Challenges

When Security Signals Stop Being Trustworthy

Before adopting Sysdig, Mambu relied on a different cloud security platform across workloads. Signals arrived constantly, but not reliably. Alerts fired for issues that had already been patched, vulnerabilities resurfaced after remediation, and file integrity notifications overwhelmed dashboards without clarifying what actually required action.

Over time, that noise created real consequences. Security teams spent hours sorting through alerts that led nowhere. Engineers were pulled into investigations that did not change risk. Without clear runtime context, it became difficult to determine genuinely exposed workloads and when to safely deprioritize findings.

“With thousands of false positives, we were spending far too much time wading through noise,” said Nemanja Banovic, Senior Engineering Manager at Mambu. “It made juggling multiple solutions and workloads difficult and time-consuming. That slowed both platform growth and preparation for certifications like SOC 2 Type II.”

Solutions

When Runtime Context Became Nonnegotiable

Mambu needed clearer signals that reflected real exposure in production. Vulnerability data had to distinguish between theoretical risk and active exposure. Detection needed to surface issues worth acting on. Governance processes had to move faster without adding overhead for engineers.

Those requirements ruled out posture-only approaches that relied on periodic scans or service-level visibility. Without continuous insight into running workloads, the security team could not reliably investigate system behavior, validate risk, or prioritize remediation across a multicloud environment.

That gap is what led Mambu to Sysdig.

Runtime visibility became the deciding factor. With Sysdig, Banovic and his team could drill directly into workloads as events occurred, gaining the context needed to understand how vulnerabilities and behaviors manifested in practice.

“Real-time visibility into our workloads is critical for us. We need to be able to drill down as events occur and understand what’s actually happening at the system level. Without that depth, investigating vulnerabilities and system calls becomes extremely difficult.”

Nemanja Banovic, Senior Engineering Manager, Mambu

‍

Detection also had to be adaptable. Using open source Falco, the team built on managed rules and tailored them to Mambu’s environment, filtering out noise without sacrificing control. That flexibility reduced false positives while strengthening governance across Kubernetes workloads, without forcing the team to start from scratch.

Support mattered too. Direct access to Sysdig engineers helped the team adopt capabilities correctly from the outset, shortening the learning curve and avoiding misconfigurations that could introduce new noise.

Taken together, those factors made Sysdig easier to deploy than other options Mambu evaluated. The initial rollout reached production stability in roughly three months, without disrupting engineering velocity.

Identifying Critical Vulnerabilities That Actually Matter

Mambu’s previous vulnerability management approach frequently surfaced issues that had already been addressed. Common vulnerabilities and exposures (CVEs) would reappear after patching, forcing teams to triage problems again that no longer posed real risk. Limited insight into impact and remediation made it difficult to prioritize effectively.

“Before deploying Sysdig, we had false and recurring vulnerabilities regularly popping up. We’d patch, and we’d see the same CVEs show up again. Sysdig doesn’t have that issue.”

Nemanja Banovic, Senior Engineering Manager, Mambu

‍

Sysdig evaluates vulnerability findings based on runtime context, with actionable guidance right in the alert. When an alert appears, the team can see which components are affected and which workloads are actually exposed, allowing remediation efforts to focus on real risk rather than theoretical exposure.

That clarity proved critical with the identification of a high-severity vulnerability in Mambu’s NGINX Ingress Controller. Using Sysdig, the team confirmed the affected version and identified the impacted clusters. With that information in hand, multiple teams were able to coordinate remediation without guesswork.

The vulnerability affected more than 20 clusters supporting Mambu’s cloud-native banking platform. All were patched within the required SLA, with remediation completed in roughly one to two days. The same runtime data now supports a broader vulnerability management process that spans scanning, reporting, and remediation, giving the team confidence that prioritization is based on actual exposure.

‍When Alerts Became Worth Acting On

With vulnerability prioritization strengthened, the team focused on tailoring detection to the Mambu platform. Using Falco, they customized managed rules to cover drift detection, cloud detection and response, file integrity management, and identity-related events. Compared to their previous tooling, that tuning reduced false positives by roughly 95%.

The impact was immediate across teams. Instead of constant alert monitoring to determine whether an issue required action, Falco now filters out much of that noise automatically.

“Before, we needed to have multiple teams stay on top of alerts,” Banovic said. “The flexibility and scope enabled by Falco allow us to automatically filter out the noise, which improves focus and lowers operational overhead. Instead of spending time chasing alerts, our engineers can focus on building, and our security operations center can concentrate on more critical threats.”

With fewer distractions and clearer signals, engineers spend less time investigating low-value alerts and more time delivering new capabilities. The security operations center is able to focus on genuinely critical threats rather than sorting through routine activity.

When Audits Stopped Slowing the Team Down

For Mambu, audit readiness improved as a downstream effect of clearer security signals. When teams stopped chasing false positives and reworking noncritical findings, they were able to approach audits with far less disruption.

More effective vulnerability prioritization and tighter security controls made it easier to demonstrate risk management. Evidence collection also became simpler, since the information that the auditors needed was already organized and consistent with how the security team operated day to day.

“We’re currently in the final stages of the SOC 2 Type II audit and working with both internal and external auditors. Sysdig has made the whole process much quicker and easier than before. This is an area they are well-versed in as a major provider to the finserv community.”

Nemanja Banovic, Engineering Manager, Mambu

‍

Making Security Insight Self-Service

With clearer insight into risk at runtime, Mambu is now looking at how to make that same clarity more accessible across the organization. The goal is to reduce friction by enabling more teams to understand what is happening in the environment without relying on engineers for every answer.

Part of that exploration includes evaluating Sysdig Sage™, an artificial intelligence (AI)-powered cloud security analyst built directly into the Sysdig platform. Sysdig Sage allows teams to ask questions of their runtime data and get clear, contextual answers about what they are seeing, without requiring deep security or platform expertise.

For Mambu, that capability opens the door to a more practical model of self-service, one grounded in the same runtime data the security team already trusts. Instead of pulling engineers into routine questions or investigations, nonengineering teams can retrieve the information they need on their own, preserving focus while still operating from real-time context.

“Real-time visibility into our workloads was one of the biggest reasons we chose Sysdig,” Banovic said. “Being notified the moment something changes has fundamentally improved how we respond and how confident we are in our decisions. That depth of runtime data will be a strong asset as we expand our use of AI.”

To learn more about Mambu, visit www.mambu.com.

‍

‍

‍

‍