Sysdig acquires Apolicy to bolster container security offerings

Sysdig today announced that it acquired Apolicy, a startup developing tools to address how teams approach containerized system security. The deal, the terms of which weren’t disclosed, will bolster Sysdig’s capabilities by strengthening cloud and container security with compliance and governance enforcement, Sysdig CEO Suresh Vasudevan said.

The trend of infrastructure-as-code (IaC) continues to gain traction with cloud platform teams as a way to achieve holistic operational control of infrastructure. As teams codify infrastructure using IaC services, it can be easy to overlook security. But checking for security as configurations allow organizations to identify and resolve issues before infrastructure is deployed.

Apolicy provides what it calls “IaC security,” which automates an organization’s cloud and container security controls. It provides the ability to apply policies and practices across multiple IaC, cloud, and container environments, automating compliance by enforcing Open Policy Agent-based policies via a container admission controller. Moreover, it consolidates alerts by identifying the production instances affected by IaC errors and prioritizing fixes based on application context.

Infrastructure as code is the process of managing datacenters through machine-readable definition files, rather than hardware configurations. It grew as a response to the challenges posed by utility computing — the thought of modeling infrastructure with code and having the ability to design, implement, and deploy app infrastructure appealed to both software developers and IT infrastructure administrators. Being able to treat infrastructure like code and use the same tools as any other software project would allow developers to rapidly deploy applications, the thinking went.

Platform integration

With the addition of Apolicy, Sysdig customers will be able to detect runtime drift and map it back to the IaC configuration file, Vasudevan said in a press release. “Most breaches are caused by configuration errors. Our customers want a single platform that detects configuration errors pre-deployment and identifies drift in production. Only Sysdig delivers a secure DevOps workflow for infrastructure and workloads and automatically closes the loop from production to source by fixing issues identified at runtime,” he said.

Prior to the acquisition, Apolicy, which was founded in 2019, had raised $3.5 million in funding. The Apolicy team including cofounders Maor Goldberg, Eran Leib, and Shlomi Wexler will join Sysdig once the purchase is complete, and Apolicy’s products will be incorporated as part of Sysdig’s platform.

“We founded Apolicy with the purpose of securing Kubernetes from source to production through risk identification, remediation, and policy enforcement,” Goldberg said in a statement. “We are excited to join forces with Sysdig and combine the best security capabilities in the market for cloud and containers together with our infrastructure and posture security. Together we will bring customers one end-to-end cloud native security platform that is built on open source.”

Sysdig, which competes with Dome9, Datadog, and Orca Security, was launched in 2013 as an open source effort to solve the security problems facing enterprises adopting cloud apps. The company created projects to leverage visibility as a foundation for security, including Sysdig and Falco, which have become standards for threat detection and incident response. It now has “tens of thousands” of users across over 450 customers, including “dozens” of large global enterprises, as well as over $395 million in venture capital backing.