Sysdig Secure is a new release of the Sysdig system for service aware policies

Author: Ritesh Mehta

What is Sysdig? It is actually an open source piece of software, which does not quite, but almost, what stance or profile do. It unites the Linux toolkit to a consistent, single, easy-to-use interface. The one-of-a-kind architecture of the system enables deep inspection into containers, out-of-the-box, without the need to instrument the containers themselves in any way.

The system is an alerting, monitoring, troubleshooting and security platform, created from the ground up for the world of micro-services and containers. This integration would enable sending alert notifications regarding the app’s performance, security concerns, and uptime from Sysdig apps directly to the Slack channel of choice.

ADDITIONAL VALUE THROUGH FOCUS ON A FEW KEY PRINCIPLES

Sysdig provides more value via focusing on several major principles. These include the following:

  1. Providing native support for all Linux container technologies, like LXC, Docker, etc.
  2. Offering coherent, unified and granular visibility to storage, network, processing and memory subsystems.
  3. Makes it possible to build trace files for system activity, similar to what one could do for networks with tools such as Wireshark, tcpdum, so the issue could be analyzed later, without losing vital information.
  4. Offering a filtering language to dig information in a natural and interactive way.
  5. Includes a rich system state in the trace files, so the captured activity could be put into full context.
  6. Offers an intuitive, simple and fully customizable cursers-based user interface that is called csysdig.
  7. Includes a rich library of Lua scripts for solving common issues that are called chisels.

THE NEW RELEASE OF SYSDIG SECURE

The release of Sysdig Secure strengthens Sysdig security. It is a part of the Sysdig Container Intelligence Platform. It enables enterprises for implementing run-time security and forensics for micro-services and containers in production. Also, they have announced the completion of a $25 million Series C funding that they plan using to implement their vision, scale out customer support capabilities and expand product portfolio.

Sysdig Secure offers the capacity to implement block attacks, service-aware policies, capture deep forensics, analyze command histories and see performance data, based on a statement that announces the new product. The system is able to detect security violations on a service-by-service basis as well as block attacks through stopping or quarantining unusual behavior as it occurs. Also, it has the ability of viewing each and every command and argument executed by an operator. Using deep forensics, users could inspect data even if it’s outside the production. Moreover, the tool also provides a view of all performance data of the system. It comes in, could see not just the containers, but understand what the services are doing, take the right actions, and use the extreme depth of information for troubleshooting and perform forensics when it comes to policy violations or incidents.

The new release was beta-tested by dozens of organizations, so the company is sure that it is ready to be used in an organization. Also, they have the advantage of having millions of containers already, which they monitor that they could study to understand what the containers would be doing.

THE FEATURES OF SYSDIG

The following are some of the features of Sysdig.

  1. Comes with native support for container technologies, which include LXC, Docker.
  2. It is stable, fast and easy-to-use and comprehensively well-documented.
  3. Supports useful output filtering.
  4. Scriptable in Lua.
  5. Supports system and app tracing.
  6. Could be integrated with Puppe, Ansible and Logstash.
  7. It offers Linux server attack analysis features for ethical hackers and more.
  8. Enable sample advanced log analysis.

SYSDIG MONITOR AND SECURE

The goal of the company is to provide a single platform for monitoring and securing their applications. Sysdig Secure and Sysdig Monitor use the same agent o the host, which one is trying to secure and monitor. They use the same back end for collecting all data and analyzing it and have really consistent user interfaces. The net of the platform approach which means less overhead cost on the systems as well as less overhead on the people to learning new tools.

The vision of Sysdig is to offer a unified, single platform for operating containers in production. Typically, enterprises are pressured to deploy different products and instrumentation for monitoring, securing and introspecting their apps. This sprawl is a drain or organizations, in compute resources and most of all in human capital. The system is the only platform, which eliminates the sprawl with one point of data collection as well as a unified set of workflows. Sysdig Secure is available on cloud and on premise software offerings and is generally available these days.