud configuration risks, such as cloud misconfigurations and compliance violations.
Benefits of Cloud Custodian
Open source
Accelerate innovation by adopting an open standards-based approach to cloud security posture management (CSPM)
Configuration checks
Easily check for misconfigurations with a growing database of community-driven rules
Multi-cloud support
Consolidate policies and flag misconfigurations across AWS, GCP, and Azure
How Sysdig Secure Extends Cloud Custodian
Sysdig Secure leverages Cloud Custodian under the hood for cloud security posture management (CSPM). Get out-of-the-box curated policies based on a growing database of Cloud Custodian rules to quickly assess your security posture. Use Cloud Custodian together with Falco to continuously detect misconfigurations and suspicious activity. Gain visibility into cloud security risk by assessing configurations for risk and then monitor for drift within a single console.
Sysdig Secure for Cloud Security
By unifying the incident timeline and adding risk-based insights, Sysdig reduces the time to detect threats across clouds and containers from weeks to hours. Cloud development teams can see exactly where the attacker started and each step they took as they moved through the environment.
Sysdig provides visual insights across interconnected cloud and container security incidents, prioritized by risk level; reduces alert noise; and provides instant visibility to see the entire cloud attack chain. Classifying incidents based on severity levels allows teams to prioritize what to investigate and respond to first. Teams can then investigate all suspicious activity performed by a user to see the breadth of impact and quickly begin incident response activities.
Sysdig uses open source Falco for cloud security monitoring, and alerts based on continuously inspecting cloud audit logs. It performs the analysis within the user’s cloud account, which protects sensitive data and eliminates costs tied to exporting logs. Currently, there are more than 200 out-of-the-box CloudTrail rules, and the database continues to grow as Sysdig and the community contribute at a rate of 20-50 new rules per month.
Get Involved
Find out more about Cloud Custodian
Contribute
Jump over to the project GitHub repository to contribute to Cloud Custodian.
Project website
Learn more at the project's website
Documentation
Start reading about how Sysdig extends Cloud Custodian.