Home / Companies / Sysdig / Blog / November 2019

November 2019 Summaries

6 posts from Sysdig

Filter
Month: Year:
Post Summaries Back to Blog
Sysdig Secure DevOps Platform enhances the security and compliance of AWS container services by providing tools that integrate with various AWS services such as ECS, EKS, and Kubernetes on EC2. The platform allows for pre-deployment vulnerability scanning, ensuring that base images, OS packages, and third-party libraries meet security standards before hitting production. It also supports continuous compliance monitoring during runtime, leveraging policies that align with frameworks like MITRE ATT&CK and regulations such as NIST, PCI, and HIPAA. Sysdig utilizes the Falco open-source detection engine to monitor and block runtime threats, while its profiling features automatically build and maintain security policies, enhancing threat detection and prevention. Additionally, Sysdig consolidates monitoring and security visibility across AWS services, facilitating incident response and forensics through detailed activity audits, while integrating alerts with AWS Security Hub and CloudWatch to streamline security management. Sysdig is an AWS Advanced Partner, and its services are accessible via the AWS Marketplace, offering trials and easy sign-up options for teams looking to secure cloud-native workloads effectively.
Nov 26, 2019 1,196 words in the original blog post.
The blog post details how to implement image vulnerability scanning in AWS CodePipeline and AWS CodeBuild using the Sysdig Platform to enhance security in DevOps workflows. It explains the integration of AWS tools like CodeCommit, CodeBuild, CodeDeploy, and CodePipeline, emphasizing the role of CodePipeline in automating and visualizing the stages of development. The process involves analyzing Dockerfile and image metadata for security vulnerabilities, using Sysdig's local scanning to maintain image control, and sending the scan results to Sysdig Secure for further analysis. The post describes setting up the infrastructure with Terraform and using a buildspec.yml file to automate the image build and scan process, ensuring any issues are detected and resolved early in the CI/CD pipeline. It also highlights the importance of using credential management through AWS Parameter Store to secure sensitive data and concludes by underscoring the benefits of early detection in improving security and delivery confidence in production environments.
Nov 26, 2019 1,657 words in the original blog post.
Google Cloud Run is a serverless compute platform that merges the ease of serverless computing with the adaptability of containerized workloads, allowing developers to define containers while abstracting infrastructure management. Sysdig Secure embeds security and compliance across the Cloud Run lifecycle, offering features such as advanced image scanning, runtime security, and forensic incident response. This integration helps maintain a seamless security protocol even for ephemeral workloads, as Cloud Run automatically scales services based on demand. By leveraging technologies like Kubernetes, Istio, and Knative within Google Cloud's Anthos, Cloud Run ensures applications remain portable and compliant with open standards. Sysdig's support for Anthos and Cloud Run enhances monitoring and security capabilities by using transparent instrumentation and integrating with Kubernetes metadata, facilitating effective security management for serverless environments.
Nov 14, 2019 2,437 words in the original blog post.
Sysdig's Activity Audit, introduced in the Secure 3.0 release, enhances incident response and auditing capabilities in Kubernetes by correlating container and Kubernetes activity. This feature allows security teams to investigate and document all user, application, and Pod activity, addressing challenges in distributed environments where containers are ephemeral and data can disappear quickly. By capturing data such as executed commands, network connections, and Kubernetes API events, Sysdig provides a comprehensive audit trail that aids in compliance with standards like SOC 2, PCI, ISO, and HIPAA. The Activity Audit enables security operations centers (SOC) to identify abnormal behavior and respond swiftly to security incidents, while also supporting detailed post-mortem analyses. Through examples, Sysdig demonstrates how the tool can trace suspicious activities, such as unauthorized kubectl exec sessions, and provide insights into user actions and network interactions, thereby enhancing the overall security posture and visibility in Kubernetes environments.
Nov 12, 2019 1,117 words in the original blog post.
Sysdig's Kubernetes Policy Advisor aims to enhance the security of Kubernetes environments by simplifying the implementation of Pod Security Policies (PSPs) through automation and validation processes. PSPs provide a framework that ensures Kubernetes Pods operate with minimal necessary privileges to prevent unauthorized access and security breaches. The Policy Advisor automates the generation of these policies and enables their validation before deployment, reducing the risk of application disruptions by identifying potential issues in advance. By facilitating the adoption of PSPs, Sysdig helps organizations adhere to compliance standards while maintaining optimal application performance. The tool's ability to simulate security policies and assess their impact on applications before enforcement highlights its role in maintaining a secure Kubernetes ecosystem without compromising operational efficiency.
Nov 12, 2019 1,073 words in the original blog post.
Falco, developed by Loris Degioanni and rooted in the history of open-source tools like libpcap, tcpdump, and Snort, is a security tool inspired by successful Linux library implementations. This article explores the underlying architecture of Falco and sysdig, highlighting their historical connections and structural similarities, such as sysdig's capture component sysdig-probe and the user-level libraries libscap and libsinsp. While Falco utilizes components from the sysdig project, it operates independently, implementing a rule engine similar to Snort's but focused on system calls rather than packets. The article discusses the ongoing efforts to further separate and independently manage these components to ensure stability and support, reflecting on the enduring legacy of these technologies and the author's personal journey in contributing to their evolution.
Nov 05, 2019 1,253 words in the original blog post.