Virtualization Technology News and Information
Sysdig Introduces Runtime Profiling and Anomaly Detection with Machine Learning to Secure Kubernetes Environments at Scale
Sysdig, Inc., the cloud native visibility and security company, today announced new features for Sysdig Secure, including runtime profiling and anomaly detection with machine learning capabilities. The company also announced Falco Rule Builder, a new flexible user interface (UI) to create runtime security policies, which directly integrates into Sysdig Secure. Sysdig Secure is part of the Sysdig Cloud Native Visibility and Security Platform (VSP), the first and only unified view of the risk, health, and performance of Kubernetes environments. The new features give Sysdig customers deeper visibility into metadata and telemetry data versus only analyzing behavioral patterns of container images, making cloud environments more secure and enterprise scaling a reality. 

The Global 2000 recognize the advantages that come with cloud native and are rapidly making the move to containers, Kubernetes, and microservices. Gartner Distinguished Vice President (VP) Analyst Arun Chandrasekaran predicts, "By 2022, more than 75% of global organizations will be running containerized applications in production, which is a significant increase from fewer than 30% today." Yet, DevOps and security teams tasked with translating cloud-native architectures into operational reality struggle with ensuring reliable, secure, performant applications, especially at scale.

As enterprises move applications into production, the scale, complexity, and elasticity of these modern environments makes it impossible to manually configure every security feature, especially in real time as containers and vulnerabilities change. Human error when configuring hundreds or thousands of containers is inevitable. According to Gartner Distinguished VP Analyst Neil MacDonald, "Most successful security breaches and operational outages have a root cause of misadministration, mismanagement, and mistakes." 

"With the latest enhancements to Sysdig Secure, we continue to make the transition to a Kubernetes environment as seamless, secure, and easy as possible for enterprise customers," said Loris Degioanni, chief technology officer and founder of Sysdig. "Sysdig is the only platform that addresses key challenges associated with building and maintaining a robust security runtime policy at scale. With machine learning, Sysdig understands all of the container and environment data, can learn the behavior, and generate a runtime profile that can be adapted based on the container and environment, with the end result being detection and response to anomalies in real time."

Runtime profiling with machine learning

The latest updates to Sysdig Secure uses Sysdig's syscall-level integration to gain deep insights into container runtime activity. Within 24 hours of the image being profiled, enterprises have a learned container profile and insight into all process and file system activity, networking behavior, and system calls. After the model is built, DevOps and security teams can use the learned profile snapshot to create a policy set that can be applied to container images automatically, providing a scalable runtime defense for large-scale environments. Sysdig has given security and DevOps teams their time back by eliminating the time spent with other tools manually creating and managing multiple profiles, especially when containers change or are hacked, both of which could take a security professional hours, if not days to update affected policies. With machine learning-based profiling, environments are less susceptible to human error and enterprises are left with a more complete view of the environment.

Sysdig Secure now includes confidence levels - low, medium, and high - auto-generated from the runtime profiling, giving security teams transparency and assurance into the container behavior opposed to blindly applying black box auto-generated profiles. Enterprise teams are left with a better understanding of what has been learned, how it is being learned, and how accurate that baseline was.

Falco Rule Builder and library = collaboration + flexibility

The Falco Rule Builder, a new flexible Falco UI that integrates with Sysdig Secure, enables enterprises to visually interact with the Falco engine to create new customized policies that can be applied to both hosts and containers based on their security and governance requirements without having to have deep technical knowledge of Falco expressions and filtering commands. Runtime rules can be scoped and filtered to any aspect of the environment, such as a particular namespace, pod, or container, and managed at scale. 

The Falco Rule Library enables enterprises to adopt rules created by open source community members. As a Cloud Native Computing FoundationĀ® Sandbox project, Falco has attracted a wide community that has created and compiled rules. Sysdig's open source team regularly hardens community rules to ensure all rules meet enterprise-grade standards. With the Falco Rule Library, policies can be easily adopted by enterprises without having to spend time building the rules themselves.

Additional container vulnerability management features available today in Sysdig Secure:

  • Sysdig Vulnerability Reporter: 
    • Ability to create custom vulnerability queries across all images, packages, and common vulnerability and exposures (CVE), as well as advanced conditions, including CVE age, fix, package version, and more.
    • Reporting in both PDF/CSV formats.
  • New alert mechanism to notify changes in images, policies or CVE exposures via Slack, PagerDuty, email, and more.
  • New scan results UI:
    • Interactive and sortable scan results, including sorting by vulnerability risk level.
    • Ability to view a summary of all policies an image was compared against, understand failures and vulnerabilities, including specific OS and non-OS package checks, and image contents.

Sysdig is the first step in evaluating Docker images for security, compliance, and reliability before deploying images to production. Sysdig Secure integrates with the CI/CD pipeline, including Jenkins, making it easier for organizations to adopt continuous delivery processes by enabling security teams to proactively address risk in applications before they are deployed in production, or even pushed into a registry. To learn more about the new features, visit the Sysdig blog.


The new Sysdig Secure features are available now to all current Sysdig Secure and Sysdig Cloud Native Visibility and Security Platform customers. 

Published Tuesday, August 06, 2019 8:38 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<August 2019>