Sysdig: Container Security Product Overview and Analysis

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.


See our complete list of top container and Kubernetes security vendors

Company Description

Sysdig is a cloud-native intelligence company, founded in 2013 by CTO Loris Degioanni, one of the co-creators of WireShark, a visibility tool for monitoring and troubleshooting network infrastructure. With the widespread adoption of the cloud and the advent of containers, Degioanni saw that containers and microservices in the cloud would require a new approach to monitoring, security and forensics.

Sysdig launched its first open source security and troubleshooting tools Sysdig and Sysdig Falco in 2013. The company has since launched its commercial monitoring and security products, Sysdig Monitor and Sysdig Secure.

Sysdig is designed for modern, cloud-native applications that leverage microservices, docker containers, and kubernetes, but is also compatible with previous software architectures.

Sysdig ContainerVision, a technology within the Sysdig platform, utilizes a single point of instrumentation, delivering monitoring, security, troubleshooting, and forensics from a single, low-resource agent. Sysdig ServiceVision, another technology within the platform, uses Kubernetes context to implement security at the microservices level in addition to the container, host, and network levels.

The Sysdig cloud-native intelligence platform monitors and secures millions of containers across hundreds of enterprises, including Fortune 500 companies and web-scale properties. Sysdig is a private company headquartered in San Francisco, with additional offices in Davis, CA; Raleigh, NC; London; and Belgrade, Serbia. Suresh Vasudevan has been CEO since June 2013.


The Sysdig products are horizontal and can be used in any market. However, within all markets, Sysdig targets forward-leaning, progressive companies that have adopted modern software approaches that leverage microservices, Docker containers, Kubernetes, and DevOps.


Open Source Sysdig is the open source project that started the company. It provides system visibility through system calls to provide deep forensics and troubleshooting. Sysdig Falco is an open source container security monitor designed to detect anomalous activity in containers. It offers deep container visibility, predefined rule sets, and takes action when containers fail to perform properly.

Sysdig Secure is a container security and forensics solution for microservices. Sysdig Secure, part of the Sysdig Cloud-Native Intelligence Platform, can secure the end-to-end container lifecycle. It is available as both a cloud and an on-premises software offering.

Sysdig Monitor, part of the Sysdig Cloud-Native Intelligence Platform, is a container-native monitoring and troubleshooting solution. It is crafted to provide enterprise-class Prometheus support and extend Prometheus support to meet enterprise requirements. It comes with full container visibility and deep orchestrator integrations, including Kubernetes, Docker, AWS ECS, and Mesos. It is available as both a cloud and an on-premises software offering.

Sysdig Cloud-Native Intelligence Platform. The platform combines Sysdig Secure, Sysdig Monitor, and open source components in one easily managed offering. It is available as both a cloud and an on-premises software offering.

Key Features

Open Source Sysdig is 100 percent open source, allowing developers and operators to bring rich security functionality to their environments with no licensing costs. With a powerful query language, Sysdig provides instant access to data buried within containers.

CSysdig & Sysdig Inspect helps organizations visualize container state, enabling administrators to drill down into individual containers, gaining protocol level views of an application’s behavior to find application errors and bottlenecks.

Sysdig Falco is 100 percent open source and provides deep container visibility into the behavior of containers and applications down to fine details such as system, network, and file activity. When containers don’t behave as expected, Falco can take action by killing a container, sending alerts, and notifying a third party.

Sysdig Secure key features include: Vulnerability Management, which scans images and blocks vulnerabilities across the CI/CD pipeline registry or in production; Adaptive Run-Time Defense, which identifies and blocks threats based on application, container, file, host, or network activity; Compliance & Audit, which detects violations of external compliance requirements like CIS, PCI-DSS and GDPR, and can also enforce custom compliance controls; and Forensics, which triggers automatic system captures to see activity before and after security events to provide robust incident response, even when containers are long gone.

Sysdig Monitor key features: Performance data is used not only to monitor applications, but also to help security professionals hunt for indicators of compromise. Service-Oriented Performance Management measures the performance of services as well as underlying hardware and software. Application-Intelligent Monitoring automatically determines what applications are running and how they’re performing, with no plug-ins or configs. Trace-driven Troubleshooting captures detailed system information that allow users to troubleshoot containers even after they’re long gone. Enterprise-class Prometheus support provides scale-out enterprise grade Prometheus capabilities and extends them with enterprise needs.

Product Performance Metrics

Sysdig supports millions of containers across hundreds of enterprise customers. Sysdig’s main instrumentation point uses fewer resources than a kubelet to provide all security and monitoring data.


Sysdig is available as a software as a service, and as an on-premises software offering. Both offerings have the same functionality.


Falco and Open source Sysdig are free and can be downloaded from Github.

Sysdig Monitor offers flexible pricing, with entry-level pricing starting at $20 a month per host. The most popular package, Pro Cloud, is $30 a month and includes 30 containers, 500 custom metrics, unlimited teams, and enterprise features. Pricing for enterprise packages varies.

Prices for the Sysdig Platform (combined monitoring, security, and forensics) and Sysdig Secure varies based on customizable options.

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Sean Michael Kerner Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis