Sysdig to Provide Greater Visibility into Container Security

April 10, 2019 Mike Vizard application development, container security, containers, management platform, security

At this week’s Google Cloud Next 2019 conference, Sysdig announced it will offer a preview of the next iteration of a platform for monitoring and securing containers that provides IT organizations with much deeper visibility into a cloud-native computing environment.

New capabilities being added in Sysdig Cloud-Native Visibility and Security Platform (VSP) 2.0 will, among other things, provide enhanced monitoring and security capabilities for Kubernetes clusters, including dashboards for capacity planning, control-plane health and compliance trends along with default alerting rules, benchmark results, audit policies and integration with Kubernetes admission controllers.

Other capabilities being added include support for CRI-O and containerd runtimes, topology views for visualizing relationship between Kubernetes services, an ability to search Kubernetes metadata, and integration with third-party security information and event management (SIEM) platforms such as Splunk.

Sysdig CEO Suresh Vasudevan says increased visibility into container environments has become a crucial requirement because cybersecurity teams are hesitant to allow containerized applications that they can’t manage to be deployed in a production environment. No matter how much more secure that containerized application may be compared to previous generations of monolithic applications, cybersecurity professionals tend not to trust developers will make sure the components of a container are secure on their own, he says.

In fact, one of the great paradoxes of containerized applications is that while it’s much easier to keep the components of an application up to date in terms of the patches that need to be applied, developers can still easily package outdated components within those containers. As the number of containerized applications deployed across multiple clouds increases, the chance that outdated software containing known vulnerabilities will find its way into a production environment increases as the IT environment becomes more dynamic, says Vasudevan, noting that because of that issue, there’s an interest in tools that provide visibility into containers and the ability to centrally apply security policies has become a fundamental requirement.

Vasudevan says the challenge cybersecurity teams face today is that organizations are transitioning to containers to accelerate the rate of application development. But not every organization that has adopted containers is that far along the maturity curve in terms of adopting best DevSecOps processes that ensure cybersecurity issues are addressed with the context of a larger continuous integration/continuous development platform, he notes.

As those processes mature, however, the relationship between developers and cybersecurity teams should become more collegial. Most cybersecurity professionals today have significant trust issues with developers that historically have not paid as much attention to cybersecurity issues as everyone might like. But as developers are held more accountable for those cybersecurity concerns, the relationship between cybersecurity teams and developers should become something more akin to “trust but verify.”

The simple truth is that perennially short-handed cybersecurity teams can’t keep pace with the rate at which new code is being developed. They need to count on developers to do the right cybersecurity thing when writing code. Once that code is deployed, cybersecurity teams then need to verify that security polices are being implemented and maintained.

It may take a while for that level of détente between these two camps to be achieved. It’s hard to see, however, how any other approach can meaningfully resolve application security issues that today are nothing less than chronic.