October 2017 Summaries
3 posts from Sysdig
Filter
Month:
Year:
Post Summaries
Back to Blog
Sunrun, the largest residential solar company in the U.S., has effectively implemented security and monitoring solutions for its Amazon ECS-based containerized infrastructure. The company chose ECS over Kubernetes due to its compatibility with AWS and ease of use, aligning with their strategy to utilize AWS services wherever possible. To address visibility challenges in their container environment, Sunrun adopted Sysdig Monitor, which provided comprehensive service and container awareness, and later integrated Sysdig Secure to enhance runtime security. This integration allowed Sunrun to manage security policies with a service-oriented approach and leverage a shared UI for both monitoring and security, reducing resource costs and simplifying operations. Sysdig's unified platform for performance monitoring and security has proven to be a cost-effective solution for Sunrun, and the company is exploring the use of Sysdig Captures for deeper anomaly analysis.
Oct 15, 2017
1,496 words in the original blog post.
Falco 0.8.1 introduces significant updates aimed at enhancing security and usability, including major improvements to its ruleset to reduce false positives and broaden threat coverage, informed by extensive beta testing with Sysdig customers. The release formalizes the separation of default and local rules files, facilitating easier customization and retention of updates during software upgrades, and moves configuration files for consistency. It also introduces the ability to extend lists, macros, and rules with an append attribute, simplifies alert management with a keep_alive feature for continuous program execution, and allows JSON output for better integration with external programs. Additional enhancements include options for unbuffered data transmission, validation of single rules files, and filtering rules by severity, with the update available through RPM/Debian packages, Docker Hub, and GitHub.
Oct 11, 2017
797 words in the original blog post.
Sysdig Secure is a newly announced product that offers container run-time security and forensics for enterprises, integrating seamlessly with orchestration technologies such as Kubernetes and Docker. Building on Sysdig's previous offerings like Sysdig Monitor and Sysdig Falco, it provides deep container visibility and uses the same analytics backend and user interface, forming part of the Sysdig Container Intelligence Platform. The product is designed to enhance security by detecting and analyzing anomalies, such as suspicious user activity, in real-time. An example of its utility is showcased through a scenario where Sysdig Secure detects, analyzes, and provides insight into a security breach caused by a rootkit. This detailed process involves capturing system activity, reviewing user commands, and examining file installations, all without logging into the affected system. Sysdig Secure aims to provide a streamlined security workflow, with ongoing development for additional features.
Oct 11, 2017
1,334 words in the original blog post.