Container Security with Sysdig Secure

Image Scanning

Since software today is assembled and not built from scratch, your developers pull open-source base images and third-party libraries to build and scale containerized applications. Dig deeper into 12 image scanning best practices you can adopt in production.

Sysdig Secure’s container security software prevents known vulnerabilities early by integrating scanning into the CI/CD pipelines and registries. It also flags newly identified vulnerabilities at runtime, maps them back to specific applications, and identifies the team that needs to fix them. Use Sysdig’s out-of-the-box Docker security scanning rules that save time by finding high severity OS and non-OS vulnerabilities, misconfigurations, and security bad practices.

Runtime Security

Another critical container security requirement is the ability to detect and alert on malicious activity at runtime, including:

• Exploits of unpatched or new zero-day vulnerabilities
• Insecure configurations
• Leaked or weak credentials
• Insider threats

With open source Falco, you can create flexible detection rules to define unexpected behavior inside containers. These rules can be enriched via context from the cloud provider and Kubernetes environments. Your teams can leverage rich community-sourced detections instead of creating policies from scratch. Then, you can alert by plugging Falco into your current security response workflows and processes.

Sysdig Secure is a container security platform that scales and extends the open-source Falco engine, and saves time creating and maintaining runtime detection policies. It uses machine learning to automatically profile container images so you can avoid writing rules from scratch.

Continuous Compliance

Container compliance is a key requirement to check off before deploying to production. The most common challenges we hear from DevOps teams in validating container compliance are:

• Unable to map compliance standards to specific controls in cloud environments
• Don’t understand their compliance progress or whether they would pass an audit
• Don’t know which teams are responsible for which compliance controls
• No ability to show proof of compliance within the container environments

All of these compliance tasks take up time and resources, and ultimately slow down application deployment. Sysdig Secure maps compliance standards (e.g., PCI, NIST, SOC2) to specific controls for container and Kubernetes environments. On-demand assessments, dashboards, and reports make it easier to pass third-party audits. Learn more about how to continuously validate container compliance against standards like PCI, NIST, and SOC2 across the lifecycle of containers and Kubernetes.

Incident Response

When conducting incident response, answering the “why” questions is particularly tricky because of the distributed and dynamic nature of container and Kubernetes environments. Your teams need to strike a balance between defining precise runtime policies and not drowning in a sea of alerts.

Recognizing the root cause of a malicious event inside a container requires your container security tool to provide detailed evidence. Sysdig provides comprehensive forensics data by tapping into linux syscalls that are essential for a full post-mortem analysis, even after the container is gone. This low-level data allows you to answer the tough questions around what files were touched, commands run, connections made, and more. Learn how to record a snapshot of pre- and post-attack activity inside containers, and conduct deep incident response and forensics.