Sysdig Secure Reviews

We use Sysdig for cloud and Kubernetes posture management, including Kubernetes workload security, image vulnerabilities, and pipeline vulnerabilities. We use it across 2 of our cloud vendors: AWS and GCP.

Sysdig helps us improve the maturity of our cloud and Kubernetes posture. Before implementing Sysdig, we did not have alot of visibility into what our developers were doing. We had lots of observability tools, but we didn't have any security observability tools. We wanted to ensure we could see what was being done from a configuration standpoint and compare that to best practices. We also wanted to detect and respond to any threats that might appear on the Kubernetes side of things.

It allows us to fill any gaps within our configuration. We don't have regulatory compliance requirements within our business, but we still want to adopt the best practices, and Sysdig enables us to identify gaps efficiently. Sysdig has its own ranking to push the critical priorities to the top. We can apply these standards, like ISO, CIS, NIST, etc., to improve the security posture in our cloud or Kubernetes environment.

We use Sysdig Secure to gain visibility into our runtime workloads. We use a whole bunch of security tools to scan our images before they get deployed into our production clusters. We needed a tool to give us runtime visibility and threat detection.

By implementing Sysdig Secure, we were trying to see any gaps. When an image is running, we wanted to see if any high or medium-scale vulnerabilities were picked up during the scanning and were running in a live workflow. We understood that we had a gap there. If there was a threat for us, we wanted to make sure that we knew and that we could scan our environment for any zero-day threats or vulnerabilities in general.

The main benefit for me personally is being able to articulate the ever-growing, dynamic, and constantly changing landscape. Just today, in a management leadership call, I was able to demonstrate that although we are solving a lot of these vulnerabilities, we are picking up new vulnerabilities each and every day. It allows me to articulate the importance of information security with actual real-time data.

Sysdig's runtime insights help us detect and respond to threats that are happening in real-time. We can look at Sysdig dashboards or run reports to see precisely what happens in our runtime environment. A good use case of this was that when zero-day vulnerabilities came out, we could scan our environment to see if the vulnerabilities apply to any of our production workloads.

Sysdig Secure helps us prioritize issues and distribute work. We are a small company, so we do not have multiple security or dev teams. We have two or three guys on my team. Having the ability to focus on critical vulnerabilities is crucial. It does not make sense to prioritize low-level threats when we have limited time.

We do not use live threat investigation features as much as we would like because of different priorities, but it is something that we do use. Over time, it shows us whether we are putting the right effort into resolving issues. For example, when we look at the dashboard scene over a 30-day period, we can see whether the critical vulnerabilities are increasing or decreasing. It lets us know whether we are on the right track.

We are currently using agentless scanning. Deploying it onto our cluster has enabled us to get full visibility into what is running on our cluster.

Sysdig provides us with the contextual awareness we need to create an immediate incident response strategy. It provides links to the threat and explains the threat and the resolution possible. It equips us with the right information to make a decision on whether to address the threat immediately or take a risk in terms of deploying remediation.

Sysdig has not enabled us to reduce the number of security tools we use. We were not using anything before Sysdig, and after choosing Sysdig, we did not have a need to look at anything else.

Sysdig has not helped reduce external SOC costs. We are a very small business, so we do not have the budget for an external SOC. However, it has definitely alleviated the pressure to look for one and to source an external SOC. We have a project history to look at a virtual SOC and leverage tools that we do have, and Sysdig is a part of that. There is definitely a saving there because we have not had the need to go out and look for an external SOC.

Sysdig has helped reduce the percentage of workloads that have security exposures that put the organization at risk. It has reduced the workload, mainly from an understanding of where we can assign work to cover the most ground in terms of resolving vulnerabilities.

The use case involves a robust security tool. We conducted evaluations of numerous tools to enhance our security measures. This assessment extended beyond just the systems. We also considered Falco, their open-source version, and Sysdig Falco Platform. Notably, the Falco Platform is integrated into the Sysdig Secure product. The central theme here is security in the context of Sysdig Secure. This tool offers security solutions for various domains including containerized platforms, virtual machines, VDI setups, and safeguarding code repositories like GitHub and Bitbucket. Furthermore, the tool provides insights that stand out distinctly from other products available today. Despite using Microsoft Defender for our virtual machines, it doesn't match up to the comprehensive outcomes delivered by Sysdig Secure. The tool furnishes detailed reports on aspects such as Intrusive Communication, thread level, process level, network level, specific ports, ingress and egress traffic, etc. This comprehensive vantage point empowers vigilant monitoring of all activities within the environment.

Absolutely, it has proven to be highly advantageous, which justifies the investment despite the substantial cost of the software. The primary benefit lies in the in-depth insights it provides at a granular level. It begins from the initial deployment of workloads and extends to details like thread level and syscal level. This includes intricate information on the syscal events, the associated user, the process ID, the accessed ports, and the network level involved. What's noteworthy is that this level of insight isn't limited to real-time monitoring; historical data is also available. This allows for the examination of past events, such as the causes of downtime or failures.

Moreover, they offer a feature to enable data capture, known as "Sysdig capture." This captures data for a specified period before and after an event, typically five minutes. The captured data can then be analyzed. This includes a comprehensive view of file system activities, IO operations, network interactions, process behavior, thread actions, and more. This comprehensive data analysis aids in pinpointing the root causes of various issues. This aspect of their offering provides another significant advantage.

We employ SQL for vulnerability scanning, compliance scanning, security intrusion detection, and drift detection.

We appreciate this feature, especially when combined with CD monitoring. The implementation of requested features has been remarkable, such as scanning for compliance in CRM processes for the US government. We heavily rely on this feature to assess compliance with federal requirements.

The solution is used for runtime security of containers, cloud security, CSPM, and CWPP.

The solution's runtime security and Falco are the two features I found to be the most valuable ones. So, Falco is their open-source tool for rules and policies.

Sysdig Secure has many strong foundational features like compliance and benchmark, security, network access management, and vulnerability management.

Banks and financial institutions cannot use Sysdig Secure because it doesn't sell SaaS-hosted versions for under two hundred working nodes.

We are a cloud provider, and we use the solution to collate some issues in our environment. 

The solution has improved the resolution time. We can detect any issue in the syslogs more quickly.