Scale Cloud Custodian for CSPM with Sysdig Secure

Sysdig Secure extends Cloud Custodian to continuously manage cloud security posture

Start Free

NEW!! June 14 | FIND, FOCUS, and FIX the Cloud Threats that Matter with Accenture, AWS, Expel, Snyk, Sysdig and SANS

Learn More

Cloud Custodian

What Is Cloud Custodian?

Cloud Custodian is an open-source rules engine for cloud configuration management. It is a Cloud Native Computing Foundation® (CNCF®) Sandbox project. Sysdig Secure uses the Cloud Custodian project to offer Cloud Security Posture Management (CSPM) for AWS, Azure and GCP. Using Cloud Custodian under the hood, Sysdig continuously manages cloud configuration risks, such as cloud misconfigurations and compliance violations.

Benefits of Cloud Custodian

Check Mark

Open source

Accelerate innovation by adopting an open standards-based approach to cloud security posture management (CSPM)

Check Mark

Configuration checks

Easily check for misconfigurations with a growing database of community-driven rules

Check Mark

Multi-cloud support

Consolidate policies and flag misconfigurations across AWS, GCP, and Azure

How Sysdig Secure Extends Cloud Custodian

Sysdig Secure leverages Cloud Custodian under the hood for cloud security posture management (CSPM). Get out-of-the-box curated policies based on a growing database of Cloud Custodian rules to quickly assess your security posture. Use Cloud Custodian together with Falco to continuously detect misconfigurations and suspicious activity. Gain visibility into cloud security risk by assessing configurations for risk and then monitor for drift within a single console.

Sysdig CSPM - Discover Assets

Read more about Continuous Cloud Security

Sysdig Secure for Cloud Security

By unifying the incident timeline and adding risk-based insights, Sysdig reduces the time to detect threats across clouds and containers from weeks to hours. Cloud development teams can see exactly where the attacker started and each step they took as they moved through the environment.

Cloud Risk Insights

Sysdig provides visual insights across interconnected cloud and container security incidents, prioritized by risk level; reduces alert noise; and provides instant visibility to see the entire cloud attack chain. Classifying incidents based on severity levels allows teams to prioritize what to investigate and respond to first. Teams can then investigate all suspicious activity performed by a user to see the breadth of impact and quickly begin incident response activities.

CSPM Reports

Sysdig uses open source Falco for cloud security monitoring, and alerts based on continuously inspecting cloud audit logs. It performs the analysis within the user’s cloud account, which protects sensitive data and eliminates costs tied to exporting logs. Currently, there are more than 200 out-of-the-box CloudTrail rules, and the database continues to grow as Sysdig and the community contribute at a rate of 20-50 new rules per month.

Out-of-the-box Threat Detection

Cloud Risk Insights

By unifying the incident timeline and adding risk-based insights, Sysdig reduces the time to detect threats across clouds and containers from weeks to hours. Cloud development teams can see exactly where the attacker started and each step they took as they moved through the environment.

Cloud Risk Insights

CSPM Reports

Sysdig provides visual insights across interconnected cloud and container security incidents, prioritized by risk level; reduces alert noise; and provides instant visibility to see the entire cloud attack chain. Classifying incidents based on severity levels allows teams to prioritize what to investigate and respond to first. Teams can then investigate all suspicious activity performed by a user to see the breadth of impact and quickly begin incident response activities.

CSPM Reports

Out-of-the-box threat detection

Sysdig uses open source Falco for cloud security monitoring, and alerts based on continuously inspecting cloud audit logs. It performs the analysis within the user’s cloud account, which protects sensitive data and eliminates costs tied to exporting logs. Currently, there are more than 200 out-of-the-box CloudTrail rules, and the database continues to grow as Sysdig and the community contribute at a rate of 20-50 new rules per month.

Out-of-the-box Threat Detection

Get Involved

Find out more about Cloud Custodian

Sysdig Monitor

Contribute

Jump over to the project GitHub repository to contribute to Cloud Custodian.

Contribute
Sysdig Monitor

Project website

Learn more at the project's website

Explore Now
Sysdig Monitor

Documentation

Start reading about how Sysdig extends Cloud Custodian.

Read More