Why Sysdig Is Betting on Real-Time Cloud-Native Protection

Cybersecurity is an existential imperative. No lock is secure, as there is always the magical key hackers invent to break the toughest of digital perimeters. This reminds one of an old saying in the industry, a phrase widely used by security leaders: “There are two types of companies: those that have been hacked, and those who don’t yet know they have been hacked.” This was often quoted, prominent personalities being former FBI Director Robert Mueller and former Cisco CEO John Chambers. This phrase underscores the inevitability of cyber breaches in the digital age.

With this backdrop, we need to lean on the most oft-used term now: real time. We live in an age where we need to take ‘on-the-moment’ decisions and act on them. This very much applies to enterprise security. Traditional security tools for the cloud era, despite their recency, have been dubbed legacy, and for security to work in real time, it has to be native, embedded, and a part of the digital DNA.

This was the message the senior leadership at Sysdig delivered at its media roundtable on the sidelines of its flagship Sysdig Accelerate event.

Sysdig’s Journey to Runtime Security

Rooted in open source, the company was founded by Loris Degioanni, the mind behind Wireshark, arguably the most widely used open-source network analyzer, which today has 20+ million users. Loris saw the cloud wave coming more than a decade ago and realised that visibility needed to evolve.

And Sysdig was born, and the company makes it clear: it was born not to replace Wireshark but to extend its core principles to the cloud. One of its flagship contributions, the Falco project, is now hosted under the Cloud Native Computing Foundation (CNCF), the same open-source body that governs Kubernetes and other core cloud-native tools. This move firmly embedded Sysdig into the DevSecOps pipeline, making it a trusted player in the Kubernetes security ecosystem.

Sysdig plays out in a very interesting intersection. In a multi-cloud world ruled by a handful of hyperscalers, the topic of cloud security is a touchy subject. Often, the question "Who owns cloud security?" defies a clear answer. Sometimes it’s akin to asking who owns the copyright for synthetic content generated by GenAI tools.

But in real life, someone has to secure the cloud, and this is where new-age players like Sysdig come into the picture. The intersection here is the shift in how cloud security itself is being redefined.

Posture Is Dead. Long Live Runtime

Says Gary Olson, Chief Revenue Officer, Sysdig, “For the past few years, cloud security has largely revolved around posture—compliance checklists, dashboards, and policy visualisation. While these tools look neat in the boardroom, they fall apart when systems move from build to runtime. That’s when real vulnerabilities emerge. And that’s exactly where Sysdig is placing its bets.”

The reading here is that dashboards don’t stop threats. They just show you where you failed after the attack. The brutal reality: you lost, the threats triumphed.

So it is in this context that Sysdig is approaching things differently, with a runtime-first security model built to detect, respond, and contain threats as they happen. It’s not about knowing where you stand. It’s about staying up when everything else goes down.

The Shift: The Genesis of Cloud-Native Visibility

Let’s look at what Sysdig is trying to do. For instance, at the heart of its approach is its open-source heritage. The company says that in the cloud, every second counts. Attacks unfold in minutes, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in seconds and instantly detects changes in risk with real-time insights using open-source tools like Falco. Meanwhile, Sysdig Sage, which the company says is the industry’s first AI cloud security analyst, uplevels human response and enables security, developers, and DevOps to work together faster by correlating signals across cloud workloads, identities, and services.

So what Sysdig is essentially saying is that it uncovers hidden attack paths and prioritises real risk. From prevention to defense, it helps enterprises focus on what matters. By doing that, Sysdig is quietly emerging as one of the few companies that can secure them in real time.

Sysdig’s 5-5-5 Benchmark

According to the company’s 2025 Cloud-Native Security & Usage Report, several emerging trends and benchmarks are reshaping the cybersecurity landscape. Workloads leveraging AI/ML packages have surged by 500%, while public exposure has dropped by 38%, signalling a shift toward more secure deployments. Machine identities now represent a significant risk, being 7.5 times more hazardous than human users and facing management at scales of up to 40,000 identities per organisation.

Notably, leading organisations have made rapid response a reality: mature teams are able to initiate actions in under four minutes, meeting a “5-5-5” benchmark—detecting threats in five seconds, correlating signals in five minutes, and responding in five minutes.

