4 min Security

Docker locker, Sysdig partnership secures cloud-native apps

Docker locker, Sysdig partnership secures cloud-native apps

Docker and Sysdig have partnered to provide a new layer of real-time cloud-native security strengthening technologies that – the companies hope – will work to reduce software supply chain vulnerabilities across the multiple application and data tool topographies that exist in real world cloud environments. But what is each firm known for, how do these combined technologies marry-up so well… and what will be the end result benefit for systems engineers, the developers they serve and the end users who will ultimately touch the cloud applications here being secured?

Sysdig is a company that provides a technology designed to stop cloud attacks. Capable of working in what its engineers say is real-time, Sysdig is said to be able to ‘instantly detect’ changes in risk with runtime insights making use of open source Falco, a cloud-native runtime security tool for Linux operating systems created by Sysdig, but now a Cloud Native Computing Foundation (CNCF) project.

“At its core, Falco is a kernel monitoring and detection agent that observes events, such as syscalls (system calls), based on custom rules. Falco can enhance these events by integrating metadata from the container runtime and Kubernetes. The collected events can be analysed off-host in SIEM or data lake systems,” note the project leaders.

As many will know, Docker is an open source software platform used to create, deploy and manage virtualised application containers on a common operating system (OS), with an ecosystem of allied tools. The Docker collaborative application development platform provides developers with an integrated, reliable and secure workflow that accelerates app delivery from code to the cloud. 

Why all the contextualisation?

Because Sysdig and Docker this month announced the integration of Sysdig runtime insights into Docker Scout to help developers prioritise risk and move faster. Docker Scout is a technology designed to analyse (typically cloud-native) compute and storage images to help software application development professionals understand their dependencies and potential vulnerabilities.

Leaner & cleaner container images

Working together, the two companies say they will help reduce software supply chain noise, prioritise the insights that matter and build ‘leaner’ container images. Sysdig is the first runtime security integration into Docker Scout.

Clearly, attack surfaces are larger in the cloud and attackers move faster. A lack of aggregation and correlation of data sets hidden across multiple tools results in decisions being made without context and teams moving too slow. Developers need the context of what is running in their cloud environment to gain visibility and to prioritise the threats that matter. Without it, they may waste time attempting to triage monitoring insights, or they ignore alerts that could lead to the next breach.

“Organizations need to strengthen security across the entire software lifecycle. With Docker Scout, Docker is giving developers the power to build more secure images from the start. Incorporating Sysdig runtime insights means users can save time by focusing on the real risks exposed in production. Our partnership will help teams to both shift left and shield right to protect against breaches without slowing innovation,” said Bryan Smoltz, vice president of technology alliances at Sysdig.

CNAPP – cloud-native application protection platform 

By using the real-time insights from production – such as in-use vulnerabilities and permissions and multidomain correlation – Sysdig, a cloud-native application protection platform (CNAPP), connects the dots and identifies top risks across the software life cycle. 

Docker Scout provides developers with insights across the software supply chain via context-aware recommendations that typically result in improved application reliability and security. With this partnership, built on a shared open source heritage and commitment to cloud-native innovation, Sysdig and Docker claim to be able to add additional layers of runtime security that bring better visibility while empowering development and security teams to target real, imminent risk. 

Secure shipping 

With the Sysdig runtime insights integration working with Docker Scout, developers are promised the ability to ship more secure images. Developers can compare images during the build phase with those running in production to identify risk, eliminate unnecessary packages and build leaner container images with a smaller attack surface. 

This whole partnership moves towards a shift-left move in container security. Shift-left security in this context means teams can make better-informed decisions earlier in the development process. With Docker and Sysdig, image analysis can be correlated with runtime context to generate actionable insights for securing the software supply chain.

What all this leads to is the point where we should be able to accelerate cloud-native application delivery. Software validation processes are faster when informed by the type of runtime insights on offers here and, crucially, this means that systems engineers can identify imminent risks that require immediate remediation, meaning (in theory at least) that developers can focus on innovation and deliver cloud-native applications faster.

Image: Sysdig video