Unmatched Coverage for Cloud and Hybrid Workloads: Sysdig’s Next Generation Instrumentation

In today’s rapidly changing and evolving cloud-native environments, security and infrastructure teams face challenges ranging from managing complex deployments to ensuring capability across their entirety of their diverse infrastructure. EDR and XDR tools cannot provide comprehensive coverage of cloud workloads, making them fundamentally unsuited for cloud security.  

EDR agents are riddled with inefficiencies and gaps in security coverage. Their utility is often limited by where they can run, what features they support, and how many resources they consume. Although technology such as eBPF is universally pan linux and requires minimal privileges to function, it has not been widely adopted by all EDR vendors. To effectively thwart attacks in motion, a purpose-built CDR solution is necessary — one that offers full visibility into cloud infrastructure, encompassing identities, workloads, and cloud resources.

Sysdig’s Agent Instrumentation, part of our cloud-native application protection platform (CNAPP), is designed to address these issues head-on. It offers comprehensive coverage and high-level performance without compromising on sophisticated security capabilities. Sysdig’s latest advancements in agent-based technologies are created to tackle issues critical issues in cloud-native security, such as:

  • Security coverage: Sysdig combines low-resource agent-based and agentless approaches to achieve broad and deep coverage leveraging latest technology such as eBPF.
  • Agent management: Sysdig has streamlined deployment and maintenance, so that customers realize value faster and spend less time on managing the infrastructure supporting the security framework.
  • Compatibility: Sysdig has created capabilities that extend broad support across various environments and platforms. 

The pillars of Sysdig’s security coverage 

The Sysdig approach includes battle-tested components designed to simplify deployment and enhance security. Sysdig instrumentation is being continuously optimized for reduced CPU and memory utilizations, without compromising security. Recently Sysdig has achieved up to 50% CPU and memory utilization, despite introducing newer capabilities. Here are some of the standout features:

Falco OSS, the unified threat detection engine for the cloud

Powered by Falco, Sysdig helps detect and respond to threats across containers, cloud services, Kubernetes/Linux/Windows hosts, identities, and third-party apps in public and private clouds. Falco OSS (open-source software) provides customers with access to a rich collection of 1000+ rules and a universal threat detection language.

Universal eBPF probe

Harnessing the power of eBPF technology, our Gen2 (Universal) eBPF probe ensures seamless operation for nearly all Linux-based systems and architectures. Benefits include:

  • Ease of deployment: Embedded in the agent binary, no kernel headers required and no building probes required.
  • Safety and stability: Leverage the benefits of eBPF for the Sysdig agent.

Cluster Shield and Host Shield

Unifying protection for both clusters and hosts, Sysdig leverages simple deployment components of Cluster Shield and Host Shield.

  • Cluster Shield: Secures clusters by scanning all containers, identifying risky Kubernetes misconfigurations and ensuring compliance with the latest security standards for Kubernetes clusters and containers.
  • Host Shield: Provides deep runtime threat detection, insights, and scanning across all hosts and nodes for misconfigurations, and ensures compliance for hosts and servers.
Host Shield Cluster Shield
Performs real-time threat detection and protection for nodes and hosts.
Vulnerability management identifies underlying host vulnerabilities.
Compliance and misconfigurations  ensures hosts are compliant and configured correctly.
Enhanced threat detection for clusters applies rules and policies to k8s audit logs.
Vulnerability management identifies vulnerabilities in running containers.
Compliance and misconfigurations ensures Kubernetes and containers are compliant and configured correctly.
Admission control: prevents deployment of vulnerable containers and misconfigurations.

Expanding horizons by enhancing cloud-native coverage 

Our latest releases have expanded the reach of our detection and response capabilities across a variety of different attack surfaces:

  • Windows runtime threat detection: For Windows, across Windows Hosts, Containers,  Kubernetes and RedHat Openshift.
  • Google Cloud Run runtime threat detection: Expanding Sysdig’s security offerings for serverless by supporting Google Cloud Run.
  • Expanded architecture: Host Shield and Cluster Shield are supported across ARM-based architectures, including AWS Graviton. 
  • Fargate enhancements: An agent implementation that truly costs zero resources now leverages capacity in Fargate tasks, and provides world-class threat detection without additional resource expenditure. 

Customer benefits 

Our customers are already reaping the benefits of our new and improved agent capabilities. Many enterprise customers across regulated industries such as finance and healthcare leveraged the new Cluster Shield and Host Shield while expanding Sysdig to cover their Fargate environment, benefiting from the simpler deployment, optimized resources, and consolidation of their security into one CNAPP platform. Sysdig customers are also already benefiting from significant resource optimization, reducing their infrastructure costs while taking advantage of new features like drift and malware control.

Conclusion

Sysdig’s agent has continued to advance in cloud-native security, offering enhanced capabilities, performance optimization, and expanded coverage and platform support. As Sysdig continues to innovate, we invite you to watch a product demo and try out our leading agent-based and agentless capabilities for a complete CNAPP experience.