AI Meets Cloud-Native Application Protection Platform (CNAPP)

According to Sergej Epp, Sysdig’s Chief Information Security Officer and a Deutsche Bank alum, it’s about precision and speed. “We don’t just collect data; rather, we collect the right data, at the right moment, and feed it into intelligent systems that actually act on it.”

By embedding AI into its runtime engine, Sysdig isn’t building another alert fatigue machine. It’s building a platform that can anticipate, intercept, and neutralise threats before they escalate. And in a country like India, where millions rely on uninterrupted digital services every day, that’s not just a technical edge—it’s a societal one.

Securing the Future: CDO and CISO Challenges in an AI-Driven World

So, I asked the leadership team about some of the pressing challenges tech CXOs face and what they hear from their engagements with the tech decision-making community. This is what they had to say:

When Chief Data Officers (CDOs), CISOs, and CIOs engage with us, a common thread quickly emerges: the growing complexity of today’s environments is their number one challenge. They aren’t just trying to protect data—they’re grappling with how to keep a sprawling, fast-evolving infrastructure running securely and responsively, all while facing mounting breaches and rising regulatory pressure.

As we often say, “Security today is not about how many protocols you have—it’s about how you adapt and scale securely while enabling innovation.”

The Challenge of Scale and Trust

One particular pain area is open-source security. Clients increasingly rely on open-source platforms to power innovation, but those same platforms can be riddled with vulnerabilities. The expectation is that open source must keep up with both the pace of innovation and the technical scrutiny demanded by enterprise-grade environments.

At our core, we believe security must be proactive, not reactive. Clients trust us to build platforms that are resilient by design—and that means building security into every layer.

The Three Pressing Mandates from CXOs

“When we speak with CIOs, CISOs, and CEOs—often in the same room—we consistently hear about three top mandates,” says Gary.

AI Mandate Pressure: Nearly every hand goes up when we ask, “Have you been told to implement AI across your company within 12 months?” The pressure is real. The security implications of rapidly deployed AI solutions are vast—especially when AI is being pushed top-down from the CEO level.

Audit & Compliance Acceleration: Compliance checks and audits are now happening faster and more frequently than ever before. AI is both the driver and the disruptor in this scenario. Enterprises are struggling to maintain detailed audit trails and respond quickly when gaps are identified.

The 2 AM Wake-Up Call: Am I Really Secure? This may sound anecdotal, but it’s very real. Many leaders tell us they wake up at night wondering: “Have we done enough?” Because the day you lose trust, especially in security, is the day you lose your business's foundation.

To address this, our focus is threefold:

• Secure AI and AI-powered security
• Deliver robust audit capabilities and remediation
• Give CISOs and CIOs peace of mind by automating response, so they can focus on innovation, not firefighting

As Gary points out, “We often say: the rear-view mirror is smaller than the windshield. Let’s help security leaders look ahead.Ultimately, we are creating a platform that serves multiple personas."

Our goal, Gary says, is to ensure that:

• Security posture is measurable
• Attack surfaces are monitored and reduced
• Remediation is actionable and intuitive
• Authorship and access are well-governed

This platform-first approach lets organisations move from reactive firefighting to proactive resilience, which is the real outcome we’re striving for.

The India Play — Why Now

India is operating at digital scale like never before. With India’s aggressive digital push, securing the cloud infrastructure becomes paramount.

Giving a sense of how critical security is, Simarpreet Singh, Regional Director for Sysdig for India and SAARC, says, “India’s critical digital infrastructure—whether it be private or government—needs robust cloud-native security. Imagine a breach in terms of identity or data and the ramifications. That’s the kind of risk we’re talking about. Sysdig sees India not just as a market, but as a ground for providing digital security at national scale.”

Securing the Road Ahead

With thousands of cybersecurity vendors vying for attention at global conferences like RSA, differentiation is hard. But Sysdig is trying to carve a niche with its roots in open source. The company believes that this gives it the leverage to deepen its cadence with a much larger customer base. India is at the centre of this cloud security evolution.

As Shantanu Gattani, Senior VP of Product Infrastructure and Threat Research at Sysdig, puts it: “If you're building a global business and you don't have India in the picture, you're not building a global business.”