Sysdig Secure POV

[NickCorcoran]

Describe the issue Need to evaluate Sysdig Secure to validate claims and see if it will meet our needs.

Additional context Add any other context, attachments or screenshots

How does this benefit the users of our platform?

• Increased network visibility on security events
• better correlation of config weaknesses/vuln components to security events
• easier rules setup?
• easier pipeline integration?

Definition of done

• [x] Share cloud security schedule for review by Sysdig
• [x] Get feedback on any gaps for cloud security schedule
• [x] Evaulate Configuration Management – inspect context on implications to misconfigurations and where to find/fix them.
• [ ] Evaluate Runtime Security – Experiment with options for enforcement actions (kill, block, pause).
• [ ] Evaluate Network Visibility – Provides a better overall experience and gives specific details on processes and policy violation actions.
• [ ] Evaluate Incident Response (IR) and Forensics – RapidResponse, process captures (automated or manual) which can be triggered on a policy violation and replayed to understand processes over time executed against a resource (includes commands and disk reads/writes).
• [ ] Evaluate notification pushes to Sentinel
• [ ] Document findings and provide summary to exec

[NickCorcoran]

Obtained most recent security certification information.