INFRA
INFRA
INFRA
Sysdig upgrades its container monitoring platform to hunt for security threats
Like the other aspects of managing containerized applications, breach prevention often requires a much different approach than in a traditional software environment. San Francisco’s Sysdig Inc. today unveiled a new product aimed at enabling companies to handle the task more efficiently.
Aptly named Sysdig Secure, the offering is based on a piece of open-source software called Falco that the startup released last year. The latter tool is designed to tap the data produced by the system calls generated in a container environment, which allows applications to run the same on different kinds of computers. These are the requests that application components send to the operating system on which they run when certain key actions need to be performed.
Oftentimes, suspicious calls can be indicative of an intrusion. Sysdig Secure looks for breaches by comparing activity data against a set of policies on what actions should and shouldn’t be performed.
A rule set enables the software to cover a wide range of threat indicators. Sysdig Secure checks for unauthorized container changes, outbound connections to remote servers and other anomalous activity that falls outside of normal day-to-day operations. Companies can customize the policies or add more as needed to tailor the tool for their specific requirements.
When a violation is detected, Sysdig Secure quarantine or stops the offending process depending on the severity of the action. The tool also generates a detailed log of the incident that captures what files were modified, the user accounts involved and other relevant information.
Administrators can use the data to trace a breach back to its source. Having a detailed record of security incidents is also handy for compliance purposes, especially when the affected application holds sensitive data.
Sysdig Secure is being offered as part of the startup’s flagship Container Intelligence Platform. It’s a monitoring product designed to track application performance, network activity and other operational metrics. Sysdig said enabling administrators to keep an eye on the behavior and security status of their containerized applications in one place is more efficient than using multiple disparate tools that each have been set up separately.
Image: Unsplash
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
