Sysdig
HEADQUARTERS
FOUNDED
FUNDING
San Francisco, CA
$729.5M Series G
2013
FOUNDERS
Loris Degioanni
EMPLOYEES
870
PRIVATE | PUBLIC
Private
COTS, OSS
COTS | OSS
USE CASES
Container Runtime Security
GTM Insights
Twistlock has issues! - high number of alerts, false positives, result of the forced marriage with Prisma caused a drift.
Don't rely too heavily on AI - human-driven
Architecture
eBPF or Kernel Modules (KMod) - different than Twistlock. Provides access to more types of workloads/running processes. KMod is faster, but both deploy as a daemon set.
working on eBPF Core to make it more portable
support for Bottlerocket OOB
Runtime Protection:
Everything from runtime perspective - correlating active calls to the actual libraries in your container images. Level of forensics sets apart from everyone else out there.
Instead of scanning an image and showing CVEs. Sysdig looks at CVEs, but then looks at which are being actively called, then can filter against current exploits
Automated Policy Enforcement & Rules:
Network Segmentation:
Risk Assessment:
Integration with CI/CD pipelines:
Threat Detection:
Falco and Sysdig threat feeds
not just heuristic evidence, but behavior to determine IOCs
NVD, exploitDB, and a 3rd party feed
Compliance Monitoring:
Drift detection - even if no policy, can still determine drift. Sysdig Monitor looks at all and any deviations, including resource utilization (logs and metrics)
Forensic Analysis:
Yes
Configuration Management:
CSPM
Access Control:
Integration with Orchestration Tools:
File Integrity Monitoring: