Sysdig’s mission has shifted since emerging a decade ago as an observability tools vendor. Today, Sysdig says its mission is “to make every cloud deployment secure and reliable.” It’s done this by extending its expertise in cloud observability into an impressive range of cybersecurity offerings.
Sysdig entered the security realm in 2017, bringing container security features into its observability tools. Its offering correlates logs with the security information it collects on container workloads to identify threats. The company has grown since adding a cloud security posture management (CSPM) solution for Amazon’s AWS and the Google Cloud Platform.
The momentum continues, with Sysdig releasing a new CNAPP offering earlier this summer and a unique and valuable use of generative AI to help secure the cloud. Let’s look at what the company’s been up to.
Sysdig CNAPP
Last month Sysdig unveiled its Cloud Native Application Protection Platform (CNAPP). The new offering integrates cloud detection and response (CDR) with the capabilities of Sysdig’s Falco (an open-source solution for cloud threat detection). The new offering aims to tackle the challenges facing organizations as they expand their cloud environments, providing comprehensive end-to-end detection and response capabilities. Sysdig CNAPP offers real-time insights and instantaneous breach prevention by combining agent and agentless deployment models.
A key feature of Sysdig CNAPP is its agentless cloud detection, powered by Falco, a renowned open-source solution for cloud threat detection. This allows organizations to process cloud logs and identify threats across the cloud, identity, and software supply chain without deploying additional agents. This approach not only enhances threat detection but also conserves time and resources.
Sysdig CNAPP offers Okta detections, which integrate real-time cloud and container activity with Okta events to detect identity threats and proactively safeguard the cloud environment. Additionally, GitHub detections enable real-time alerts for critical events, such as unauthorized actions in the software supply chain.
The offering provides comprehensive threat detection across various cloud elements, including workloads, identities, cloud services, and third-party applications. The integration of CDR with Falco’s capabilities reflects the company’s commitment to equipping organizations with tools to address evolving cloud security challenges.
Bringing Generative AI to Cloud Monitoring & Security
Sysdig is embracing the power and potential of generative artificial intelligence (AI) and large language models (LLM) with its latest offering, Sage AI. The new offering simplifies cloud security management and facilitates rapid responses to incidents. By incorporating advanced multi-step reasoning, multi-domain correlation, and actionable insights, Sage AI serves as an assistant aimed at streamlining incident management and bolstering security response efforts.
A distinct element of Sysdig’s approach is its sophisticated integration of LLMs. Instead of a basic wrapper around an LLM API, such as the one offered by OpenAI, the company has developed an “LLM controller” that orchestrates requests to various LLMs. This controller also sanitizes data to enhance accuracy and mitigate the risks associated with potential AI errors. A key emphasis lies on multi-step reasoning, ensuring that LLMs take multiple sequential steps to arrive at answers, thereby fortifying the reliability of outcomes.
Incorporating the open-source LangChain technology further enriches the capabilities of the LLM Controller. This technology, initially designed for chaining LLM requests, has been tailored by Sysdig to meet the unique demands of cybersecurity.
There’s no question that IT faces a cybersecurity skills shortage – there aren’t enough skilled practitioners. At the same time, businesses of every size find themselves under continual attack. Sage AI helps with this, holding the potential to enhance efficiency, effectiveness, and resource allocation in threat detection and infrastructure security.
Analyst’s Take
It’s a natural path from observability into cybersecurity, one that’s been taken by many players in the space. Dynatrace, Datadog, and even Cisco, with its AppDynamics, all leveraged their roots in observability into the security space. Sysdig isn’t intimidated by its long list of direct competitors, with the company continuing to innovate and win share in the markets in which its playing.
There’s far more going on at Sysdig than I’ve touched on here. The company in recent weeks became the first vendor on the new Gartner Peer Insights for CNAPP, released its 2023 Cloud Threat Report, and even announced that its Sysdig Threat Research Team discovered a new attack operation they’ve dubbed LABRAT. It’s showing good momentum.
Under the leadership of CEO Suresh Vasudevan, who shepherded Nimble Storage through its IPO and subsequent acquisition by Hewlett Packard Enterprise, Sysdig has become one of the fastest-growing CNAPP vendors in the industry. Sysdig doesn’t disclose financial information, but in a press release back in January, the company indicated that in 2022 it doubled the number of new customers, and that its top sixty customers generate on average more than $1M in ARR.
Sysdig’s offerings provide full protection across the entirety of the application lifecycle, including the software supply chain. It’s leveraging new technologies, such as generative AI, in unique and exciting ways. Keeping a company’s data secure is job one for any IT organization. Sysdig has proven that it has what it takes to help nearly any IT organization stay secure.
Disclosure: Steve McDowell is an industry analyst, and NAND Research an industry analyst firm, that engages in, or has engaged in, research, analysis, and advisory services with many technology companies, which may include those mentioned in this article. Mr. McDowell does not hold any equity positions with any company mentioned in this article.
Read the full article here