Runtime Security for containers, cloud and Kubernetes

Protect containers, Kubernetes, hosts and AWS infrastructure, with out of the box policies based on open-source Falco. Automatically trigger response actions and notify the right teams immediately.


Get K8s Security Checklist

Prevent and Detect Threats Based on Falco

Container runtime security

Container runtime security

Enforce least privilege via Kubernetes PodSecurityPolicies. Detect anomalous activity using Falco and automate policies via ML based image profiling. Automatically remediate with response actions.

AWS infrastructure security using CloudTrail

AWS infrastructure security using CloudTrail

Alert on changes to your AWS user permissions, S3 buckets, access keys etc by analyzing CloudTrail logs with Falco.

Host and VM security

Host and VM security

Detect anomalous activity inside hosts and VMs using Falco policies for runtime security.

Falco Runtime Security: Open-source, Community Driven and Flexible Policy Engine

With Falco, you can create detection rules to define unexpected application behavior. These rules can be enriched via context from the cloud provider and Kubernetes environments. Detect policy violations using community-sourced detections, and tune them further to reduce noise.

Sysdig Secure extends the open-source Falco runtime security engine, and saves time creating and maintaining runtime policies.

Prevent, Detect, and Automate Response for Container Threats

A Kubernetes PodSecurityPolicy (PSP) is a threat prevention and enforcement mechanism. But getting the policy right is challenging; if the policy is too permissive, least privilege is lost. If it’s too restrictive, applications break. Generate PSPs automatically with Sysdig Secure, and validate them before you apply them in production with no performance impact.

Save time with out of the box runtime security rules mapped to MITRE ATT&CK framework, NIST and PCI, along with other container/Kubernetes runtime detection policies. Sysdig also ingests Kubernetes API audit logs to alert on who did what inside your cluster.

Avoid writing rules from scratch with ML-based profiling of container images. Sysdig automatically models runtime security behavior by analyzing the activity inside the containers (syscalls, network connections, process, and file activity)

Identifying if a container image has changed at runtime from what was initially approved is challenging. Get real-time visibility with Sysdig to quickly fix configuration drift.

Automatically remediate incidents by triggering response actions, such as:

  • Notifying when a violation occurs
  • Pausing the container to quarantine
  • Killing the container to stop the attack

Detect Threats Using AWS CloudTrail and Open-source Falco

Check configuration on S3 bucket permissions and encryption.

Detect if multi factor authentication (MFA) has been disabled in your AWS account.

Catch any AWS secret keys that are unencrypted.

Secure your Linux hosts and VM workloads

Since the Sysdig agent hooks into the Linux kernel, it has visibility into all syscalls. This data can also be used to detect anomalous activity inside of linux hosts or VM-based workloads running on top of the host.

“We use Sysdig Secure for runtime security to improve our signals that go into the SOC and speed detection and audit workflows in containers.”

Large US Bank Sysdig Customer

Start Free Trial

Sign-Up for a Sysdig Platform, Sysdig Secure or Sysdig Monitor free 30-day trial, no credit card required.