Container security company Sysdig Inc. is beefing up its Kubernetes monitoring system with a couple of new capabilities that leverage its latest advancements in machine learning.

They include runtime profiling as well as a new user interface called Falco Rule Builder that makes it easier to create runtime security policies. Sysdig adheres to what it calls a “unified approach” to container security, which involves monitoring for threats and also providing forensic tools to investigate any potential issues.

The company sells a “cloud native intelligence platform” based on two open-source projects it leads: its namesake, the Sysdig forensics platform, and the Sysdig Falco security project. The software is meant to secure deployments of application containers, which are used by developers to build apps just once that can then run on any platform.

One of the main components of Sysdig’s platform is Sysdig Secure, which gives enterprises a way to monitor the health and performance of their Kubernetes environments. That’s important because Kubernetes is the most popular software used to manage large clusters of software containers.

The new runtime profiling feature in Sysdig Secure works by creating what the company calls a “learned container profile” that provides information on the normal processes, file system activity, networking behavior and system calls of each container image. Once this profile has been established, DevOps and security teams can use it to create a policy set that’s automatically applied to each application. The applied policy helps to ensure that admins are alerted to any abnormal behavior that could indicate a security breach.

“With machine learning, Sysdig understands all of the container and environment data, can learn the behavior, and generate a runtime profile that can be adapted based on the container and environment, with the end result being detection and response to anomalies in real time,” Loris Degioanni, founder and chief technology officer of Sysdig, said in a statement.

Sysdig argues that its method of machine learning-based profiling is superior to manual profiling, which is often susceptible to human error and therefore not very reliable. As enterprises move applications into production, the scale, complexity and elasticity of modern environments makes it practically impossible to configure every security feature manually, especially in real time as containers and vulnerabilities change, the company said. That means human error is inevitable.

As for the Falco Rule Builder, this is a new UI that integrates with Sysdig Secure and enables teams to create the security policies based on the profiles of each container image. According to the company, it enables enterprises to interact visually with the Falco engine to create new customized policies without requiring much technical knowledge.

Sysdig said the Falco Rule Builder also includes the Falco Rule Library, which provides access to various policies for container images that have been standardized on by the Cloud Native Computing Foundation. That means developers don’t need to waste time writing any of the rules themselves.

Constellation Research Inc. analyst Holger Mueller told SiliconANGLE that many enterprises are struggling with the operational management side of Kubernetes, and that this presents an opportunity to startups such as Sysdig.

“Sysdig is leveraging machine learning to manage Kubernetes workloads more effectively, applying it to runtime profiling,” Mueller said. “As with all new capabilities, the attractiveness on paper is one thing, but real-world adoption is quite another. We will have to wait and see how many enterprises will take up Sysdig’s new features in the next few quarters.”

Image: Sysdig