Sysdig incident response solution for containers now in the cloud

Cloud security vendors Sysdig have announced that Sysdig open source, the incident response standard for containers, has been extended to the cloud.

Using system calls, Sysdig open source traditionally offers deep observability into running applications, as well as file system access and network activity, which speeds incident response and troubleshooting. Teams can quickly filter information from Sysdig OSS and take action. With the announcement of this new integration, these capabilities have been extended beyond containers to any cloud environment.

The complexity of cloud-native applications – with countless components and variables – makes it extremely difficult for security analysts and system administrators to quickly triage alerts and debug problems. Sysdig OSS captures process, file system, and network activity in real time and with a high degree of granularity. The tool, which has nearly two million downloads and 6,850 GitHub stars, surfaces everything from executed commands and file system activity to network activity. Sysdig OSS then offers advanced filtering and troubleshooting capabilities, supporting root cause analysis for security and performance issues.

Using a new plugin framework – originally developed by the open source community for the CNCF project Falco – Sysdig extends the number of sources Sysdig OSS can be connected with to anything that generates logs or events, including Azure, Google, and AWS CloudTrail logs. Going forward, every plugin developed for Falco can also be leveraged by Sysdig OSS. Using one tool, like Sysdig OSS, to observe events from the entire cloud-native environment streamlines investigations. Using a different tool for each environment adds complexity, which makes it massively harder to troubleshoot.

Learn more about this framework in the Sysdig OSS 0.29 new release blog.

Sysdig’s commitment to open source
Sysdig was founded as an open source company and Sysdig Secure and Sysdig Monitor were both built on an open source foundation to address the security challenges of modern cloud applications. Both projects were created by Sysdig to leverage deep visibility as a foundation for security, and they have become standards for container and cloud threat detection and incident response. Falco, which was contributed to the CNCF in 2018, is now an incubation-level hosted project with more than 45 million downloads.

Sysdig OSS and Falco can be used together as a powerful open source solution to reduce risk at runtime. Sysdig OSS acts as a flight recorder, capturing a detailed record for inspection. Falco acts as a security camera, continuously detecting unexpected behaviour, configuration changes, intrusions, and data theft in real time. Teams can use Sysdig OSS and Falco together to detect and respond to threats.

“If you want to see what is going on inside an application, Sysdig OSS gives you that record,” said Sysdig founder and chief technology officer Loris Degioanni. “Sysdig open source was the inspiration for Falco. While Falco will monitor and alert based on your policies, Sysdig open source will tell you what happened at a particular time, before and after the event. Having the ability to use both open source tools in the cloud is extremely powerful.”