Sysdig Supports Serverless Computing with Google Cloud Run for Anthos

NOVEMBER 14, 2019

SHARE:

Facebook logo LinkedIn logo X (formerly Twitter) logo

As a launch partner, Sysdig ensures enterprises can secure serverless workloads in production

SAN FRANCISCO — Nov. 14, 2019 — Sysdig, Inc., the secure DevOps leader, today announced support for Google Cloud Run for Anthos as a launch partner. Cloud Run is a serverless compute platform that automatically scales stateless containers. Anthos, which Sysdig was a launch partner for in April 2019, is a managed Kubernetes offering that enables enterprises to run and manage workloads across multiple clusters, clouds, and hardware — including managing environments that mix public clouds and on-premises hardware. With the Sysdig integration, cloud, DevOps, and security teams have the security, control, and auditing capabilities needed to confidently run cloud-native workloads in production, including serverless applications.

Cloud Run for Anthos abstracts away all infrastructure management — provisioning, configuring, and managing servers and the serverless framework — so developers can focus on building applications without having to worry about the platform. With the general availability of Cloud Run, announced today, enterprises are able to run Functions as a Service (FaaS), a serverless way to execute modular pieces of code on the edge, packaged as containers. As a launch partner for Google Cloud Run, Sysdig and Google Cloud have tested and validated that the Sysdig Secure DevOps Platform supports Cloud Run serverless environments in Anthos and Google Kubernetes Engine (GKE).

The ability to scale services up and down within seconds on serverless environments presents visibility and security challenges that render legacy tools ineffective. Sysdig provides the secure DevOps capabilities enterprises need to successfully run containers on Kubernetes and serverless platforms.

Blog: Securing Google Cloud Run for Anthos

“Cloud Run gives enterprises the best of both worlds. They have the simplicity of a serverless platform with the portability of containers. Whether enterprises are running microservices in Google Cloud, the private cloud, on-prem, or a mix, Sysdig enables enterprises to embed security, maximize availability, and validate compliance,” said Suresh Vasudevan, Sysdig Chief Executive Officer. “As enterprises continue to adopt new cloud-native architectures, we are here with the tools they need to consistently operate secure and reliable containers in Kubernetes and serverless frameworks.”

Key benefits of the Sysdig integration with Cloud Run

Serverless vulnerability scanning: As the number of serverless images, along with the number of image versions and builds proliferate, the ability to control what software is being used and whether software updates are being applied is lost. Sysdig Secure allows enterprises to scan for image vulnerabilities during the delivery pipeline or from container registries, enabling faster vulnerability identification and remediation.

Runtime security for serverless on Kubernetes: While many security concerns can be addressed pre-deployment, there are code injection techniques or serialization attacks that can happen during the short time containers are active that aren’t preventable during the build and deployment stages. During runtime, Sysdig can detect and alert on abnormal behavior, and automatically block threats.

Security policies ensure protection at runtime, but creating these policies can be tedious. With Sysdig’s out-of-the-box policies library and editor, teams have the ability to leverage application context to understand the role of each function and apply the right security policy. This saves time and ensures a secure environment.

Auditing, incident response and forensics: In a serverless, autoscaled-on-demand environment where containers are constantly replaced and disappear, visibility and security are major challenges. If something occurs inside a serverless container, by the time it needs investigation, Kubernetes has killed off the container along with its data. Sysdig Secure captures container activity, including commands and network connections, and correlates the information with application context from Kubernetes. Additionally, DevOps teams can capture all activity information into a capture file for incident response, forensics and audit, even if the serverless function has finished and the container no longer exists.

An open by design approach to serverless Cloud Run is based on Knative, an open source project created by Google with over 400 contributors associated with over 80 different companies. Knative is an open API and runtime environment built on Kubernetes. Confident that open source-based platforms like Cloud Run will standardize the modern stack, Sysdig has heavily invested in open source technologies, including introducing an open source engineering team in August. Sysdig has created multiple open source tools, including Falco, the open source Kubernetes runtime security project started by Sysdig and donated to the CNCF®. When using Sysdig Secure DevOps Platform and Google Cloud Run together, enterprises know they have a security solution that is open by design, with the scale, performance, and usability enterprises demand.



Availability

Sysdig is available now to Anthos and Cloud Run users. The Sysdig Secure DevOps Platform and Falco are available on GCP Marketplace



Learn more about how Sysdig makes serverless a possibility

KubeCon + CloudNativeCon 2019, San Diego, Nov. 18-21
Stop by Sysdig’s booth P33 for demonstrations by company experts, the Sysdig open source team, and Sysdig customers. Click here for a full list of Sysdig talks and sponsored activities. 

Popular resources



Media Contact

Amanda McKinney, 280blue, Inc.
[email protected] 

Sysdig Logo

In the cloud, every second counts. Attacks unfold in minutes and security teams must protect the business without slowing it down. Sysdig, the leader and outperformer in the “2024 GigaOm Radar for Cloud-Native Application Protection Platforms (CNAPPs),” stops cloud attacks in seconds and instantly detects changes in risk with real-time insights and open source Falco. Sysdig Sage™, the industry’s first AI cloud security analyst, uplevels human response and enables security, developers, and DevOps to work together, faster. By correlating signals across cloud workloads, identities, and services, Sysdig uncovers hidden attack paths and prioritizes real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation.

Sysdig. Secure Every Second.