Discussion about this post

User's avatar
Jagadish's avatar

James , great write-up . I assume Sysdig's Falco solution that leverages syscall cant be categorized fully as a runtime reachability tool ? Raven . Oligo etc. have something that differentiates what Sysdig (and several others) have up their sleeves currently ?

Expand full comment
Erik Klein's avatar

Great write up James. Have you considered getting runtime function-level reachability by utilizing the existing APM / observability agent that the site-reliability or performance management teams have already installed into the hosts and containers at an organization? It saves the security team the step of deploying an agent and often provides even more reachability information than typical runtime reachability solutions (e.g. identification of public internet reachability over 1 or more hops, identification of downstream database reachability over 1 or more hops). Vendors like Dynatrace have this as part of the already installed solution so security teams don't have to install anything new (and, depending on the licensing, may be able to utilize without a purchase order).

Expand full comment
7 more comments...

No posts