Skip to main content

Key Features

Sysdig Secure protects modern, multi-cloud and containerized environments with the following core features:

Sysdig Sage

Sysdig Sage is an AI-powered security assistant built into Sysdig Secure, designed to help teams work smarter and faster. Sysdig Sage accelerates search, vulnerability management, threat investigation and response by providing precise security insights in context, and helping you navigate the user interface to better visualize and respond to threats.

Cloud-Native Application Protection Platform (CNAPP)

Sysdig Secure is a Cloud-Native Application Protection Platform (CNAPP) powered by runtime insights. It provides:
  • Risk prioritization to help you remediate the most critical security issues.
  • Real-time threat detection built on open-source Falco rules.
  • AI-powered security assistance with Sysdig Sage across Search, Vulnerability Management, and Detection and Response workflows.
  • A unified view of all cloud risks and threats with Cloud Attack Graph.

Cloud Detection & Response (CDR)

Sysdig Secure continuously monitors running workloads (such as containers and Kubernetes clusters) for suspicious activities, delivering Runtime Threat Detection and Response. Sysdig Secure uses Falco, the open-source threat detection engine, to trigger real-time alerts based on predefined or custom security policies. This enables you to prioritize active risks and stop threats in real time. Activity Audit and Forensics — provides a detailed audit trail of user and system activity. In case of an incident, it can reconstruct events to provide deep forensic insights, including which files were accessed or modified, what commands were run, and who performed specific actions.

Vulnerability Management (VM)

Vulnerability Managementscans images and running containers for vulnerabilities and provides prioritized reports, enabling teams to focus on fixing the most critical security issues. It integrates with CI/CD pipelines to ensure images are scanned before they are deployed, preventing vulnerable components from being pushed to production. Image Scanning — scans container images for known vulnerabilities in the package dependencies (e.g., OS packages, libraries). It integrates with registries and CI/CD workflows to automate image scanning throughout the development lifecycle. Integrated DevSecOps Workflow — integrates security into the DevOps pipeline, enabling organizations to shift left on security. By providing real-time feedback to developers, teams can quickly fix issues before they affect production systems.

Kubernetes and Cloud Security Posture Management

Compliance Enforcement — helps organizations meet various compliance requirements (such as PCI-DSS, GDPR, NIST) by automating configuration checks and providing audit-ready reports. It monitors for compliance at both the infrastructure and application levels. Kubernetes and Cloud Security Posture Management (CSPM) — offers deep visibility into Kubernetes clusters, allowing teams to monitor configurations, enforce security policies, and detect misconfigurations or violations of best practices. It also supports multi-cloud environments by ensuring compliance and security across AWS, Azure, and Google Cloud platforms. Security Policy Management — enables you to define and enforce custom security policies. These policies can be applied to containers, hosts, and orchestrators (Kubernetes). You can also set up runtime policies to detect and respond to unauthorized activities.