(upbeat music) >> Hello, and welcome to this Cube Conversation kicking off 2022, I'm John Furrier, your host of theCUBE. We're with Loris Degioanni, Chief Technology Officer and founder of Sysdig. A company that's in the pioneering cloud native and cloud native security, open source, big part of the CNCF, CUBECon coverage. Of course, we know them as of that environment as well as DockerCon which we've covered many times. Sysdig is a very successful company. Loris, welcome to theCUBE Conversation. >> Thank you and thanks for having me. >> Well, we know a lot about you, but a lot of folks are learning about you guys with your success. Congratulations on the funding and the validation of your product, which is not a surprise. We've been saying on theCUBE open source has been powering innovation for some time and getting stronger, faster. The predictions in the Linux Foundation about this open source contributions continue to be blown away by their projections and more and more is coming. A new generation is upon us. Cloud Native, Edge, Kubernetes. All of these things are powering a modern application environment which is changing business. And under the covers, you guys are a big part of it. So take us through who Sysdig is, what you guys do for the folks out there and let's get into it. Obviously open source is a big part of it. Take us through who is Sysdig and what do you guys do. >> Yeah, Sysdig helps you run your software in the cloud in a way that is secure and confidently. We have a security solution that covers containers, cloud and Kubernetes. And we cover you in the life cycle of modern application. So the Sysdig security platform helps you secure application in a way that ranges from like shift left in CSD and finding vulnerabilities in your CSD pipeline to run time security that is very important in the cloud in particular with orchestrated infrastructures like the ones that are run by Kubernetes. And then of course, everything that has to do with the forensics, threat-hunting and so on. And the world is changing, security is changing, and Sysdig is one of the startups, one of the companies that is at the forefront of true modern cloud native security. >> So I got to ask you. Were you sitting in your backyard one day thinking, hey, I'm going to start a company? How did this all come together? I mean, the originator story, because we saw open source, we saw even more before CNCF was formed, you saw what cloud was doing. Again, we saw OpenStack and all these other things happening around technology. What was the driver behind the founding of Sysdig, and then how did that progress? Because again, there's an open source component here I want to get into. >> Yeah, and it's interesting that you say backyard because actually Sysdig was actually started in my backyard. Just outside of here. So the backyard metaphor is very, very fitting here. And in a general way, let's say I come from a background in open source for a very long time. Sysdig is my second company. My first company was called Case Technologies. It was the company behind an open source network analyzer called Wireshark, which is widely used by millions and millions of people around the world to do network troubleshooting and network analysis. And when we were doing network packets, we were using like the network devices to collect information. The data that is being transferred on the network has some very nice properties, it's rich. It's very deep. When you can see and decode what's happening on the network, you can understand what applications are doing, what the users are doing. I used to say, packets never lie, right? Because you could connect to the router and collect this data and they have a very good picture without any two instrument libraries to link, to install stuff and so on. And all of a sudden, we're moving to the cloud and the router that was like the vintage point for this beautiful way of doing security and visibility disappears. And you're renting instances that are floating in the Amazon cloud. And when the world changed that way from one point of view, I was sure that what we're doing before was useful and was powerful for the users. But I was also sure, okay, the world is going to change. The retrofitted solutions are not going to work. We can take our product, but then we have the innovator dilemma. We have a product that we cannot completely radically change. So I decided let's start from scratch. Let's start Sysdig. Let's try to understand actually what this cloud is going, where containers are going. There's this new Kubernetes thing that everybody's talking about. What does it mean to offer deep, rich, but at the same time lightweight and easy to deploy security and visibility for this kind of new way of writing software and that's how Sysdig was born. >> So if I remember correctly back in that timeframe, that couple you said you found a millions people using that application. If I remember correctly, that was software network monitoring. Is that true? Is that open source at that time? Was that an open project or was that? >> Yeah, like Wireshark is a network analyzer and the software that we're doing was heavily open source oriented and was mostly software and there were also potentially appliances because this was data center more kind of stuff. >> That was before cloud even came