Cloud Workload Protection Platform

Secure containers and serverless workloads across cloud environments. Automate scanning within CI/CD pipelines and registries (ECR, GCR, etc.) and implement runtime scanning. Accurately detect and respond to runtime threats based on Falco. Validate container compliance against PCI, NIST 800-53, SOC2, etc.

Cloud Workload Protection across the Lifecycle

Sysdig Icon - Open Source

Automate pre-deployment and runtime scanning

Scan containers in CI/CD pipelines, registries and at runtime without images leaving your environment.

Sysdig Icon - Runtime Security

Detect threats and
respond to incidents

Detect anomalous activity across cloud workloads with out-of-the-box policies based on Falco.

Sysdig Icon - App Cloud Service Monitoring

Confidently secure
based on open-standards

Maximize coverage of vulnerability checks and detections with community-sourced rules.

Build

Vulnerabilities
Configuration

CI/CD Tools

Sysdig Secure image scanning integrates directly into your CI/CD pipeline and prevents images with vulnerabilities or misconfigurations from being shipped.

Registry

Sysdig Secure container image scanning supports all Docker v2 compatible registries. It ensures an up to date risk posture and identifies images that need to be rebuilt if new vulnerabilities are introduced.

Run

Metrics
Events
Security Policies

Applications

Sysdig provides runtime security, infrastructure and application monitoring to help you ship cloud applications faster to production.

Cloud

Sysdig secures and monitors containers on multiple cloud platforms.

Sysdig ServiceVision enriches container data with the metadata from the cloud providers.

Orchestrator

Sysdig supports any orchestrator, multiple Kubernetes distributions, as well as managed platforms.

Sysdig ServiceVision enriches container data with the metadata from Kubernetes/orchestrators. Sysdig uses the native facilities of Kubernetes for policy enforcement and threat prevention.

Infrastructure

Sysdig ContainerVision provides deep visibility into all container activity via a lightweight instrumentation model that collects low level system call data.

Respond

Alerts
Audit
Logs
Events
Syscall
Captures

Alerts

Configure flexible alerts on image scanning failures, runtime anomalous activity, troubleshooting issues etc through channels you already use (e.g., Slack, PagerDuty, SNS, etc.).

SIEM and SOAR Integrations

Sysdig automatically forwards events to your SIEM tool giving SOC analysts deep visibility into container and Kubernetes incidents. It also integrates with SOAR platforms (Demisto, Phantom) as part of automated security playbooks.

SaaS

Self-hosted

Sysdig Secure DevOps Platform

Confidently run cloud-native workloads in production using the Sysdig Secure DevOps Platform. With Sysdig, you can embed security, validate compliance and maximize performance and availability. The Sysdig platform is open by design, with the scale, performance and usability enterprises demand.

 

Automate CI/CD, registry, and runtime scanning

Automate scanning in your CI/CD pipelines and registries (ECR, GCR, etc.) without images leaving your cloud account. Implement runtime scanning and map vulnerabilities back to your app/dev team.

Automate serverless scanning

Automatically scan serverless containers (i.e. Fargate) without sharing the credentials outside your cloud environment.

Accurately detect runtime threats based on Falco

Save time with out-of-the box curated Falco rules. Enrich rules via context from cloud providers and K8s environments. Detect policy violations using community-sourced detections or tune them further to reduce noise.

Continuously meet
regulatory compliance

Validate container compliance against standards like PCI, NIST, SOC2 and CIS Benchmarks for Kubernetes, and Docker, across the lifecycle of your workloads.

Conduct detailed incident response and forensics

Analyze and audit workload runtime policy violations. Use our forensic captures to investigate, analyze, and recreate activity associated with security events before, during, and after the incident.

Confidently Secure with an
Open-Standards Approach

Continuously protect cloud workloads based on Falco and sysdig oss.

Sysdig SCWW - Confidently Secure with Open Source Standards

Start your free 30-day trial in minutes!

Complete access to all features and functions. No credit card required.

Frequently Asked Questions

Q: What is CWPP?

A: Cloud Workload Protection Platform (CWPP) tools focus on securing workloads, typically providing cloud-based security solutions that protect instances on AWS, Microsoft Azure, Google Cloud Platform (GCP), and other cloud vendors.

Q: What are the key CWPP use cases?

A:

  • Runtime detection: Prevent and detect suspicious behavior at runtime in containers and microservices. Automate response for container threats.
  • System hardening: Detect anomalous activity inside of Linux hosts or VM-based workloads running on top of the host.
  • Vulnerability management: Detect OS and non-OS vulnerabilities from container images stored in CI/CD and registries before deploying to production.
  • Network security: Visualize network traffic inside containers and Kubernetes and enforce Kubernetes-native network segmentation.
  • Compliance: Validate container compliance and ensure File Integrity Monitoring inside containers.
  • Incident Response: Conduct forensics and incident response for containers and Kubernetes even after the container is gone.

Q: How are CWPP tools deployed?

A: CWPP tools are typically agent-based. Sysdig agent lives on the hosts being monitored and collects the appropriate data and events.

Q: What is the difference between CWPP and CSPM?

A: Cloud Workload Protection (CWPP) revolves around securing workloads running in the cloud, while Cloud Security Posture Management (CSPM) protects cloud services (i.e. cloud storage, managed databases, load balancer services, multi-factor authentication). Both focus on protecting sensitive data in the cloud.