Teaming up with Sysdig to deliver developer and runtime Kubernetes security
source link: https://snyk.io/blog/snyk-teaming-up-with-sysdig/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Teaming up with Sysdig to deliver developer and runtime Kubernetes security
Jim Armstrong
February 16, 2022
Today, we’re excited to announce a partnership with Sysdig to provide container and Kubernetes security together — from code to cluster. Together, Snyk and Sysdig can help developers secure code and containers in development, protect the runtime Kubernetes environment, and deliver feedback and visibility from production back to developers, eliminating the noise of container vulnerabilities. Containers have been a foundational technology enabler in the DevOps movement, and Kubernetes has brought scale and flexibility to the process of deploying multiple containerized workloads across every cloud. Now, for the first time, there’s a security solution that spans the full cycle of DevOps practices for container workloads. It enables developers to build safer containers to run their applications, resulting in a more secure production environment and an ongoing feedback loop for improving and fixing critical issues.
Combining development and runtime security to eliminate vulnerability noise
Developers already have to deal with increasing security work spanning several aspects of an application: the code and dependencies, the deployment configuration, and the containers that ship and run code. At the same time, security and operations teams working with live environments have to manage these vulnerabilities and issues en masse: hundreds of vulnerabilities spanning thousands of containers and many clusters. They need developers on board to fix security issues. But container vulnerabilities have been particularly thorny, due to a lack of systems expertise on dev teams and the clunky nature of legacy vulnerability tools. As a result, some vulnerabilities can take up to six months to fix, extending the security backlog for developers and clouding the risk picture for security and operations teams.
Snyk Container already provides early feedback in the development process, guiding container users when better base images are available. These alternate images are more secure, updated, and often slimmer. This step alone can cut out 70% or more of initial vulnerabilities. But that still leaves 30% of the vulnerabilities — and with hundreds of vulnerabilities in some container images, handling that 30% can be a daunting task for developers.
With Sysdig’s runtime intelligence, we’re now able to provide advanced prioritization for container vulnerabilities. No longer is the container a mysterious and noisy collection of packages and vulnerabilities — developers have visibility into exactly which packages are being used when their container is running, and the vulnerabilities affecting those executed packages. Developers can clearly see which issues are the most important to fix, and with this additional feedback, they can fix critical issues faster. In turn, security and ops teams can focus their attention on real-time threats and incident response, instead of tedious vulnerability management tasks.
Why we’re partnering with Sysdig
We’re excited to partner with Sysdig because we share a common vision for enabling organizations embracing DevSecOps to have a complete view of security and performance, throughout the lifecycle of applications and the cloud-native stack. While our technical integration is focused on containers and Kubernetes, the combination of the full Snyk and Sysdig platforms secures everything: from the code a developer writes in their IDE to the full infrastructure running the Kubernetes cluster. It provides the tools developers, security, and operators need for vulnerabilities, real-time threat response and analysis, and cluster and application monitoring and troubleshooting. For Sysdig’s take on how integrated prioritization aligns developers and SecOps to enable focused remediation, read their blog post.
Additional Resources
To help you get started and see the integration in action, we have two webinars planned.
- Join us March 2 at 3pm for a Security Boulevard demo-led webinar with experts from Snyk, Sysdig, and AWS.
- On March 10, Sysdig and Snyk will team up again to demonstrate ways to use the new integration to eliminate noise from code to production.
We’re excited to have you test it out and let us know what you think. We’re already planning the next features in our integration with Sysdig, and we’d love to hear your thoughts on what else we can do to help you keep using containers and Kubernetes, and stay secure.
Log4Shell resource center
We’ve created an extensive library of Log4Shell resources to help you understand, find and fix this Log4j vulnerability.
Recommend
-
32
Securing Kubernetes with GKE and Sysdig Falco 2018-10-04adminGoogleCloud
-
42
【编者的话】随着容器技术的兴起,容器运行时的安全监控也成为各方关注的焦点。在各行各业积极上云的今天,如何及时准确发现容器环境内部的安全威胁并进行告警和处置,是容器平台开发运维和应急响应团队必须考虑的问题。Falco作为一款为云原生平台设计的进程...
-
26
Falco 是一个云原生运行时安全系统,可与容器和原始 Linux 主机一起使用。它由 Sysdig 开发,是 Cloud Native Computing Foundation(云原生计算基金会)的一个
-
9
《 Sysdig 2021容器安全和使用现状报告 》强调指出了容器安全左移的趋势。此外,报告中分析的镜像在基本安全设置(provision)上依然存在不足之处。 Sy...
-
2
Sysdig buys 'policy as code' startup Apolicy to automate compliance and governance ...
-
4
Thursday, 16 December 2021 12:40 Sysdig, the leader in unified container and cloud security, raises US$350M in Series G financing at US$2.5 billion valuation By Sysdig
-
7
Thursday, 17 February 2022 10:57 Sysdig and Snyk announce container security partnership By Sysdig COMPANY NEWS: Sysdig, the unified container and cloud security lea...
-
6
Sysdig Cloud Native Security and Usage Report, with Anna Belak Copyright © 2018-2020 Google, LLC. All rights reserved. #169 February 23, 2022...
-
11
News Sysdig container security tool prioritizes vulnerabilities, reduces alerts Sysdig's new Risk Spotlight is...
-
4
Sysdig releases new Kubernetes troubleshooting tool
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK