Falco Feeds extends the power of Falco by giving open source-focused companies access to expert-written rules that are continuously updated as new threats are discovered.
Cloud teams are increasingly adopting AWS container services to deliver applications faster at scale. Along with the roll out of cloud native architectures with containers and orchestration, what's needed to stay on top of the security, performance and health of applications and infrastructure has shifted. At Sysdig, we've worked with Amazon to provide tools and integrations that help secure your Cloud Native workloads deployed across all AWS container services. In this blog, we'll cover how Sysdig Secure DevOps help you embed security, maximize availability, and validate compliance across the container lifecycle on AWS.
Scanning for vulnerabilities pre-deployment on AWS
Sysdig Secure allows you to scan for vulnerabilities and misconfigurations before deployment. You will be able to catch vulnerabilities in base images, OS packages and 3rd party libraries like Python packages from PIP or Java JAR files that your developers might be pulling into their application images before they hit production.
When it comes to pre-deployment scanning, there are two typical approaches, and with Sysdig vulnerability management capabilities, you can take both: either perform image scanning from AWS ECR or implement image scanning on your AWS Code Pipelines.
Sysdig Secure allows you to validate compliance across the entire container lifecycle.
Sysdig Secure leverages Kubernetes-native controls like PSP for enforcement. You can read more about it on Pod Security Policies in production with Sysdig's Kubernetes Policy Advisor and learn about Sysdig runtime security capabilities here.
Read more on Visibility and monitoring App Mesh with Sysdig, Sysdig docs on CloudWatch, and Amazon EKS monitoring and security with Sysdig.
Sysdig's Activity Audit speeds incident response and enables audit for Kubernetes. Sysdig captures and correlates executed commands, network, and Kubernetes activity so SOC teams can spot what happened. With Sysdig captures, you can also record all container activity at a detailed level, including spawned processes, network connections, file system activity, etc., so you can understand events in detail, and conduct Kubernetes forensics even after the container is long gone.
Read more about this on Incident response in Kubernetes with Sysdig's Activity Audit.
Sysdig will deliver notifications to your alerting channels, AWS SNS or SIEM, integrating also with AWS Security Hub. This allows you to consolidate security findings across your container environments so you can view and manage security alerts, and automate compliance checks across your AWS account. Both Sysdig Secure and Falco send events to Cloudwatch through Firelens as seen on Multi-cluster security with Falco and AWS Firelens on EKS & ECS.
All of these integrations are supported by Sysdig as an AWS Advanced Partner. And, if you are looking for solutions in this area, we've made it easy for you to sign-up for a trial, purchase and install Sysdig from AWS Marketplace.