here. So again, defined data center software and defined clouds happening. So again, good segue into kind of where security, you mentioned footprints, you can track people with packets. So to your point, is this the tie into security, tell us how this fits in with open source and security with the software piece? >> Yeah, what Sysdig did essentially, the idea was let's learn from our prior life. I always say that every new wave of technology is built on the shoulders of the previous one. And you'd never reinvent anything. You just apply it and evolve it. And the same thing we did with Sysdig. So we learned what was working with our previous approaches that were based on observing the applications behavior by looking essentially at network traffic, but we adapted it to modern infrastructures. And open source was our mantra before with Wireshark and became our mantra with Sysdig. Sysdig, the company name comes from the open source tool that we released was the first thing that we released in our company. And then few years later with Falco, which now is the premier open source project that was created by Sysdig and is now part of the CNCF, it's an incubating project. And it's essentially the runtime security tool for containers, Kubernetes, and cloud. >> Take us through that Falco, because I think this is an important distinction on your success trajectory because CNCF has a nice playbook where companies can contribute to the CNCF at the same time, that creates an open environment for all, and then have a business model tied to it. This is kind of a new, not new, but this is a successful way to be open source and have a commercial opportunity. >> Yeah, and very much a substantial portion of our commercial product is let's say an extension of Falco. But let's say our approach was like, let's first produce something that is truly useful for the community and fits in the proper way with the ecosystem, with the rest of the ecosystem. Nowadays in every field security as well, you don't build any more a single solution. You build something that needs to fit very well in the stack. Kubernetes, Prometers, network meshes and DCO and this kind of stuff, these all fit together. So Falco, which is the runtime security component needs to fit as well. So initially our focus was like, okay, we need to fill the gap of runtime security for containers, for Kubernetes, and also for cloud. But we need to do that in a way that is community first and data really helps, but also engages and takes advantage of the users, of the broader community. At that point, going to the CNCF and telling the CNCF, hey, look, we developed these, are you interested in partnering with us and being essentially the organization behind this project, was very natural. And that's what we did in 2016, sorry, 2018. 2016 is when Falco started, 2018. And at that point, you know, it's a great partnership because the CNCF is really a great home for all of these projects and really makes it possible for the users to trust a project in a way that they know that even if the commercial banker, even if the original creators, even if the team rotates and changes and evolves, the end users can still use this project, trust this project and know that it's community driven. And it's been a great journey for us. >> How would you describe what Falco is and what are the key use cases? >> Yeah, Falco is, I compare it to the security camera for your containers, your house and your cloud infrastructure. So the same way that the security camera allows you to observe maybe what's happening in your home, even if you have a lock, is still useful to have a security camera, right? To understand when something breaks in what they're doing, when they do it, get an alarm when something better happens. Similarly, in software infrastructures, you can still have your lock, your firewall and so on, but then you use a security camera like Falco that is able to observe every single container, every single process, every single machine, every single network connection and so on. Keep an eye on it and then it has sort of a points-based system that includes a bunch of policies that come essentially pre-packaged that allow the users to detect when something dangerous or suspicious happens in the infrastructure. For example, I don't know somebody is spawning or sharing their radius container. Or somebody is logging in AWS without multi-factor authentication. Falco keeps a constant eye and lets you know, it gives you an alert when something like that happens. >> You know what I love about what you guys do and kind of highlights what we've been saying on theCUBE for many, many years is that the networking concepts of the older generations have been moving up the stack with cloud because you got rule engines, policy automation, all these things are now part of connected systems. So if you have the cloud, which is essentially a distributed computing, you have more networks, more connections. And so the networking paradigms of packets can be moved over to software, well, software maintenance, if you will, or anything, any middleware, whatever you want to call it. I mean, this is kind of a new paradigm. So, what's your reaction to that? I want to get your take on this because this is kind of really happening. >> Yeah, and you are absolutely right. And what us as a Falco