For the previous six years, I’ve had the distinctive privilege of contributing to and witnessing the evolution of Sysdig Agent. As a Technical Author, I create academic content material that helps Sysdig clients get essentially the most worth out of it.
The Sysdig Agent, which started as a easy sniffer probing system calls, has reworked into a strong defender of cyber threats and vulnerabilities, safeguarding workloads throughout areas—and even underwater in submarines! How cool is that? Being a part of this transformation has been an incredible journey, and I’m grateful to have had a front-row seat.
My journey at Sysdig
I joined Sysdig in March 2019, six years after the creation of the open-source monitoring instrument, Sysdig, which was designed to offer deep system visibility. Constructing on this basis, Sysdig launched Falco in 2016, an open-source challenge targeted on runtime safety, detecting irregular behaviors in cloud-native environments.
I began my journey at Sysdig engaged on the Sysdig Agent documentation. On the time, the agent was primarily accountable for accumulating and reporting metrics, labels, and occasions to assist groups monitor the well being and efficiency of Linux hosts, containers, and orchestration platforms. As a technical author, I adopted an identical course of — gathering important info by testing product options, understanding utilization, and incorporating buyer suggestions, all in pursuit of uncovering and distilling what really issues.
By 2020, the Sysdig Agent had advanced considerably, reaching full Prometheus compatibility and gathering insights from varied exporters in cloud-native functions. The agent’s position expanded from easy monitoring to deep information assortment—gathering metrics, sniffing syscalls, and detecting crucial safety occasions.
Leveraging deep system visibility for complete safety
In the meantime, Sysdig shifted from a monitoring and observability platform to a complete safety platform with runtime menace detection at its core. This was a pivotal second. Falco and Sysdig Safe emerged because the pure development of our monitoring capabilities, displaying how deep system-call visibility may very well be leveraged for safety.
Initially, runtime detection was enough for addressing safety considerations. However as cyber threats grew to become extra refined, clients demanded proactive safety measures. This led to the event of:
- Container picture scanning: Figuring out vulnerabilities earlier than they may very well be exploited.
- Kubernetes safety posture administration (KSPM): Detecting misconfigurations earlier than attackers might exploit them.
Because the business advanced, so did buyer expectations. Corporations now not wished fragmented safety instruments — they sought an built-in safety strategy. This shift led to the rise of the Cloud-Native Utility Safety Platform (CNAPP) — a unified answer combining runtime safety, vulnerability scanning, and posture administration. Sysdig’s power in runtime detection grew to become a key a part of CNAPP, utilizing real-time insights to prioritize safety dangers based mostly on energetic utilization.
Simplifying the Sysdig expertise
Because the agent’s elements and capabilities grew, so did the complexity of the documentation. We confronted a number of challenges, resembling the place to put security-specific configurations — ought to they go within the agent documentation or the Sysdig Safe Information? And the way might we simplify the set up journey for patrons who purchased each Sysdig Safe and Sysdig Monitor, or these buying solely particular capabilities?
Our objectives grew to become clear:
- Reduce complexity in set up.
- Scale back configuration overhead.
- Simplify the general Person and Info expertise.
To attain this, we streamlined our safety providing into two main elements:
- Host Defend: Parts that run on the host, straight securing workloads
- Cluster Defend: Parts that leverage cloud setting information with out working on the host
With Cluster and Host Defend, we’ve made it simpler for patrons to put in and handle Sysdig elements. Cluster Scanner, KSPM Collector, Safe Admission Controller, and K8s Audit Logging have been consolidated into the Cluster Defend. Equally, Runtime Risk Detection, Host Vulnerability Scanning, KSPM for the Host, and Fast Response have been consolidated into the Host Defend. This strategy simplifies installations, upgrades, and configurations, making life simpler for patrons – together with the documentation!
Reflecting on six years at Sysdig and the long run forward
Reflecting on my time at Sysdig, I see a metamorphosis that mirrors the evolution of our expertise. As a technical author, I’ve moved past merely documenting particular person options. I now analyze the product’s habits from a consumer perspective, very similar to how Sysdig instruments observe syscalls in real-time. Understanding the ‘why’ behind every function has enabled me to spotlight consumer tales that show how every operate matches right into a broader safety technique.
Seeing the Host Defend and Cluster Defend evolve into the spine of Sysdig’s CNAPP technique has been extremely fulfilling. It’s been an honor to work alongside such a proficient staff, creating documentation that makes cloud safety less complicated and more practical. I’m extra excited than ever for what’s forward. Whether or not you’re a potential buyer looking for best-in-class cloud safety or an engineer trying to construct cutting-edge expertise, Sysdig is the place to be.
