top of page
Untitled design (1).png
GTM Research Logo (6).png

Sysdig

Enterprise Applicablity
HEADQUARTERS
FOUNDED
FUNDING

San Francisco, CA

$729.5M Series G

2013

FOUNDERS

Loris Degioanni

EMPLOYEES

870

PRIVATE | PUBLIC

Private

COTS, OSS

COTS | OSS
USE CASES

Container Runtime Security

GTM Insights

Twistlock has issues! - high number of alerts, false positives, result of the forced marriage with Prisma caused a drift.


Don't rely too heavily on AI - human-driven


Architecture

  • eBPF or Kernel Modules (KMod) - different than Twistlock. Provides access to more types of workloads/running processes. KMod is faster, but both deploy as a daemon set.

  • working on eBPF Core to make it more portable

  • support for Bottlerocket OOB

Runtime Protection:

  • Everything from runtime perspective - correlating active calls to the actual libraries in your container images. Level of forensics sets apart from everyone else out there.

  • Instead of scanning an image and showing CVEs. Sysdig looks at CVEs, but then looks at which are being actively called, then can filter against current exploits

Automated Policy Enforcement & Rules:


Network Segmentation:


Risk Assessment:


Integration with CI/CD pipelines:


Threat Detection:

  • Falco and Sysdig threat feeds

  • not just heuristic evidence, but behavior to determine IOCs

  • NVD, exploitDB, and a 3rd party feed

Compliance Monitoring:

  • Drift detection - even if no policy, can still determine drift. Sysdig Monitor looks at all and any deviations, including resource utilization (logs and metrics)

Forensic Analysis:

  • Yes

Configuration Management:

  • CSPM

Access Control:


Integration with Orchestration Tools:


File Integrity Monitoring:






bottom of page