Sysdig Secure 2.0 Improves Container Security Capabilities

At DockerCon 18, Sysdig updates its container security platform with new compliance and security analytics features.

Sysdig Secure 2

SAN FRANCISCO—Sysdig announced version 2.0 of its Secure platform on June 13, providing organizations with new capabilities that go beyond the container runtime to help secure cloud-native application deployments.

Sysdig Secure 2.0 adds vulnerability management, compliance and security analytics on top of the platform's existing container runtime security features. The new product release was announced at DockerCon 18 here, where Sysdig is one of a number of container management and security vendors that are exhibitors at the event.

"One of the most important use cases that we heard from our customers is the need for vulnerability management, the ability to peer into developers' software at build time and look for known vulnerabilities before that code ever gets to production," Apurva Davé, chief marketing officer and vice president of customer success at Sysdig, told eWEEK. "After finding those issues, we can alert operators, fail builds and block code from going into production."

Version 1.0 of the Sysdig Secure platform focused on runtime security and was largely based on the open-source Sysdig Falco project, Davé said. With the first release, he said Sysdig provided organizations with a way to set up policies to detect, block and audit both user activity and application activity. With Secure 2.0, Sysdig is expanding into more use cases with the expanded feature set, he said.

A foundational element of Sysdig Secure 2.0 is what the company calls the Sysdig Cloud-Native Intelligence Platform. The platform includes a host-based agent, which can automatically see all containers, apps and processes without the need for an individual to do all the configuration, according to Davé. 

"As opposed to using sidecars or code injection, we instrument the kernel in a high-performance, non-blocking manner that we think is more efficient and better fits the container model," he said. "This method is simultaneously seeing all performance metrics, like Prometheus metrics, statsd metrics and host performance metrics, and security events, like a human opening a shell inside a container or a database opening an outbound connection."

The Sysdig Cloud-Native Intelligence Platform back end processes and stores all the collected data, performs anomaly detection and triggers alerts when systems see any configuration drifts or potential compromises, Davé said.

"With one point of instrumentation, we give users access to far more data than they would get with other approaches, whether that’s from a monitoring or a security context," hesaid.


"Beyond understanding software vulnerabilities, the CISO needs to know that the environment has been configured and is operating correctly to meet all appropriate compliance regulations," Davé said. "We've extended our instrumentation approach so that it can run scheduled compliance checks on the applications, containers and hosts." 

Davé said that Sysdig Secure works with many compliance regimes and currently has more than 200 base compliance checks. He added that Sysdig has also built a flexible engine that allows companies to easily create their own custom compliance controls. Looking forward, Davé said that his company has a robust roadmap for the continued evolution of Sysdig Secure.

"We're thinking very heavily about DevSecOps and the integrated experience to deliver code faster," Davé said. "In short, we want to take our rich data and expose it to each stakeholder in the organization in a way that lets them know how their cloud-native environment is operating."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.