Towards a standard in container security with Sysdig

For the 4th time, we met Sysdig in San Francisco during the recent 48th edition of The IT Press Tour. The first meeting was in June 2016, 7 years ago, just 3 years after Loris Degioanni founded the company. We have the opportunity to meet him again with Suresh Vasudevan, CEO, we met also in the past. It was definitely a very good session and we learned all the progress made the company and their impact on the market. That help us to put in perspective elements shared several years ago. What a trajectory and impact with tons of Falco downloads and business in 20+ countries. So far the company has raised $750 million and I'm still wondering why the company needs such large amount. Of course we understand in this market companies have to move fast, invest a lot, recruit people and gain market share. At the same time, the company has to protect itself against potential acquisition as the goal could be an IPO.

Since the beginning the company defines its mission: "To accelerate and secure cloud innovation" from source to run, meaning from the development to the operation phase. And this works in the loop as upgrade and changes are permanent with CI/CD considerations. They do that with a fundamental element, Falco, the open source standard for cloud-native threat detection and response. Associated with Falco, Sysdig designs, builds and develops Sysdig Secure and Sysdig Monitor, 2 commercial offerings, tailored to Kubernetes environments.

The move for enterprises to distributed computing model has obviously introduced some risks in terms of security at all levels. Vulnerability, configuration, IAM and threat detection are 4 key areas paramount to address to facilitate cloud adoption and users' success.

Falco is the foundation, it is integrated with several security products on the market like Sumo Logic, StackRox, CloudGuard from CheckPoint... The philosophy is to monitor system and cloud events and even more via a standard open API. Falco is agentless, well advanced in threat detection, recognized as one of the most advanced security engine in the domain.

Sysdig has developed a real expertise on the container security side with key people and also leverages public repositories and honeypot network plus vulnerability research. Sysdig Secure appears to be one of the most comprehensive approach in the domain today that, coupled with Machine Learning, delivers a new level of protection. As the Kubernetes environment evolves in realtime with very frequent CI/CD updates, it represents a new difficulty especially for elements currently in-use. Partners understand this and the partnership with Snyk is a perfect example of deep integration, birdging developers, security domains and operations.

At the same time, Sysdig briefed the group on the coming annual Sysdig 2023 Cloud-Native Security and Usage Report, available here. It turns out that the containers world is still very opened to threats and the access management represents an invitation for penetration as the real technique seems to be very relaxed. Also costs are not well controlled with CPU, memory and containers usage clearly in waste mode. The summary slide speaks for itself.