Sysdig Introduces Sysdig Secure 3.0: The Industry’s First Kubernetes-Native Threat Prevention and Incident Response Tool

Sysdig Introduces Sysdig Secure 3.0: The Industry’s First Kubernetes-Native Threat Prevention and Incident Response Tool

SAN FRANCISCO : Sysdig, Inc., the secure DevOps leader, today announced Sysdig Secure 3.0. This is the industry’s first tool to provide enterprises with threat prevention at runtime using Kubernetes-native Pod Security Policies (PSP). PSPs are controls in Kubernetes that define the security conditions pods must follow in order to run. Sysdig Secure 3.0 also includes the first incident response and audit tool for Kubernetes, giving enterprises the ability to reconstruct historical system activity. Enabling these capabilities are three new features: Kubernetes Policy Advisor, Falco Tuning, and Activity Audit. This release focuses on securing Kubernetes environments throughout the entire lifespan — detecting vulnerabilities and misconfigurations during the build phase, blocking threats without impacting performance during the run phase, and enabling incident response, forensics, and audit.

Picture1Janet Matsuda, Sysdig CMO, and Knox Anderson, Sysdig Director of Product, will dig into the new Sysdig Secure 3.0 features and share best practices for securing Kubernetes in production. The VP of engineering at a global investment bank will also discuss how they run containers at scale.

Kubernetes is the de facto operating system of cloud; however, as organizations move workloads into production, security and visibility are the biggest barriers. Traditional tools and processes do not provide visibility with context for Kubernetes environments. Additionally, traditional roles are shifting as security is embedded across the build, run, and respond phases of the application lifecycle. In order to ensure secure and compliant containerized applications, enterprises are moving away from siloed functions and introducing a secure DevOps workflow.

A recent report by Doug Cahill, Senior Analyst and Group Director covering cybersecurity at Enterprise Strategy Group, found that 66 percent of cybersecurity professionals expect to have adopted DevSecOps, also known as a secure DevOps approach, within the next two years. The report also found that half of the respondents expect their organization will consolidate controls by leveraging suites and platforms procured from a smaller set of vendors.

Cahill concludes in the report that security needs to be a shared responsibility amongst everyone, which ultimately redefines development, security roles, processes, and technology. “Businesses are shifting from product and organizational silos to an integrated and unified approach, with increased involvement of the cybersecurity team. To enable [this] approach, buyers require solutions that secure the build-ship-run lifecycle and the entire technology stack, independent of deployment locality,” said Cahill. “The most important attributes of products used to secure cloud-native apps include a rich set of pre-deployment capabilities, runtime capabilities, and support across a mix of server workload types, with flexible deployment options.”

Key Features of Sysdig Secure 3.0

Kubernetes Policy Advisor introduces first runtime prevention tool

The time and expertise needed to manually configure security policies often result in costly misconfigurations. With the Kubernetes Policy Advisor, Sysdig Secure auto-generates Pod Security Policies (PSP) to significantly decrease the time spent configuring security. Strict security policies reduce risk, but can also break applications. Sysdig validates policies through simulations, enabling teams to adjust misconfigurations before shifting to production. By leveraging Kubernetes Policy Advisor to create these PSPs, DevOps teams have validated policies that can be enforced using native controls to prevent threats. This saves time and ensures a more secure environment.

Sysdig generates the policies and the Kubernetes platform manages enforcement, ensuring performance is not impacted. Tools that tamper with the container infrastructure, modify the host binaries and container images. These modifications can introduce security risks, which have the potential to significantly impact performance.