The incident response standard for containers, Sysdig open source, has been extended to the cloud, according to Sysdig, the unified container and cloud security leader. Sysdig open source (Sysdig OSS) usually provides comprehensive observability into running applications, file system access, and network activities using system calls, which speeds incident response and debugging. Teams can easily filter and act on information from Sysdig OSS. These capabilities have now been extended beyond containers to any cloud environment with the launch of this new integration.
Security analysts and system administrators find it difficult to swiftly triage alarms and fix problems because cloud-native applications are so complex, with so many components and variables. Sysdig OSS records process, file system, and network activities in real time and at a fine level of detail. The application, which has nearly two million downloads and 6,850 GitHub stars, displays everything from run commands to file system and network activity. Following that, Sysdig OSS provides advanced filtering and troubleshooting tools, allowing for root cause study of security and performance issues.
Sysdig OSS can now connect to anything that generates logs or events, including Azure, Google, and AWS CloudTrail logs, thanks to a new plugin framework that was originally built by the open source community for the CNCF project Falco. Every Falco plugin that is produced in the future can also be used by Sysdig OSS. Investigations can be streamlined by using a single tool, such as Sysdig OSS, to monitor events throughout the whole cloud-native system. Using a new tool for each scenario increases complexity, making troubleshooting much more difficult.
Sysdig was formed as an open source firm, and Sysdig Secure and Sysdig Monitor are both open source products that address the security concerns of modern cloud applications. Sysdig launched these projects to use deep visibility as a security basis, and they’ve since become industry standards for container and cloud threat detection and incident response. Falco, which was donated to the CNCF in 2018, is currently a hosted project at the incubation level with over 45 million downloads.
Together, Sysdig OSS and Falco form a robust open source solution for reducing risk at runtime. Sysdig OSS operates as a flight recorder, recording a full log for later review. Falco functions as a security camera, detecting unusual behaviour, configuration changes, invasions, and data theft in real time. Sysdig OSS and Falco can be used together to detect and respond to threats.
“If you want to see what is going on inside an application, Sysdig OSS gives you that record,” said Loris Degioanni, Founder and CTO of Sysdig. “Sysdig open source was the inspiration for Falco. While Falco will monitor and alert based on your policies, Sysdig open source will tell you what happened at a particular time, before and after the event. Having the ability to use both open source tools in the cloud is extremely powerful.”
