In this blog, we introduce the new integration between Sysdig Secure and Red Hat Advanced Cluster Management for Kubernetes® which protects containers, Kubernetes, and cloud infrastructure with out-of-the-box policies based on the Falco open source runtime security project.

Organizations are quickly growing their Kubernetes footprint and need ways to achieve consistent management and security across clusters. Sysdig and Red Hat are collaborating to help users deploy applications, simplify management, and enforce configuration and policy management across multiple clusters at scale.

What is Red Hat Advanced Cluster Management for Kubernetes?

Red Hat Advanced Cluster Management for Kubernetes is a management solution designed to help organizations extend and scale Red Hat OpenShift, the leading enterprise Kubernetes platform. As cloud teams deploy more and more Kubernetes clusters to support cloud-native applications, enterprises need a way to consistently manage and secure their expanding environments. Red Hat Advanced Cluster Management enables management consistency across the hybrid cloud deployments including on-premises and public clouds like Amazon Web Services, Google Cloud Platform, IBM Cloud, and Microsoft Azure.

Key capabilities of Red Hat Advanced Cluster Management for Kubernetes:

  • Unified multicluster management – Centrally create, update, and delete Kubernetes clusters across multiple private and public clouds.
  • Policy based governance, risk and compliance – Centrally set and enforce policies for security, applications, and infrastructure.
  • Advanced application lifecycle management – Define and deploy applications across clusters based on policy.
  • Centralized visibility of hybrid cloud container environment performance – Get a unified view of cluster health and performance with integrated open source projects Thanos and Grafana, making it easier to maintain optimal metrics for cluster operations.

RHACM-cluster-management

Multicluster security with Sysdig Secure and Red Hat Advanced Cluster Management

Sysdig Secure addresses the unique security challenges of containers, Kubernetes and cloud. It helps cloud teams confidently secure the build pipeline, detect and respond to runtime threats, continuously validate compliance, and perform container forensics.

Working with Red Hat, Sysdig has enabled integration of Sysdig Secure into Red Hat Advanced Cluster Management to centralize container security deployment and runtime policy management to gain deep visibility into security events. This combination helps cloud teams detect threats, enforce compliance, and audit activity in real-time across Kubernetes clusters.

Jaya Ramanathan, Distinguished Engineer, Chief Security & Governance Architect at Red Hat, explains, “The policy-based governance capability of Red Hat Advanced Cluster Management enables enterprises to operate to internal and external standards related to security, resiliency, and software engineering. Customers can implement these standards using built-in OpenShift features as well as take advantage of partner provided capabilities. Red Hat Advanced Cluster Management policies ensure these features are in place and configured to enforce industry best practices.”

“Sysdig Secure integration with Red Hat Advanced Cluster Management enables DevOps teams to use policy-based governance to ensure that container integrity monitoring controls are deployed and leveraged at scale, to detect threats and analyze root cause for quick resolution.”

How Sysdig with Red Hat Advanced Cluster Management works

Red Hat Advanced Cluster Management supports the creation of custom policies to integrate third-party controls with its governance framework. Using this framework, Sysdig has created a custom policy that deploys the Sysdig agent on all targeted clusters using the Sysdig operator.

Sysdig-RHACM-Policy

To get started, select Govern risk from the navigation menu in the Red Hat Advanced Cluster Management web console. Click Create policy and insert the pre-built policy-sysdig.yaml provided by Sysdig on GitHub.

sysdig-policy-yaml

Once you select Create, the policy ensures that the Sysdig agent is deployed to the nodes on all specified clusters. When successfully completed, a green check mark confirmation is displayed and the policy status reads Compliant, which indicates that runtime security visibility is active and available.

sysdig-policy-2

Visibility and security for containers, hosts, and Kubernetes

Sysdig Secure is built on Falco, the open source CNCF® runtime security project which is originally created by Sysdig. With the project, DevOps teams can enable out-of-the-box security and compliance policies as well as define custom security rules to detect and respond to zero-day threats and anomalous activity at runtime.

Here are a few examples of the runtime security detections included with Sysdig Secure:

Runtime security detections Reported information
Suspicious container activity Suspicious file activity
Suspicious filesystem changes Sensitive info exfiltration
Suspicious Kubernetes activity Suspicious network activity
Launching a privileged container Unexpected outbound connection destination
Unexpected process activity Unexpected spawned process
Creating a privileged pod Container drift
Terminal shell in container User management changes

 

In addition, Sysdig has translated leading security standards like NIST SP 800-190, PCI DSS, and HIPAA into a set of curated detection policies to simplify achieving compliance within your OpenShift and Kubernetes clusters.

Detections take place leveraging a single source of truth based on granular Linux syscall data, as well as other data sources such as Kubernetes Audit Logs and AWS CloudTrail. In addition to specifying what to detect, Sysdig Secure policies can be configured to send alerts and automatically remediate by triggering response actions such as pause or kill containers to block threats.

secure-actions

What’s more, you can also configure a policy to create a capture file that is a recording system activity before, during, and after a triggered event to support incident response and forensics – even after containers are gone.

As events occur across the managed OpenShift and Kubernetes cluster environments, detailed information about policy violations (including host, Kubernetes, and container location), detailed activity audit, and captured data are available to support investigation and resolution by DevOps and security teams.

secure-events-RHACM

To learn more about all of the ways Red Hat and Sysdig extend security for OpenShift environments check out the Sysdig Security Guide.

Get started today

As enterprises begin to move from initial Kubernetes deployments to running cloud-native applications across multiple clusters and clouds, the operational challenges of management, governance, compliance, and security are amplified.

Red Hat and Sysdig help provide the visibility, governance, and control that organizations need to easily grow and manage their container environments. With Red Hat Advanced Cluster Management for Kubernetes, users have a single view to create and manage clusters reliably, consistently, and at-scale. Sysdig adds the deep visibility and security automation needed to keep pace with threats, reduce risk, and confidently run containers, Kubernetes, and cloud services.

A special extended free trial of the Sysdig Secure DevOps Platform is now available for Red Hat users. You can experience the combined solution today – and it’s easy to get started. Start with the Sysdig Free Trial for Red Hat Advanced Cluster Management.