Sysdig, a former container observability vendor that has recently transitioned into a cloud-native application security provider, has impressed a large customer with its prowess in runtime threat detection and response. The company pivoted into cloud security posture management (CSPM) in 2021 and has since embraced the cloud-native application protection platform (CNAPP) category. The latter includes application security tools for developers and runtime security tools for application protection. Sysdig favors the collection of raw events and logs rather than aggregating data, an approach that worked well for BigCommerce, an e-commerce company that chose Sysdig after testing five tools. In comparison to its nearest competitor, Sysdig performed file integrity monitoring, a critical compliance process, in less than 10 minutes. The latter took 15 minutes to deliver aggregated results. Sysdig plans to draw on its existing vulnerability scanning feature to add automated vulnerability fixes, which could displace at least one other vendor and lead to automated vulnerability management in the future.
Sysdig’s data collection feature is based on the open-source Falco project, which a Sysdig blog described as “a security camera for modern cloud infrastructure”. Plugins recently added to Falco help Sysdig collect data from a broader array of sources than the Kubernetes and container infrastructures where it started. The company recently updated its runtime insights feature, called Live, which maps running infrastructure and workloads to track threats as they surface.
The CNAPP market includes over 25 representative vendors, according to Gartner’s 2023 market guide. Sysdig is relatively new to the market, but its open-source roots in Falco and ability to offer both runtime and static vulnerability detection could work in its favor as enterprises replace legacy security tools with new vendors such as Sysdig, which has gained wide adoption of Falco. As vendors try to address security challenges associated with modern software development and distributed cloud infrastructures, comprehensive data collection is unlikely to be a selling point for most enterprises. Instead, vendors that can monitor applications, components, and how they interact with resources and provide visibility and context to understand exposure to threats and possible attack paths could have an advantage in this market.