Sysdig Secure Is Now Integrated with IBM Cloud Monitoring with Sysdig

4 min read

DevOps has transformed the way software is deployed and accelerated innovation, but implementing security is still a challenge for teams.

Most customers want a comprehensive, cloud native security solution that entails vulnerability management, Kubernetes security, compliance, and runtime detections. Sysdig Secure offers just that via its comprehensive platform that embeds security and compliance into the build, run, and respond stages of the container and Kubernetes lifecycle, so you can confidently run cloud native apps in production.

Today, we are excited to announce the availability of Sysdig Secure on IBM Cloud as an integrated feature into our existing IBM Cloud Monitoring with Sysdig offering. Now, with Sysdig Secure, customers can easily identify vulnerabilities, check compliance, block threats, and respond faster to issues occurring within their environment.

Let's dive into some of the key features that make Sysdig Secure stand out in today's ecosystem. 

Scan for vulnerabilities

Sysdig Secure provides the ability to scan images in the CI/CD registry and runtime images on your Kubernetes clusters, BM, or VMs. Integrating the inline scanner with your CI system will allow users to scan all images before they are pushed to a registry. Once integrated, you can use the API or CLI to scan images that exist in the registry. The node-image-analyzer can also be deployed with a cluster to ensure all running images in the cluster are scanned

With the ability to identify vulnerabilities pre-production and at runtime, you can automate scanning within CI/CD pipelines. Learn more about Sysdig's unique image-scanning capability.

Compliance

With Sysdig’s out-of-the-box policies that map to specific compliance controls, meeting regulatory compliance standards like PCI-DSS, NIST 800-190, NIST 800-53, and SOC2 when running containers and Kubernetes has never been easier. Sysdig Secure provides out-of-the-box checks to verify container compliance and a unified overview to better understand and measure your compliance progress:

Sysdig Secure provides out-of-the-box checks to verify container compliance and ensure File Integrity Monitoring and a unified overview to better understand and measure your compliance progress:

To meet industry best practices for container compliance, Sysdig Secure leverages CIS Benchmarks for Kubernetes and provides guided remediation tips to help you maintain or quickly re-establish compliance.  Learn more about container compliance.

Block threats

Based on the Falco project, runtime security ensures your containers, Kubernetes, hosts, and IBM infrastructure are protected. The Falco project, originally created by Sysdig, is a CNCF open source cloud native runtime security tool developed to make it easy to consume kernel events and enrich those events with information from Kubernetes and the rest of the stack. Falco has a rich set of security rules specifically built for Kubernetes, Linux, and cloud native stacks:

Falco has a rich set of security rules specifically built for Kubernetes, Linux, and cloud native stacks:

Sysdig Secure extends the Falco runtime security engine and saves time creating and maintaining runtime policies. Learn more about runtime security.

Respond faster

With Sysdig Secure, you can understand and contain the impact of any security breach, respond to incidents, and recover and conduct post-mortem analysis on containers that may no longer be available. The robust data that Sysdig Secure collects, along with a detailed forensics report, will help quickly answer questions like "when," "what," "who," and "why" for all incidents. 

Incident response can be streamlined to quickly determine what happened along with a detailed activity record. The fine-grained policies that leverage the Falco rules library help analyze and audit runtime policy violations, and when enabled, forensic capture provides a record for incident response and allows you to recreate all system activity, even for containers that no longer exist:

When enabled, forensic capture provides a record for incident response and allows you to recreate all system activity, even for containers that no longer exist:

Learn more about container forensics.

Getting started

Sysdig Secure leverages our existing multi-tenant IBM Cloud Monitoring with Sysdig infrastructure. Users looking for a solution related to image scanning, compliance, intrusion detection, and auditing for their infrastructure can easily consume it by provisioning an instance on the IBM Cloud. For existing customers, if they select the Sysdig Secure option in our graduated tier plan, security functionality is automatically pushed to their existing Sysdig Monitor agent, and they are given access to the Sysdig Secure console for an additional monthly cost per host per month. New customers may choose to have Sysdig Monitor or both Sysdig Monitor and Secure as options in our graduated tier plan. 

Once logged into the IBM Cloud console, follow these instructions:

  1. Click Catalog. The list of the services that are available on IBM Cloud opens.
  2. To filter the list of services that is displayed, select the Logging and Monitoring category.
  3. Click the IBM Cloud Monitoring with Sysdig tile. The Observability dashboard opens.
  4. Select Create instance.
  5. Select the region.
  6. Select a service plan. By default, the Lite plan is set. 
    • To provision an instance that only includes the Monitor component, select the Graduated Tier plan.
    • To provision an instance that includes the Monitor and the Secure components, select the Graduated Tier - Sysdig Secure + Monitor plan.
  7. Enter a service name.
  8. Select a resource group. By default, the Default resource group is set.
  9. Set automatic collection of platform metrics by clicking Enable.
  10. Click Create.

After you provision an instance, the Observability dashboard opens and a service ID is automatically created. You can use this service ID to get the Sysdig access key for your instance. The name of the service ID has the following format: {InstanceName}-key-admin. The final step is to configure a metric source by adding a Sysdig agent. This agent is responsible for collecting and forwarding metrics to Sysdig. Once you deploy the agent, you can then launch out to view your metric data in Sysdig. 

By default, the Monitor view opens when you launch the Sysdig web UI.

To access the Secure web UI, simply select Monitor and then click on the Secure tile, and you'll open up to the Secure dashboard to begin viewing data:

To access the Secure web UI, simply select Monitor and then click on the Secure tile, and you'll open up to the Secure dashboard to begin viewing data:

Sysdig Secure is available in Sydney now and will be available in all regions where Sysdig Monitor is deployed in the coming weeks. 

For more information, visit our docs page.

Be the first to hear about news, product updates, and innovation from IBM Cloud