Runtime Security for Containers, Cloud and Kubernetes

Secure containers, CaaS (AWS Fargate), Kubernetes, hosts and cloud infrastructure with out-of-the-box policies based on open source Falco.

Start Trial

Prevent and Detect Threats Based on Falco

Container runtime security

Container and CaaS runtime security

Detect threats across containers and Fargate tasks. Automate policies via ML-based image profiling. Automatically remediate with response actions.

AWS infrastructure security using CloudTrail

Cloud threat detection

Alert on changing permissions of IAM users and resources, storage buckets, access keys, etc. by analyzing cloud activity audit logs (AWS CloudTrail, GCP audit logs) with Falco.

Host and VM security

Host and VM security

Detect anomalous activity inside hosts and VMs using Falco policies for runtime security.

Falco Runtime Security: Open-source, Community Driven and Flexible Policy Engine

Falco Runtime Security

With Falco, you can create detection rules to define unexpected application behavior or suspicious cloud activity. These rules can be enriched via context from the cloud provider and Kubernetes environments. Detect policy violations using community-sourced detections, and tune them further to reduce noise.

Sysdig Secure extends the open-source Falco runtime security engine, and saves time creating and maintaining runtime policies.

Leverage out-of-the-box detection policies

Save time with our rules mapped to MITRE ATT&CK framework, NIST and PCI, along with other container/Kubernetes runtime detection and cloud security threat policies. Sysdig also ingests Kubernetes API audit logs to alert on who did what inside your cluster.

Detect cloud threats using activity logs

Detect risky behavior across accounts, users, and workloads. For example, be alerted if a user without MFA logs into your cloud account and performs malicious actions.

Detect and Respond to Fargate Runtime Threats

Detect suspicious activity and conduct incident response for AWS Fargate. Capture detailed activity, including commands, network connections, and file activity.

Save time with ML-based profiling

Avoid writing rules from scratch of container images using Machine Learning-based profiling. Sysdig automatically models runtime security behavior by analyzing the activity inside the containers (syscalls, network connections, process, and file activity).

Secure your Linux hosts and VM workloads

Since the Sysdig agent hooks into the Linux kernel, it has visibility into all syscalls. This data can also be used to detect anomalous activity inside of linux hosts or VM-based workloads running on top of the host.

Enable auto-remediation

Automatically remediate incidents by triggering response actions, such as:

  • Notifying when a violation occurs
  • Pausing the container to quarantine
  • Killing the container to stop the attack

“We use Sysdig Secure for runtime security to improve our signals that go into the SOC and speed detection and audit workflows in containers.”

Large US Bank Sysdig Customer

Start your free 30-day trial in minutes!

Complete access to all features and functions. No credit card required.