Cloud-native application security firm Sysdig Inc. today announced what it says is the first cloud security posture management offering in the industry that aggregates findings by root cause analysis and prioritizes remediation based on the potential impact they may have.
Sysdig ToDo is an actionable checklist that shows prioritized risks found within a user’s cloud infrastructure, while Remediation Guru provides guided remediation at the source. Together, they help developers and system administrators save time investigating issues with their application infrastructure, and enable a fix in seconds, with just a few clicks.
Sysdig is best known for its container security tools, which are used for securing containerized environments that host modern software applications that can run on any computing platform. Its first product was Sysdig Monitor, a cloud-native intelligence platform that helps manage large deployments of containers. These days though, it’s best known for Sysdig Secure, which detects vulnerabilities by tapping into the data generated by system calls in a container environment. With today’s announcement, it’s expanding into cloud infrastructure security too.
As the company explains, many of its customers operate hundreds of cloud accounts and services that are spread across multiple cloud environments. They tend to automate the deployment of cloud services using Infrastructure as Code. But if one of those IaC templates has a configuration error, that same mistake will be replicated across cloud environments, generating multiple alerts that quickly overwhelm cloud security teams.
Adding to their problems is the fact that policies and controls cannot easily be applied across different cloud environments. As a result, teams have to deal with inconsistencies in policies for different aspects of their software delivery pipelines, increasing the complexity they face.
With Sysdig, customers have the tools they need to rapidly find, prioritize and remediate security issues. ToDo works by aggregating the risks that have the same root cause, providing “opinionated prioritization” in order to reduce the time teams spend investigating these discoveries.
Once teams have their list of priorities to address, Remediation Guru comes in and automatically generates suggested changes to IaC templates that can then be applied with a single click. What’s more, because Sysdig provides a shared policy model, these changes can be enforced across multiple cloud and Kubernetes environments.
Sysdig said the main benefits of ToDo and Remediation Guru are that they allow teams to manage their cloud infrastructure and Kubernetes environments via a single view, with visibility extended to all of their assets across multicloud environments. What’s more, by consolidating issues based on their root cause, teams can save massive amounts of time that would otherwise be dedicated to investigating each specific issue.
“Observability has been a big trend for a long time, but what really matters is the action taken based on the observed event, so enterprises can respond to threats,” said Holger Mueller of Constellation Research Inc. “It is good to see Sysdig launching ToDo, a first approach at prioritizing and dealing with security events. As will all new offerings, we will have to see the uptake of ToDo in a few months.”
Sysdig Vice President of Security Engineering Omer Azaria said that in the cloud industry, existing security tools very often overwhelm the teams that use them. “Customers cannot wait to get their hands on ToDo prioritization and Remediation Guru tools that group issues and guide you to take the most impactful actions to improve security posture,” he said. “For example, ‘making this change to your IAC manifest file will cause 100 resources to pass a failing compliance control.’”
Sysdig said Remediation Guru is available now as a tech preview for all Sysdig Secure users, while ToDo is available on request starting today.