You are on page 1of 7

Like every major platform shift, the move to containers

and microservices triggers the need to rethink the tooling


required to secure your infrastructure effectively. In this
scorecard we’ll cover the key areas you need to think about
to support your microservice infrastructure and secure
your dynamic technical and business requirements.
WE’LL COVER

Installation & Data Collection. ​What you need to consider when selecting
tooling to support your current and future infrastructure.

Run-time Security. ​How to detect and block attacks on microservices.

Incident Response & Forensics. ​How to manage your threat landscape


effectively to respond & recover from incidents.

Network​ ​Security. ​What to consider now that your network has an increasing
amount of connections that are constantly moving.

Administration. ​What level of work will be required to get users onboarded


and comfortable with the software. Will it integrate with my existing tooling?

Company Execution. ​Does the vendor have experience in legacy


environments or are they cloud native?

SCORING SCALE

Please input the response in the boxes below that you feel best describe the capabilities
of each vendor you’re considering using the following scale.

0​ - The vendor doesn’t have it.


1​ - Very basic, needs significant development
2​ - Fine, could benefit from more development
3​ - Neutral
4​ - Good, capable and effective
5​ - Excellent, the role model
SYSDIG Alternate Alternate EVALUATOR'S
FEATURES
SECURE Vendor Vendor NOTES

INSTALLATION / DATA COLLECTION

Offers Cloud Solution


Offers On-Prem Software Solution
Google Cloud API Integration
Kubernetes Integration
Docker Swarm / EE Integration
Mesos / DCOS Integration
Complexity of agent installation
Single instrumentation point for all
containers & apps on host
Linux Agent
Windows agent
Agent deploys on AWS
Agent deploys on Azure
Agent deploys on Google Cloud
Agent deploys on GKE
(Google Container Engine)
Agent deploys on AWS ECS
(Elastic container Service)
Same agent provides monitoring in addition to
security policy enforcement
Red Hat Enterprise Linux support
Sub Total
SYSDIG Alternate Alternate EVALUATOR'S
FEATURES
SECURE Vendor Vendor NOTES

RUNTIME SECURITY

Robust set of base policies


Cluster/Orchestration management integration
Policies that can be scoped by any piece of cloud
provider, host, container, or orchestration
metadata
Security policies that update based on
container and orchestration deployment
Behavioral threat detection: hosts
Behavioral threat detection: containers
Ability to quarantine containers
based on policy violations
Kill containers based on policy violations
Image Verification
Integrates with your CI/CD Pipeline
Container Scanning
Backed by Opensource Community
Host Intrusion Detection
Sub Total
SYSDIG Alternate Alternate EVALUATOR'S
FEATURES
SECURE Vendor Vendor NOTES

INCIDENT RESPONSE & FORENSICS

Activity auditing
Service-based forensics
Auto correlation between user,
process, & network activity
Breach Replay & Rewind
Sub-second network and system captures
Ability to capture system traces upon alert trigger
Ability to take captures outside of production
environments and do analysis in a local
environment
Ability to see full network payload and file
contents surrounding any policy violation

Logs all user commands on hosts

Logs all user commands inside containers


Correlates all user commands
across orchestrated services
Sub Total

NETWORK SECURITY

Recognizing unexpected inbound and


outbound connections

Network segmentation: containers


Recognizing network utilization that
violates policies
Maps all ingress and egress activity
between containers

Maps all ingress and egress activity between hosts


Provides all local and remote IP connections and
utilizations for orchestrated services
Sub Total
SYSDIG Alternate Alternate EVALUATOR'S
FEATURES
SECURE Vendor Vendor NOTES

ADMINISTRATION

Ability to isolate users to specific data (Teams)


based on physical resources
Ability to isolate users to data based on
logical resources via orchestrator (Teams)

LDAP Integration

Single sign on

API Access
Administrator's Dashboard for Status
of all agents, policies etc.
Robust integrations for alert outputs
(PagerDuty, Slack, etc)

Webhook output
Sub Total

COMPANY / EXECUTION

Responsive Support
Customer Success / Technical Account
Management
Live Chat within Application
Roadmap
Stable company
Experienced team / track record

Pricing Structure
Sub Total
SUMMARY SCORECARD
SYSDIG Alternate Alternate
FEATURES
SECURE Vendor Vendor

INSTALLATION / DATA COLLECTION

RUNTIME SECURITY

INCIDENT RESPONSE & FORENSICS

NETWORK SECURITY

ADMINISTRATION

COMPANY / EXECUTION

Total Scores