Runtime Security

Runtime Security for Kubernetes with Sysdig Secure

Start Free Trial

Prevent and Detect Threats

Manage cloud security risk at runtime across cloud-native applications and infrastructure. Sysdig Secure provides granular visibility into container and Kubernetes data along with automated anomaly detection, prevention, and incident response.

Prevent threats

Prevent threats using
Kubernetes native controls

Enforce least privilege access by automatically generating and validating Kubernetes Pod Security Policies (PSP) to prevent threats without performance impact

Machine based learning icon

Detect and remediate container security threats

Automate policy creation and maintenance with machine-learning-based runtime security profiles. Remediate with automated responses to malicious activity

security icon

Continuously monitor the container runtime environment

Get deep visibility into containers, network, filesystem, application, and system activity with no invasive instrumentation, leveraging Sysdig’s eBPF kernel technology

Prevent Threats with Kubernetes Native Controls

Implementing Kubernetes Pod Security Policies (PSP) is challenging; too permissive a policy and least privilege is lost; too restrictive a policy and applications break. Sysdig Secure auto-generates a restrictive PSP from the pod specs in the deployment definition of a YAML file. This process allows you to significantly decrease the time spent on configuring policies for container runtime security.

The Sysdig Secure Kubernetes Policy Advisor validates policies before enforcement, ensuring that they do not break application functionality. DevOps can tweak the policy for optimal runtime security permissions with the confidence that policies will work before deploying.

Sysdig Secure - Runtime Security
Sysdig Secure - Runtime Security

Sysdig Secure leverages Kubernetes-native controls for Kubernetes detection and prevention via policy enforcement and threat prevention (e.g., Istio, k8s admissions controllers, k8s network policies and pod security policies (PSPs)). This streamlined approach doesn’t modify the container infrastructure and has no performance impact.

Detect and Remediate Container Runtime Security Threats

Sysdig Secure extends the open-source Falco detection engine to secure the full Kubernetes lifecycle. Use the Sysdig-curated and supported rules library (out of the box and customized rules) to implement threat detection and prevention in containers (e.g., detecting /bin or /etc writes, Kubectl Exec or Docker Exec) quickly and effectively.

Sysdig Secure extends the open-source Falco detection engine to secure the full Kubernetes lifecycle. Use the Sysdig-curated and supported rules library (out of the box and customized rules) to implement threat detection and prevention in containers (e.g., detecting /bin or /etc writes, Kubectl Exec or Docker Exec) quickly and effectively.

Sysdig Secure - Runtime Security
Sysdig Secure - Runtime Security

Sysdig Secure uses automation and tuning of rules based on profiling behavior to increase accuracy and response to policy violations, including:

  • Notifying when a violation occurs
  • Pausing the container to quarantine
  • Killing the container to stop the attack

You can speed up incident response for Kubernetes by embedding Sysdig Secure in your existing alerting and response workflows. Use the tools you love:

  • notification channels (Slack, SNS, JIRA, email, PagerDuty, etc.)
  • SIEM tools (Splunk, Google Cloud SCC)
  • SOAR platforms (Demisto, Phantom)
  • or leverage webhooks to forward the event into a Pub/Sub message broker
Sysdig Secure - Runtime Security

Continuously Monitor the Container Runtime Environment

As workloads move to production, teams are often flying blind. For example, is a CPU metric spike indicative of a crypto mining or DOS attack, or something innocuous? Visualize your runtime environment using security dashboards built on granular data enriched with cloud/Kubernetes context.

Runtime combine monitor and secure
Runtime configuration drift

Controlling changes from the original image that security approved is a significant challenge.Configuration drift increases the chance of lateral movement (e.g., altered RBAC settings) and other runtime security threats. Sysdig Secure provides DevOps and security real-time visibility to quickly fix configuration drift.

DevOps and security cannot secure what they cannot see. Taking advantage of the latest eBPF kernel technology, Sysdig Secure’s agent instruments your nodes with runtime security visibility and forensics. See what’s happening inside your virtual machines, cloud instances and containers, without tampering with container images.

Runtime visibility

“We used Sysdig Secure to improve our signals that go into the SOC and speed detection and audit workflows in containers.”

Large US Bank Sysdig Customer

Start Free Trial

Sign-Up for a Sysdig Platform, Sysdig Secure or Sysdig Monitor free 30-day trial, no credit card required.