Sysdig’s mission has changed since it emerged ten years ago as a vendor of observability tools. Today, Sysdig says its mission is to “make every cloud deployment secure and reliable.” We do this by extending our expertise in cloud observability to a wide range of cybersecurity products.
Sysdig entered the security space in 2017, incorporating container security features into its observability tools. The product correlates logs with security information collected on container workloads to identify threats. The company has grown since adding cloud security posture management (CSPM) solutions to Amazon’s AWS and Google Cloud Platform.
Continuing this momentum, Sysdig released a new CNAPP product earlier this summer, a unique and valuable use of generative AI to secure the cloud. Let’s take a look at what the company has done so far.
Sysdig CNAPP
Last month Sysdig announced the Cloud Native Application Protection Platform (CNAPP). This new product integrates cloud detection and response (CDR) with the capabilities of Sysdig’s Falco, an open source solution for cloud threat detection. This new product aims to address the challenges organizations face as they scale their cloud environments, providing comprehensive end-to-end detection and response capabilities. Sysdig CNAPP combines agent and agentless deployment models to provide real-time insight and immediate breach prevention.
A key feature of Sysdig CNAPP is agentless cloud detection powered by Falco, a popular open source solution for cloud threat detection. This enables organizations to process cloud logs and identify threats across cloud, identity and software supply chains without deploying additional agents. This approach not only enhances threat detection, but also saves time and resources.
Sysdig CNAPP integrates real-time cloud and container activity with Okta events to detect identity threats and provide Okta detection to proactively protect cloud environments. In addition, GitHub discovery enables real-time alerting on critical events such as unauthorized actions in the software supply chain.
The product provides comprehensive threat detection across various cloud elements including workloads, identities, cloud services and third-party applications. The integration of CDR and Falco capabilities reflects the company’s commitment to providing organizations with the tools to meet evolving cloud security challenges.
Bringing generative AI to cloud monitoring and security
Sysdig harnesses the power and potential of Generative Artificial Intelligence (AI) and Large Language Models (LLM) with its latest product, Sage AI. New product simplifies cloud security management and facilitates rapid incident response. By incorporating advanced multi-step reasoning, multi-domain correlation, and actionable insights, Sage AI acts as an assistant aimed at streamlining incident management and enhancing security response efforts.
A distinctive element of Sysdig’s approach is the high degree of integration of LLMs. Instead of a basic wrapper around the LLM API like OpenAI provides, the company has developed an “LLM Controller” that coordinates requests to various LLMs. This controller sanitizes data to improve accuracy and reduce risks associated with potential AI errors. The key is in multi-step reasoning, ensuring that LLM takes multiple sequential steps to arrive at the answer, increasing confidence in the results.
Incorporating the open source LangChain technology further enhances the functionality of the LLM Controller. This technology was originally designed for chaining LLM requests, but has been tailored by Sysdig to meet the unique demands of cybersecurity.
There is no doubt that IT departments face a cybersecurity skills shortage. Lack of skilled professionals. At the same time, businesses of all sizes are under constant attack. Sage AI can help with this, potentially enhancing efficiency, effectiveness, and resource allocation in threat detection and infrastructure security.
Analyst view
This is the natural path from observability to cybersecurity, and one that has been followed by many in the field. Dynatrace, Datadog, and even Cisco with his AppDynamics all leverage their roots in observability into the security space. Not intimidated by a long list of direct competitors, Sysdig continues to innovate and win share in the markets in which it operates.
There’s a lot more going on with Sysdig than what’s covered here. In recent weeks, the company has become the first vendor in the new Gartner Peer Insights for CNAPP to release its 2023 Cloud Threats Report, further announcing that the Sysdig threat research team has discovered a new attack operation he dubs LABRAT. did. It’s showing good momentum.
Under the leadership of CEO Suresh Vasudevan, who led Nimble Storage through its IPO and subsequent acquisition by Hewlett Packard Enterprise, Sysdig has become one of the fastest growing CNAPP vendors in the industry. Sysdig does not disclose financial information, press release The company suggested in January that the number of new customers will double in 2022, with its top 60 customers generating an average ARR of more than $1 million.
Sysdig’s products provide complete protection across the entire application lifecycle, including the software supply chain. We harness new technologies like generative AI in unique and exciting ways. Keeping corporate data safe is an important job for any he IT organization. Sysdig has proven it has what it takes to keep nearly any IT organization secure.
Disclosure: Steve McDowell is an industry analyst and NAND Research is an industry analyst firm engaged in research, analysis and advisory services with many technology companies, including those mentioned in this article, or engaged. McDowell has no equity positions in any of the companies mentioned in this article.