DevOps has transformed the way software is deployed and accelerated innovation, but implementing security is still a challenge for teams.

Most customers want a comprehensive, cloud native security solution that entails vulnerability management, Kubernetes security, compliance, and runtime detections. Sysdig Secure offers just that via its comprehensive platform that embeds security and compliance into the build, run, and respond stages of the container and Kubernetes lifecycle, so you can confidently run cloud native apps in production.

Today, we are excited to announce the availability of Sysdig Secure on IBM Cloud as an integrated feature into our existing IBM Cloud Monitoring with Sysdig offering. Now, with Sysdig Secure, customers can easily identify vulnerabilities, check compliance, block threats, and respond faster to issues occurring within their environment.

Let’s dive into some of the key features that make Sysdig Secure stand out in today’s ecosystem. 

Scan for vulnerabilities

Sysdig Secure provides the ability to scan images in the CI/CD registry and runtime images on your Kubernetes clusters, BM, or VMs. Integrating the inline scanner with your CI system will allow users to scan all images before they are pushed to a registry. Once integrated, you can use the API or CLI to scan images that exist in the registry. The node-image-analyzer can also be deployed with a cluster to ensure all running images in the cluster are scanned

With the ability to identify vulnerabilities pre-production and at runtime, you can automate scanning within CI/CD pipelines. Learn more about Sysdig’s unique image-scanning capability.


With Sysdig’s out-of-the-box policies that map to specific compliance controls, meeting regulatory compliance standards like PCI-DSS, NIST 800-190, NIST 800-53, and SOC2 when running containers and Kubernetes has never been easier. Sysdig Secure provides out-of-the-box checks to verify container compliance and a unified overview to better understand and measure your compliance progress:

To meet industry best practices for container compliance, Sysdig Secure leverages CIS Benchmarks for Kubernetes and provides guided remediation tips to help you maintain or quickly re-establish compliance.  Learn more about container compliance.

Block threats

Based on the Falco project, runtime security ensures your containers, Kubernetes, hosts, and IBM infrastructure are protected. The Falco project, originally created by Sysdig, is a CNCF open source cloud native runtime security tool developed to make it easy to consume kernel events and enrich those events with information from Kubernetes and the rest of the stack. Falco has a rich set of security rules specifically built for Kubernetes, Linux, and cloud native stacks:

Sysdig Secure extends the Falco runtime security engine and saves time creating and maintaining runtime policies. Learn more about runtime security.

Respond faster

With Sysdig Secure, you can understand and contain the impact of any security breach, respond to incidents, and recover and conduct post-mortem analysis on containers that may no longer be available. The robust data that Sysdig Secure collects, along with a detailed forensics report, will help quickly answer questions like “when,” “what,” “who,” and “why” for all incidents. 

Incident response can be streamlined to quickly determine what happened along with a detailed activity record. The fine-grained policies that leverage the Falco rules library help analyze and audit runtime policy violations, and when enabled, forensic capture provides a record for incident response and allows you to recreate all system activity, even for containers that no longer exist:

Learn more about container forensics.

Getting started

Sysdig Secure leverages our existing multi-tenant IBM Cloud Monitoring with Sysdig infrastructure. Users looking for a solution related to image scanning, compliance, intrusion detection, and auditing for their infrastructure can easily consume it by provisioning an instance on the IBM Cloud. For existing customers, if they select the Sysdig Secure option in our graduated tier plan, security functionality is automatically pushed to their existing Sysdig Monitor agent, and they are given access to the Sysdig Secure console for an additional monthly cost per host per month. New customers may choose to have Sysdig Monitor or both Sysdig Monitor and Secure as options in our graduated tier plan. 

Once logged into the IBM Cloud console, follow these instructions:

  1. Click Catalog. The list of the services that are available on IBM Cloud opens.
  2. To filter the list of services that is displayed, select the Logging and Monitoring category.
  3. Click the IBM Cloud Monitoring with Sysdig tile. The Observability dashboard opens.
  4. Select Create instance.
  5. Select the region.
  6. Select a service plan. By default, the Lite plan is set. 
    • To provision an instance that only includes the Monitor component, select the Graduated Tier plan.
    • To provision an instance that includes the Monitor and the Secure components, select the Graduated Tier – Sysdig Secure + Monitor plan.
  7. Enter a service name.
  8. Select a resource group. By default, the Default resource group is set.
  9. Set automatic collection of platform metrics by clicking Enable.
  10. Click Create.

After you provision an instance, the Observability dashboard opens and a service ID is automatically created. You can use this service ID to get the Sysdig access key for your instance. The name of the service ID has the following format: {InstanceName}-key-admin. The final step is to configure a metric source by adding a Sysdig agent. This agent is responsible for collecting and forwarding metrics to Sysdig. Once you deploy the agent, you can then launch out to view your metric data in Sysdig. 

By default, the Monitor view opens when you launch the Sysdig web UI.

To access the Secure web UI, simply select Monitor and then click on the Secure tile, and you’ll open up to the Secure dashboard to begin viewing data:

Sysdig Secure is available in Sydney now and will be available in all regions where Sysdig Monitor is deployed in the coming weeks. 

For more information, visit our docs page.

More from Analytics

A new era in BI: Overcoming low adoption to make smart decisions accessible for all

5 min read - Organizations today are both empowered and overwhelmed by data. This paradox lies at the heart of modern business strategy: while there's an unprecedented amount of data available, unlocking actionable insights requires more than access to numbers. The push to enhance productivity, use resources wisely, and boost sustainability through data-driven decision-making is stronger than ever. Yet, the low adoption rates of business intelligence (BI) tools present a significant hurdle. According to Gartner, although the number of employees that use analytics and…

VeloxCon 2024: Innovation in data management

3 min read - VeloxCon 2024, the premier developer conference that is dedicated to the Velox open-source project, brought together industry leaders, engineers, and enthusiasts to explore the latest advancements and collaborative efforts shaping the future of data management. Hosted by IBM® in partnership with Meta, VeloxCon showcased the latest innovation in Velox including project roadmap, Prestissimo (Presto-on-Velox), Gluten (Spark-on-Velox), hardware acceleration, and much more. An overview of Velox Velox is a unified execution engine that is built and open-sourced by Meta, aimed at…

How the Recording Academy uses IBM watsonx to enhance the fan experience at the GRAMMYs®

3 min read - Through the GRAMMYs®, the Recording Academy® seeks to recognize excellence in the recording arts and sciences and ensure that music remains an indelible part of our culture. When the world’s top recording stars cross the red carpet at the 66th Annual GRAMMY Awards, IBM will be there once again. This year, the business challenge facing the GRAMMYs paralleled those of other iconic cultural sports and entertainment events: in today’s highly fragmented media landscape, creating cultural impact means driving captivating content…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters