Sysdig Allies with Docker Inc. on Container Security

Sysdig and Docker today announced at DockerCon the integration of Sysdig runtime insights into Docker Scout to help developers prioritize remediation efforts based on actual risk directly from within their command line interface (CLI).

Docker Scout is an event-based tool that makes it simpler for developers to identify and remediate vulnerabilities in libraries that are actually being used in a container-based application. It also provides integrations with Sysdig, JFrog Artifactory, Amazon Web Service Elastic Container Registry (AWS ECR), BastionZero, GitHub, GitLab, CircleCI and Jenkins to facilitate DevSecOps workflows.

Eric Carter, a senior product marketing manager for Sysdig, said Docker Scout provides another means to consume the insights that Sysdig surfaces into container images via its cloud-native application protection platform (CNAPP).

Overall, the goal is to make it simpler for developers to assume more responsibility for application security as organizations look to lock down software supply chains. The challenge is to find a way to enable developers to achieve that goal without increasing the cognitive load to the point where addressing cybersecurity issues impedes overall developer productivity.

The unique cybersecurity challenge containers present is they are largely ephemeral; they may only run for five minutes or less. That short life cycle, however, doesn’t take into account there may be thousands of containers running at any given time that have inadvertently encapsulated vulnerabilities.

In addition, some of those containers are now running longer than five minutes as more stateful applications are deployed on Kubernetes clusters.

Most recently, Sysdig extended its CNAPP to include a Cloud Attack Graph capability that enables cybersecurity teams to visually track attack paths in real-time. The company also added a cloud inventory tool to surface issues such as instances of a critical vulnerability running or roles with unused credentials. Sysdig also added an agentless scanning capability to scan hosts to identify, for example, misconfigurations, as a complement to its existing agent software. The agentless capability can analyze file access, network connections, active processes and workload attributes in real-time in addition to identifying vulnerabilities that are not actually being used in a production environment or in an external-facing application.

In effect, Sysdig is making a case for a CNAPP that extends from the platform it originally created to protect runtimes to include a range of detection capabilities that previously would have required a separate cloud security posture management (CSPM) platform. CNAPPs essentially provide a vehicle for consolidating multiple point products into a single framework that is simpler to centrally manage. In addition to reducing the number of tools that need to be licensed, the goal is to make it easier for smaller teams of cybersecurity professionals to manage a wider range of processes and reduce the total cost of cybersecurity.

Each organization will naturally have to decide how quickly that transition should be made, but cybersecurity threats continuously evolve. The defenses that organizations put in place several years ago may not be as effective as a modern platform that addresses a wider range of threats in the cloud-native application era.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 1618 posts and counting. See all posts by Mike Vizard