Sysdig Extends Container Security Reach

Sysdig at the DockerCon 2018 conference extended the scope of its container security service into the realm of vulnerability management and compliance.

Apurva Davé, vice president of marketing at Sysdig, says Sysdig Secure 2.0 can now see inside container images to identify vulnerable packages, libraries and configurations before an image gets deployed in a production environment. Sysdig Secure 2.0 also can be used to manage, track and update vulnerability alerts impacting containers that already have been deployed in a production environment and employed to actions such as killing or quarantining a container if vulnerabilities or exposed credentials are found.

Sysdig Secure 2.0 further enriches alerts with metadata to provide context when fixing vulnerabilities, Davé says. That capability is enabled by metrics that Sysdig collects concerning events, compliance and vulnerabilities. Those metrics are tied to containers, images, hosts and Kubernetes entities to make it possible to determine how different organizations, applications and services are trending when it comes to applying security policies.

The latest version of Sysdig Secure 2.0 also adds compliance controls and audit checks based on the specifications defined by the Center for Internet Security (CIS).

Finally, Sysdig Secure 2.0 adds a native Jenkins plugin, which makes is simpler to include a container security scan as part of a continuous integration process.

Earlier this week Sysdig received a significant vote of confidence from IBM. The two companies revealed that IBM will make use of the Sysdig Cloud-Native Intelligence Platform to monitor and secure microservices based on containers running in the IBM Cloud. Sysdig Secure 2.0 can be licensed separately or bundled with the Sysdig Cloud-Native Intelligence Platform.

Jason McGee, vice president and CTO for IBM Cloud Platform, says IBM is choosing to utilize a partner that specializes in monitoring to create a less-invasive customer experience than what those capabilities delivered via monitoring software would provide.

Developers today are starting to exercise more influence and control over cybersecurity as part of a general shift to the left, generally referred to as DevSecOps. Many of these DevSecOps teams need a way to programmatically inject security controls into applications using application programming interfaces (APIs), but most legacy approaches to cybersecurity use a graphical user interface, which developers aren’t likely to take the time to learn and master.

At the same time, cybersecurity professionals have been slow to realize how reliance on containers results in more secure applications that are easier to update. Instead of having to patch entire applications, updates to code is accomplished simply by replacing one set of containers with another.

Eventually, however, developers and cybersecurity professionals will come to terms with one another. IT security teams will continue to define policies. But the implementation of those policies increasingly will be automated into the application development process as a set of code embedded within the container image. The sooner that occurs, the better off everyone concerned with cybersecurity will be.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 1452 posts and counting. See all posts by Mike Vizard