Sysdig has come out with Sysdig Secure 3.0 to help enterprises with threat prevention at runtime using Kubernetes-native Pod Security Policies (PSP). PSPs are controls in Kubernetes that define the security conditions pods must follow in order to run.
Sysdig Secure 3.0 also includes the first incident response and audit tool for Kubernetes. Enabling these capabilities are three new features: Kubernetes Policy Advisor, Falco Tuning, and Activity Audit. With the Kubernetes Policy Advisor, Sysdig Secure auto-generates Pod Security Policies (PSP) to decrease the time spent configuring security.
Sysdig Secure is built on Falco, an open source Kubernetes runtime security project that was originally started by Sysdig and since October 2018, it has been a CNCF Sandbox Project.
With Activity Audit, Sysdig Secure captures container activity, including commands, network connections, and Kubernetes API events, and correlates the information with application context and users or services from Kubernetes.
The latest release focuses on securing Kubernetes environments throughout the entire lifespan — detecting vulnerabilities and misconfigurations during the build phase, blocking threats without impacting performance during the run phase, and enabling incident response, forensics and audit.
Sysdig said it will make available Sysdig Secure 3.0 next week to all Sysdig Secure and Sysdig Secure DevOps Platform SaaS customers.