Latest Sysdig Secure release offers advanced Kubernetes auditing, compliance, and service-based access control.
SEATTLE – KubeCon + CloudNativeCon North America 2018. December 12, 2018 – Sysdig, Inc., the cloud-native intelligence company, today announced new features for Sysdig Secure, part of the Sysdig Cloud-Native Intelligence Platform. The Sysdig platform is the only unified platform on the market that provides cloud-native security, monitoring, and forensics. Today’s enhancements add advanced Kubernetes auditing and vulnerability management, service-based access control, and security analytics, along with simplified compliance to give users a complete view of the health and risk profiles of their container environments.
With the introduction today of Sysdig Secure 2.2, Sysdig continues to provide enterprise customers, like Cota Healthcare, Sunrun, and Quby, the ability to detect behavioral anomalies across their entire infrastructure. Sysdig Secure is built on the same core instrumentation as the open source Sysdig project, Falco, which was included as a CNCF Sandbox project in October.
Sysdig Secure 2.2 blog, “Introducing Sysdig Secure 2.2 – Kubernetes Auditing, Compliance, and Access Control”
“Modern infrastructures drastically increase the number of moving parts, creating a bigger surface area for attackers to exploit. It can be a nightmare for security professionals, but it doesn’t have to be,” said Knox Anderson, Product Manager, Sysdig. “With the latest features announced today for Sysdig Secure, enterprises have enhanced visibility, answering the questions of, ‘who is doing what within Kubernetes.’”
With the Sysdig Cloud-Native Intelligence Platform, enterprise customers are able to monitor, secure, and troubleshoot without needing to instrument individual containers or configure exporters. By using a single point of instrumentation to unlock a completely new source of data, Sysdig provides visibility into containers and microservices with the least amount of burden on the environment.
Sysdig Secure 2.2 Features
- Kubernetes Audit Events – Adds new detections based on audit data from the Kubernetes API
Sysdig is the first cloud-native security provider to tap the recently released Kubernetes Audit Policy, creating an additional feed of events to monitor. Virtually all cluster management tasks are done through the API server; therefore, the audit log contains all changes made to the cluster. By tapping the kube-apiserver, Sysdig can alert administrators of suspicious and notable behavior. These alerts help users quickly identify incidents that could negatively impact the business and lets operators answer who did what, where, and when.
- Sysdig Teams – Service-based access control
Sysdig Secure 2.2 introduces service based access control, providing customized reports and dashboards that give users access to only the information that is pertinent to them. The ability to control team privileges to hosts, namespaces, clusters, and deployments, exposes information only to those who need it, making it easier to respond to incidents and adding another layer of security by limiting exposure to information outside the scope of individual teams.
- Kubernetes Vulnerability Management – Admissions controller image validation
Sysdig Secure 2.2 has added the ability to natively integrate with Kubernetes admission controllers. Through mutating webhooks, Kubernetes can authenticate with Sysdig Secure to prevent unscanned or vulnerable images from being deployed on a cluster. This non-intrusive approach allows organizations to validate images at the Kubernetes level rather than container runtime.
- Service Oriented Compliance – Leveraging Kubernetes labels to improve operations and reporting
With the introduction of Kubernetes resource-specific scheduling of CIS Compliance Benchmarks, Sysdig Secure 2.2 further eases the pain of measuring and enforcing compliance across a distributed environment. Scoping enables users to limit scans to specific Kubernetes resources, which saves time by limiting compliance checks to the logical entities that are important to auditors.
- Security Analytics – Integrating metrics for a full view
For users who pair Sysdig Monitor with Sysdig Secure 2.2, they have access to more than 90 new metrics that are sent to the Sysdig platform. By viewing Sysdig Secure metrics with the Sysdig Monitor data on the same dashboards, enterprises gain visibility into the performance, health, compliance, and security posture of their environment on a single dashboard.
Sysdig Secure is available as a standalone technology or as a part of the unified Sysdig Cloud-Native Intelligence Platform, which includes Sysdig Monitor. Sysdig Secure 2.2 is now available to all customers.
Sysdig Secure at KubeCon + CloudNativeCon
Sysdig is currently demoing the Sysdig Cloud-Native Intelligence Platform at KubeCon + CloudNativeCon North America 2018 booth #P14.
IBM CLOUD MONITORING WITH SYSDIG
Who: Eric Carter, Director of Product Marketing at Sysdig
Shadi Albouyeh, Offering Manager at IBM Cloud
When: Session 1 – Tuesday, Dec. 11; 1:30pm
Session 2 – Tuesday, Dec. 11; 6:45pm
Where: IBM mini-theater
Who: Loris Degioanni, CTO and Founder of Sysdig
When: Tuesday, Dec. 11; 3:40pm
Where: Room 615-617
DEEP DIVE: FALCO
Who: Mark Stemm, Senior Security Engineer at Sysdig
When: Thursday, Dec. 13; 3:40pm
Where: Room 615-617