Sysdig Cuts Container and Kubernetes Visibility and Security Onboarding to 5 Minutes
July 2020 by Marc Jacob
Sysdig, Inc. announced a 5-minute setup for the Sysdig Secure DevOps Platform, a fast path to delivering container and Kubernetes security and visibility with a SaaS-first offering. In the first five minutes, the Sysdig agent is installed, dashboards are ready to go, and visibility into vulnerability, threats, and compliance issues are available. In this time, cloud teams can activate the five essential workflows required to securely operate cloud-native workloads. The workflows include image scanning, Kubernetes and container monitoring, application and cloud service monitoring, runtime security, and compliance. The latest release by Sysdig helps organizations of all sizes get results quickly and efficiently by giving customers guided onboarding as well as out-of-the-box dashboards and integrations. Sysdig also announced today a new Sysdig Essentials pricing tier, delivered as a SaaS solution, which packages these five core workflows for secure DevOps.
Watch: 5 minutes to security and visibility insight with Sysdig
As cloud adoption matures, organizations are realizing that to ship applications faster, they need to incorporate image scanning, runtime security, and compliance, along with monitoring containers, applications, and services into their DevOps process. However, the reality is, organizations delay investments in security, compliance, and monitoring as they fear it slows application deployment. As a result, teams are forced into a reactive mode when performance and availability issues impact applications in production. When customers or internal risk management teams require proof of security risk management, regulatory compliance, or worse, if a data breach occurs, organizations have to scramble.
By adopting a secure DevOps approach and turnkey tooling, organizations can address visibility, security, and compliance requirements without slowing down the release process. A best practice is using image scanning that integrates directly into registries and the CI/CD pipeline to efficiently manage risk. An analysis by Sysdig in June 2020 found that more than half of the common vulnerabilities and exposures (CVE) found in non-OS packages contain a CVE with a rating of “high” to “critical.” Images running as root is another risk that image scanning can identify. The same analysis by Sysdig found that 58 percent of images scanned run as root, indicating configuration issues that increase risk.
“Organizations benefiting from migrating IT operations to public clouds need to thoroughly review their security operations before releasing any new code. Much of the microservices development is new. Code management skill gaps exist and blindly releasing new functional capabilities will likely introduce new vulnerabilities,” said Frank Dickson, program vice president, cybersecurity products, IDC.
A faster path to visibility, security, and compliance with curated workflows for cloud environments
Sysdig is focused on making it easier to get started using a secure DevOps workflow for container and Kubernetes environments. With the announcement today, Sysdig simplifies onboarding for the most critical security, compliance, and monitoring functions. Sysdig adds guided onboarding, turnkey workflows, and pre-built integrations, policies, and dashboards that reduce the time it takes for DevOps teams to get insights. By helping shorten the time to value and setting a new bar for onboarding efficiency, enterprises can rapidly meet key security, compliance, and availability requirements across their various container and Kubernetes environments.
The five essential workflows for secure DevOps
• Image scanning: Organizations can manage security risk by finding and fixing vulnerabilities and misconfigurations early in the DevOps process through image scanning. Sysdig continuously scans images both within registries and CI/CD pipelines and during production. This saves time by uniquely mapping vulnerabilities to Kubernetes-based applications.
• Runtime security: Using Falco, Sysdig enables organizations to detect threats at runtime without impacting performance. Falco is the open source Kubernetes runtime security project created by Sysdig and now a Cloud Native Computing Foundation project.
• Compliance: Passing compliance audits can be time consuming and failing is costly. Organizations can continuously validate using out-of-the-box rules mapped against common compliance frameworks including PCI, NIST, and CIS.
• Kubernetes and container monitoring: With Sysdig, cloud teams receive automatic alerts and detailed health and performance information, including golden signals for clusters, deployments, namespaces, and workloads. Deep visibility into container activity enriched with cloud and Kubernetes context allows teams to manage the complexity that is a reality in a containerized ecosystem.
• Application and cloud service monitoring with full Prometheus compatibility: By leveraging native support for PromQL and Prometheus metrics, DevOps teams can use the industry standard their developers prefer, without running into scaling challenges. Out-of-the-box dashboards display metrics from cloud services, databases, and other key components in their application environment.
Sysdig offers five additional workflows, which include advanced troubleshooting, machine learning-based anomaly detection, threat prevention, incident response and forensics, and extended compliance controls. The advanced enterprise workflows include specialized capabilities that yield greater efficiency for DevOps teams. Once a cloud team has implemented the basics, they can move to more advanced workflows that further strengthen security and resilience.
Single source of truth across development, DevOps, and security
The Sysdig Secure DevOps Platform is the only unified security and monitoring platform. With a single source of truth, Sysdig eliminates silos of information between development, DevOps, and security teams. With this approach, organizations can resolve issues quickly by analyzing granular system data automatically correlated to cloud and Kubernetes context.
In light of shifting global dynamics, platform tools that combine use cases have moved to the forefront of IT priorities in an effort to help organizations control costs and improve efficiency. Sysdig enables organizations to quickly address security, monitoring, and compliance with a single tool and simple set up and onboarding.
New Sysdig Essentials tier as part of the SaaS offering covers core workflows
In addition to the essential workflows introduced today, the latest Sysdig release includes the Sysdig Essentials pricing tier for organizations looking to start with the essential use cases. The Sysdig Essentials tier provides a simplified on-ramp to a secure DevOps approach.
The Sysdig Essentials tier is offered as SaaS only, whereas the enterprise tier of the Sysdig Secure DevOps Platform is offered on-prem and as a SaaS deployment. SaaS provides faster adoption, more efficient management, and offers organizations security, compliance, and monitoring at a lower cost. The new tier starts with a 14-day free trial. All Sysdig products and tiers are priced per host/month. Full pricing can be found on the Sysdig pricing page.
The essential and advanced enterprise workflows for secure DevOps are available now to all current customers and new customers. The Sysdig Essentials pricing tier is available to new customers today.