Sysdig is working with VMware to deliver enhanced microservice and cloud security. Leveraging the container runtime security capabilities of Sysdig Secure along with the operations and security policies of VMware Tanzu Service Mesh, built on VMware NSX, customers will be better able to accelerate Kubernetes and cloud adoption, as well as application modernization. As more and more organizations go multi-cloud, standardizing the management, security, and monitoring of workloads, wherever they may run, helps to smooth operations. And, by addressing the unique requirements of cloud-native environments from the start, enterprises can get a head-start on managing cloud security risk as they move to containers and Kubernetes.
Extending Tanzu Service Mesh with Sysdig Secure
Tanzu Service Mesh enables a transparent and language-independent way to observe, automate, control and better secure microservices at an API level. Sysdig Secure, part of the Sysdig Secure DevOps Platform, is a Kubernetes security and compliance solution for better securing cloud-native workloads. It embeds security into the build, run and response stages of the container lifecycle. By combining Sysdig Secure with Tanzu Service Mesh, users can increase security and compliance capabilities to prevent vulnerabilities, stop threats, accelerate incident response, and enable forensics. One of the key capabilities of Tanzu Service Mesh is to enable service owners, operators, and DevSecOps teams the ability to apply operational controls across services to help secure communications between microservices, data, and users across multiple cloud-native platforms. The integration of Sysdig Secure with Tanzu Service Mesh is targeted at extending the depth of security intelligence available for Tanzu Service Mesh users with critical findings that help drive better policy decisions. Read the blog: Forging A Path to Continuous, Risk-based Security with VMware NSX Service Mesh for additional insight into the evolution of the Tanzu security model. Extend #Kubernetes security visibility and control with Sysdig and VMware #Tanzu Service Mesh Click to tweetIncreasing visibility and control in multi-cluster environments
The unified management, global policies, and seamless communications available with Tanzu Service Mesh enable greater control across complex, multi-cluster mesh topologies regardless of where they run. This empowers developers, infrastructure operations and security teams to more effectively collaborate to enable clusters to be more secure, operate efficiently and deliver the service levels that applications expect. Visibility into security events is critical for security teams and DevOps to understand and address incidents occurring across cloud deployments in real-time. Using a third-party findings API available with Tanzu Service Mesh, policy events from Sysdig Secure can be forwarded to give additional information that will help drive remediation.Security insights with Sysdig Secure
Sysdig Secure provides threat detection and forensics capabilities that help Tanzu Service Mesh users understand their container and environment activity and take appropriate action. This not only helps provide assurance that your environment is secure, compliant, and resilient but also ensures you respond faster in the event of a security threat.Threat Detection
Runtime threat detection, built on open source Falco, helps you identify and block suspicious activity and anomalies in your container environment. Here are a few examples, including how Tanzu Service Mesh capabilities help enable your security response. Terminal shell in a container Sysdig Secure detects command-Line Interface execution (terminal shell) in a running container in violation of a configured policy. This event represents risk in that it might indicate an attacker attempting to manipulate the system, download malware, or initiate other malicious activity. By providing the details to Tanzu Service Mesh a user can then apply controls to isolate the pod/container and reduce the exposure of the activity. This capability is designed to help organizations better meet compliance, auditing and intrusion detection requirements. Attempt to search for private keys or passwords Sysdig Secure detects when a user or system performs a search for private keys or passwords. This activity represents the risk that someone is attempting to gain credentials that would allow access to systems, application or data. In this case, Tanzu Service Mesh can be used to isolate pods where this activity is taking place. MITRE ATT&CK framework detections Sysdig Secure detects system events that seem abnormal based on the adversary tactics and techniques as defined by the MITRE ATT&CK framework. From this information, activities deemed to be a threat or anomalous can be remediated by isolating the involved pods and containers.Incident Response and Forensics
After any threat has been contained using the controls available with Tanzu Service Mesh, for further incident response and forensics investigation, you can now jump into the Sysdig Secure UI and explore the details of the event:
Now you can dig deeper by checking the Activity Audit and perform a post-mortem analysis, correlating all the activities from the same context in a timeline to find the Kubernetes user that launched the shell along with the activity that happened inside that terminal session:
If the Runtime Policy that you created included triggering a capture file, you can also analyze the detailed capture information directly from the UI. This lets you inspect metrics, executed commands, system calls, sockets and files, and even examine I/O streams to check the data that was transmitted, read or written during the incident:
