Since many breaches occur due to misconfiguration, Sysdig has moved to collect more ‘infrastructure-as-code‘ expertise by entering an agreement to acquire Apolicy.
To that end, and as a cloud-native security company, Sysdig looks to leverage Apolicy’s Policy-as-code for purposes of remediation, enforcing policy, and identifying risk.
Apolicy was founded in 2019 and builds products that offer capabilities to scan IaC templates for tools like Kustomize, Helm, and Terraform, to find misconfigurations by cross-checking them with the implemented policies.
The invaluable capabilities of Apolicy
The tool uses the open policy agent but also has policies for compliance and governance automation too. If runtime drifts are detected, Apolicy can map them back onto the IaC configuration and recommend remediation via a pull request.
Other functionalities of the platform include risk prioritization (to avoid a cascading disaster), with capabilities that allow the tool to point out the affected production instances and apps so security teams can identify priority risks.
Sysdig plans to integrate Apolicy’s IaC functionality into its Secure DevOps Platform to validate IaC source code and send the results back to the users.
Sysdig plans to use Apolicy to generate PRs to implement network policies in Kubernetes, change requests/limits, and secure workload configurations using its intelligence.
“The innovation that Apolicy brings to bear is unique and highly differentiated, allowing customers to strengthen their Kubernetes and cloud security and compliance by leveraging policy as code and automated remediation workflows,” CEO Suresh Vasudevan said in a blog post about the move to buy now.
He added that Apolicy is an essential building block to deliver Sysdig’s secure DevOps vision and strengthen the company’s deep expertise in Kubernetes and cloud security.