Sysdig Secure POV

[NickCorcoran]

Describe the issue Need to evaluate Sysdig Secure to validate claims and see if it will meet our needs.

Additional context Add any other context, attachments or screenshots

How does this benefit the users of our platform?

• Increased network visibility on security events
• better correlation of config weaknesses/vuln components to security events
• easier rules setup?
• easier pipeline integration?

Definition of done

• [x] Share cloud security schedule for review by Sysdig
• [x] Get feedback on any gaps for cloud security schedule
• [x] Evaulate Configuration Management – inspect context on implications to misconfigurations and where to find/fix them.
• [x] Evaluate Runtime Security – Experiment with options for enforcement actions (kill, block, pause).
• [x] Evaluate Network Visibility – Provides a better overall experience and gives specific details on processes and policy violation actions.
• [x] Evaluate Incident Response (IR) and Forensics – RapidResponse, process captures (automated or manual) which can be triggered on a policy violation and replayed to understand processes over time executed against a resource (includes commands and disk reads/writes).
• [x] Evaluate notification pushes to Sentinel
• [x] Document findings and provide summary to exec

[NickCorcoran]

Obtained most recent security certification information.

[NickCorcoran]

Network vis does not provide source IPs (similar to ACS). Just global ingress/egress.

[NickCorcoran]

Figured out that sysdig does not support url path s3 buckets, only bucket.namespace.host structure. They are investigating further, but for PoV, will stop there. Can always do push to an actual Amazon s3 bucket if needed after.

[NickCorcoran]

Tested process captures and analysis.

[NickCorcoran]

Did not test Rapid Response. Unknown how we might utilize that function - better to request help from DXC team vs shutting things down other ways.

[NickCorcoran]

Recruited a few ppl to review and provide feedback: Jason, Marco, Wade S., Pierre