Sysdig Introduces Sysdig Secure 3.0: The Industry’s First Kubernetes-Native Threat Prevention and Incident Response Tool

NOVEMBER 13, 2019


New features enable enterprises to deploy securely, block threats at runtime, and quickly triage alerts

SAN FRANCISCO — Nov. 13, 2019 — Sysdig, Inc., the secure DevOps leader, today announced Sysdig Secure 3.0. This is the industry’s first tool to provide enterprises with threat prevention at runtime using Kubernetes-native Pod Security Policies (PSP). PSPs are controls in Kubernetes that define the security conditions pods must follow in order to run. Sysdig Secure 3.0 also includes the first incident response and audit tool for Kubernetes, giving enterprises the ability to reconstruct historical system activity. Enabling these capabilities are three new features: Kubernetes Policy Advisor, Falco Tuning, and Activity Audit. This release focuses on securing Kubernetes environments throughout the entire lifespan — detecting vulnerabilities and misconfigurations during the build phase, blocking threats without impacting performance during the run phase, and enabling incident response, forensics, and audit.

On Nov. 13 at 10AM PT, Sysdig will host a Sysdig Secure 3.0 event online. Janet Matsuda, Sysdig CMO, and Knox Anderson, Sysdig Director of Product, will dig into the new Sysdig Secure 3.0 features and share best practices for securing Kubernetes in production. The VP of engineering at a global investment bank will also discuss how they run containers at scale.

Blog: Sysdig Secure 3.0 introduces native prevention and incident response for Kubernetes

Kubernetes is the de facto operating system of cloud; however, as organizations move workloads into production, security and visibility are the biggest barriers. Traditional tools and processes do not provide visibility with context for Kubernetes environments. Additionally, traditional roles are shifting as security is embedded across the build, run, and respond phases of the application lifecycle. In order to ensure secure and compliant containerized applications, enterprises are moving away from siloed functions and introducing a secure DevOps workflow.

A recent report by Doug Cahill, Senior Analyst and Group Director covering cybersecurity at Enterprise Strategy Group, found that 66 percent of cybersecurity professionals expect to have adopted DevSecOps, also known as a secure DevOps approach, within the next two years. The report also found that half of the respondents expect their organization will consolidate controls by leveraging suites and platforms procured from a smaller set of vendors.1

Cahill concludes in the report that security needs to be a shared responsibility amongst everyone, which ultimately redefines development, security roles, processes, and technology. “Businesses are shifting from product and organizational silos to an integrated and unified approach, with increased involvement of the cybersecurity team. To enable [this] approach, buyers require solutions that secure the build-ship-run lifecycle and the entire technology stack, independent of deployment locality,” said Cahill. “The most important attributes of products used to secure cloud-native apps include a rich set of pre-deployment capabilities, runtime capabilities, and support across a mix of server workload types, with flexible deployment options.”

Key Features of Sysdig Secure 3.0

Kubernetes Policy Advisor introduces first runtime prevention tool

The time and expertise needed to manually configure security policies often result in costly misconfigurations. With the Kubernetes Policy Advisor, Sysdig Secure auto-generates Pod Security Policies (PSP) to significantly decrease the time spent configuring security. Strict security policies reduce risk, but can also break applications. Sysdig validates policies through simulations, enabling teams to adjust misconfigurations before shifting to production. By leveraging Kubernetes Policy Advisor to create these PSPs, DevOps teams have validated policies that can be enforced using native controls to prevent threats. This saves time and ensures a more secure environment.

Sysdig generates the policies and the Kubernetes platform manages enforcement, ensuring performance is not impacted. Tools that tamper with the container infrastructure, modify the host binaries and container images. These modifications can introduce security risks, which have the potential to significantly impact performance.

Falco Tuning reduces noise generated by false positives

Sysdig Secure is built on Falco, an open source Kubernetes runtime security project that was originally started by Sysdig and since Oct. 2018, it has been a CNCF® Sandbox Project. DevOps teams define security rules for pods using Falco syntax and receive alerts when rules are violated. Sysdig Secure extends Falco’s rich detection for easier security policy management. DevOps teams can reduce the noise from false positives by leveraging Sysdig Secure’s Falco Tuning capabilities. Falco Tuning analyzes recurring events and suggests changes to policies that reduce redundant alerts.

Activity Audit is the first Kubernetes-native tool for incident response

More than fifty percent of containers live less than five minutes; therefore, incident response in Kubernetes hinges on having access to forensics data that enables DevOps and security teams to quickly respond to security threats.

With Activity Audit, Sysdig Secure captures container activity, including commands, network connections, and Kubernetes API events, and correlates the information with application context and users or services from Kubernetes. SOC teams can search and filter this data for alert triage — to determine the cause of the anomaly — and for incident response. This also provides an audit logging process, a common requirement for Service Organization Control 2 (SOC 2), Payment Card Industry (PCI), International Organization for Standardization (ISO), and Health Insurance Portability and Accountability Act (HIPAA) compliance. With Sysdig Secure, enterprises have the ability to capture all activity information into a capture file for forensics, even if the container no longer exists, making Sysdig Secure the only Kubernetes incident response and audit solution available today.1 

“When operating containers, the only way to manage risk without slowing down the CI/CD pipeline is to embed security and compliance across the entire Kubernetes lifecycle,” said Suresh Vasudevan, Sysdig Chief Executive Officer. “Kubernetes has the ability to be more secure than VMs, but there are certain security and visibility elements enterprises must address, which includes adopting Kubernetes-native tools and a secure DevOps approach.”

Sysdig Secure combines Kubernetes application context with data from multiple sources to provide security from deployment through response. With Sysdig, enterprises can embed security, maximize availability, and validate compliance. Sysdig Secure is part of the Sysdig Secure DevOps Platform, which enables enterprises to confidently run cloud-native workloads in production. The Sysdig platform is open by design, with the scale, performance, and usability enterprises demand.


Sysdig Secure 3.0 will be available next week to all Sysdig Secure and Sysdig Secure DevOps Platform SaaS customers.

Upcoming Shows

Stop by Sysdig’s booth for demonstrations by company experts, the Sysdig open source team, and Sysdig customers.

KubeCon + CloudNativeCon 2019, San Diego, Nov. 18-21; Booth P33
Click here for a full list of Sysdig talks and sponsored activities.

AWS re:Invent 2019, Las Vegas, Dec. 2-6, 2019; Booth 3813
Click here for a full list of Sysdig talks and sponsored activities. 

Popular resources

Media Contact

Amanda McKinney, 280blue, Inc.
[email protected] 

1ESG White Paper, Leveraging DevSecOps to Secure Cloud-native Applications, August 2019

Sysdig Logo

In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights and open source Falco. Sysdig, rated #1 for CSPM in the Gartner Peer Insights “Voice of a Customer” report, correlates signals across cloud workloads, identities, and services to uncover hidden attack paths and prioritize real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation.

Sysdig. Secure Every Second.