Context
While Sysdig emerged in the observability space over a decade ago, the company entered the security realm in 2017, bringing container security features into its observability tools. Its offering correlates logs with the security information it collects on container workloads to identify threats. The company has grown since adding a cloud security posture management (CSPM) solution for Amazon’s AWS and the Google Cloud Platform.
News: Sysdig CNAPP
Sysdig unveiled its Cloud Native Application Protection Platform (CNAPP) in June 2023. The new offering integrates cloud detection and response (CDR) with the capabilities of Sysdig’s Falco (an open-source solution for cloud threat detection). The new offering aims to tackle the challenges facing organizations as they expand their cloud environments, providing comprehensive end-to-end detection and response capabilities. Sysdig CNAPP offers real-time insights and instantaneous breach prevention by combining agent and agentless deployment models.
A key feature of Sysdig CNAPP is its agentless cloud detection, powered by Falco, a renowned open-source solution for cloud threat detection. This allows organizations to process cloud logs and identify threats across the cloud, identity, and software supply chain without deploying additional agents. This approach not only enhances threat detection but also conserves time and resources.
Sysdig CNAPP offers Okta detections, which integrate real-time cloud and container activity with Okta events to detect identity threats and proactively safeguard the cloud environment. Additionally, GitHub detections enable real-time alerts for critical events, such as unauthorized actions in the software supply chain.
The offering provides comprehensive threat detection across various cloud elements, including workloads, identities, cloud services, and third-party applications. The integration of CDR with Falco’s capabilities reflects the company’s commitment to equipping organizations with tools to address evolving cloud security challenges.
News: Sage AI
Sysdig leverages generative artificial intelligence (AI) and large language models (LLM) in its latest offering, Sage AI. The new offering simplifies cloud security management and facilitates rapid responses to incidents. By incorporating advanced multi-step reasoning, multi-domain correlation, and actionable insights, Sage AI serves as an assistant aimed at streamlining incident management and bolstering security response efforts.
A distinct element of Sysdig’s approach is its sophisticated integration of LLMs. Instead of a basic wrapper around an LLM API, such as the one offered by OpenAI, the company has developed an “LLM controller” that orchestrates requests to various LLMs. This controller also sanitizes data to enhance accuracy and mitigate the risks associated with potential AI errors. A key emphasis lies on multi-step reasoning, ensuring that LLMs take multiple sequential steps to arrive at answers, thereby fortifying the reliability of outcomes.
Incorporating the open-source LangChain technology further enriches the capabilities of the LLM Controller. This technology, initially designed for chaining LLM requests, has been tailored by Sysdig to meet the unique demands of cybersecurity.
Analysis
It’s a natural path from observability into cybersecurity, one that’s been taken by many players in the space. Dynatrace, Datadog, and even Cisco, with its AppDynamics, all leveraged their roots in observability into the security space. Sysdig isn’t intimidated by its long list of direct competitors, with the company continuing to innovate and win share in the markets in which its playing.
There’s far more going on at Sysdig than I’ve touched on here. The company in recent weeks became the first vendor on the new Gartner Peer Insights for CNAPP, released its 2023 Cloud Threat Report, and even announced that its Sysdig Threat Research Team discovered a new attack operation they’ve dubbed LABRAT. It’s showing good momentum.
Under the leadership of CEO Suresh Vasudevan, who shepherded Nimble Storage through its IPO and subsequent acquisition by Hewlett Packard Enterprise, Sysdig has become one of the fastest-growing CNAPP vendors in the industry. Sysdig doesn’t disclose financial information, but in a press release back in January, the company indicated that in 2022 it doubled the number of new customers, and that its top sixty customers generate on average more than $1M in ARR.
Sysdig’s offerings provide full protection across the entirety of the application lifecycle, including the software supply chain. It’s leveraging new technologies, such as generative AI, in unique and exciting ways. Keeping a company’s data secure is job one for any IT organization. Sysdig has proven that it has what it takes to help nearly any IT organization stay secure.