community or as Sysdig as a company is exactly that. We're taking the concepts that were maybe at the base of the previous generation of the data center in terms of policies, in terms of one clause and we're sort of elevating them to what modern cloud is. To give you an example, I don't know if you remember, but a Falco was inspired by a tool called Snort and the company also was Sourcefire. Snort used to listen on the network, constantly observe the network traffic and the deploy policies to tell you, okay, somebody uploaded a file from China and this file contains a malware. Now we do this, but we're able to see inside containers. We have cloud context. We understand the regions. We understand Kubernetes namespace and all these kinds of stuff. So we're able to put so much more context and be so much closer to the user, but the concepts are the same. We're just, as I was saying, sitting on the shoulders of people before us that invented this and we're modernizing them. >> Well, this is what refactoring is all about. This is the benefit of the cloud. I think, this is why a lot of the cloud native success is happening because companies are realizing that they can actually not just re platform in the cloud, but actually refactor their business, completely different. Using other paradigms and not necessarily rip and replace or just cut and paste. They can take concepts and codify them in their workloads, not necessarily general purpose. So again, key cloud concept and only going to get stronger with the edge developing. So again, more and more complexity, connected complexity. >> Yeah, complexity that more and more you manage through automation, right? Which is another key concept in the cloud. So we are able as a market, as a community to have and manage more and more complex infrastructures because we have tools that are able to automate, to take care of stuff for us, to potentially remediate, which is another big theme in modern security for us and so on. And of course, again, companies like Sysdig, try to really read these in the plight, in a proper way that can be the most possible useful. >> And hackers love complexity, right? And love chaos. And so unless you tame that with really good software, this is the key challenge. >> You need to manage chaos and you need good software to help you manage chaos. >> All right, final question for you. How is Sysdig and the Falco community working with AWS? >> Yeah, in a number of ways. One of the beauties, as I was telling before of essentially being built on an open source project like Falco is that you can really work together with cloud providers like AWS with mutual advantage. For example, AWS and team members at Amazon have done many contributions to Falco and the Sysdig system and integrations and so on. We partnered as Falco community and Sysdig with AWS to offer proper support for Falco versus the products on Fargate, which is, managed containers are the future, are very powerful. Everybody wants to go there, but then you need to make sure that you are covered, you have security from the point of view of severability and so on. Sysdig and AWS work together on doing a P trace based implementation, this is a technical thing, but essentially it means that a tool like Falco can give you invitations, can be the security camera for Fargate as well. And in general way, Amazon is a great partner for us on a daily basis as a community and as a company. >> Loris, you've got a great company there. And again, it was great to see you guys grow from the beginning and the wave is here. As they say, in California, you guys are riding the right wave. And I think it's just the beginning. I think you're going to see more and more security be programmable, built in, automated, under the covers, invisible, but working. And I think the same is going to be true for data and other things. So a lot more to do. And again, it's distributed computing. We've seen this movie before, but not in this environment. So new tools are coming and you guys are a big part of it. Thank you so much for coming on theCUBE and sharing what you guys are doing and the technology behind Sysdig. Thanks for coming on. >> Thank you very much and thank you for the great conversation. >> Okay, this is theCUBE I'm John Furrier your host for Cube conversations with Sysdig's Loris Degioanni, CTO of Sysdig. Thanks for watching. (gentle music)

(upbeat music) >> Narrator: From around the globe it's theCUBE, with coverage of SUSECON Digital. Brought to you by SUSE. >> Stu: Welcome back, I'm Stu Miniman and this is theCUBE's coverage of SUSECON Digital '20. Apeda Welcome to the program Vincente Moranta, who is the Vice President of Offer Management of Enterprise Linux Workloads on Power. Vincente, pleasure to see you, thanks for joining us. >> Vincente: Hey Stu and thank you for having me. >> All right, so we know that SUSE lives on a lot of platforms. We're going to talk a bit about applications specifically, primarily SAP. Give us a little bit, Vincente, about what you're working on, and the relevance to the partnership with SUSE. >> Sure, absolutely. So, the last five years I've been responsible for offering management at IBM. Focused on solutions that live on IBM powered systems. In particular, we started with SAP HANA, and obviously SAP and SUSE, with their fantastic relationship, was