At the Black Hat USA conference, Sysdig today announced it has extended the capabilities of Sysdig Secure to include runtime profiling and anomaly detection enabled by machine learning algorithms with Kubernetes environments.
At the same time, Sysdig unveiled Falco Rule Builder, a more flexible user interface (UI) for creating runtime security policies, which integrates tightly with Sysdig Secure.
Knox Anderson, director of product management for Sysdig, says these extensions will make it easier for organizations to embrace best DevSecOps processes by relying on container monitoring and security tools for Kubernetes environments delivered via a software-as-a-service (SaaS) application, dubbed Sysdig Cloud Native Visibility and Security Platform (VSP).
Sysdig Secure is extending its syscall-level integration to gain deep insights into container runtime activity. Within 24 hours of the image being profiled, enterprises can access a profile that provides insights in all process and file system activity, networking behavior and system calls. DevOps and security teams then can use the learned profile snapshot to create a policy that can be applied to container images in the environment automatically.
By leveraging machine learning algorithms, Sysdig Secure not only understands all of the container and environment data, but it also can learn container behavior as the application environment changes. Relying on that data, a new runtime profile, through which policies can be enforced, can be generated. That capability should enable DevOps and cybersecurity teams to regain time that otherwise would be lost by creating those profiles manually. Machine learning algorithms also reduce the amount of human involvement, which makes it less likely errors will be introduced to those profiles.
Sysdig Secure also now includes confidence levels—low, medium and high—that are auto-generated from the runtime profiling, giving security teams transparency and assurance into the container behavior. Teams can use that capability to gain a better understanding of what has been learned, how it is being learned and how accurate the original baseline might have been.
Given the dynamic nature of container environments, there’s no doubt machine learning algorithms are about to play a much larger role in container security. Containers arguably are the most ephemeral atomic unit of computing ever invented. Trying to manually create profiles for containers that might only exist for a few minutes or hours is not practical. Machine learning algorithms and other forms of artificial intelligence (AI) make it possible for DevOps teams and cybersecurity professionals to secure containerized application environments at scale.
Training those machine learning algorithms, however, requires access to massive amounts of data. Sysdig postulates the only way to effectively gain access to enough data to train those algorithms is via a SaaS platform.
It remains to be seen where the divide between man and machine will lie as cybersecurity platforms increasingly are infused with AI. It’s not likely AI will replace the need for DevOps and cybersecurity professionals anytime soon. However, the nature of the jobs each member of those teams performs is about to change utterly.