a big part of that and continues to be as we have grown the platform for the last five years. >> Excellent. So, SAP of course, critical workload, we've been seeing SAP go through those transformation. So, help us understand what work needs to be done to integrate these things? Make sure that companies can run their business. >> Yeah, I think primarily as clients are making their transition from a traditional type of an ERP, CRM, and even BW type workloads, they're looking for a way to make those transitions. Really get in to the whole digital transformation and all of the spaces of being able to leverage technology in a way that creates value to the client, in almost real time. But they want to do it with technology partners that are going to enable the client to do it with minimal risk, with high flexibility and with partners who are there for them to, in some cases, do things that are not necessarily all too forwarded or ready to go yet. But really giving the customer the ability to adapt to things. And when we started with SAP HANA, as I mentioned, the customers in the market who were doing HANA on X86 platforms were limited to certain set of capabilities, certain set of support statements, and things like that. And a big part of that was bare metal implementations which still to this day remain the most popular way to deploy HANA in an X86 environment. But when we got together with SUSE and with SAP and we started the partnership around HANA, the thing that became very clear was that customers needed flexibility. They needed to be able to adapt to changing environments, very interesting challenges that they were trying to tackle with these HANA projects. But the capabilities of the servers that they were using, were not allowing them to have that flexibility. And then, even if SUSE was trying to do certain things and give some flexibility to those clients, if the infrastructure cannot handle it, or vice verse, it really just is a one-party trick and it doesn't work. So the focus with SUSE, almost from the beginning, has been on tool innovation. And we've been able to accomplish really amazing things together with them and SAP. Things that could not have been possible without that very strong collaboration. And one of them that is very recent, is shared processor pool. Right? In a world where HANA is deployed bare-metal systems, IBM Power is always doing virtualization, and together with SUSE, we were able to come up with a solution. And with SAP, obviously. That allowed customers to share source in a virtual way across many HANA instances. So completely revolutionizing the DCO and the ROI for clients working with HANA. Without trading out any of the resiliency, any of the performance, and everything else. So, that's the balance that a lot of these customers are looking for is flexibility, and better returns, especially now more than ever. Without trading out all of the things that they need for an S/4 HANA project or an ERP or a BW project. >> You talked about the flexibility and the returns that customers get on this. I wonder if you step back for a second, where is this hitting on a CIO's priority list? What has changed in today's Cloud era? Couple weeks ago, IBM Think was going on, heard a lot about customers, how they're going through their journey in the cloud. We know there's a lot of options there so. SAP solutions specifically, there's a lot of ways that we can do this. So how does a CIO figure out what the best solution for their skill-set and the technology partner that they work with. >> Yeah, I think at a high-level where the CIO's are basing nowadays, is kind of, it's a good time to be a CIO, I think, because you get a chance to have a broad range of deployment options. Without having to trade out from the features. I'm sure some CIO's will disagree and will say there's plenty of other challenges that are making their lives complicated. But if we just focus on the fact that you can deploy HANA - you can deploy it in the cloud, you can deploy it in hybrid, you can deploy it on premises. And the largest then, and especially with our capabilities, and together with SUSE, the CIO doesn't have to make a choice on trade out of things that they have to lose if they make one of the other. I think that is what helps them to feel comfortable to go in to SAP and being able to adapt. If a project becomes too large or the data transfer requirements become too complicated or too expensive, it's easy enough to bring it back and to maybe leave dev test in a cloud and move the rest of the production environment to on premise. Through a number of partnerships that we have done over the last few years, there's a number of very large MSP's and CSP's including SAP HANA Enterprise Crowd - HEC - and very soon IBM cloud as well. Who can provide all of these capabilities that SUSE and Empower allow for a HANA deployment to be done in a Cloud. So from our perspective, even though I'm a hardware guy, and some people may think I only care about on premises business, the reality is when a customer says, or a CIO as you were asking. When a CIO is trying to make a decision we don't want that CIO to be thinking they have to make a decision between IBM supporting them only if it's on premises or only if it's on Cloud. We can do both. And they don't have to do, it's not a hard trade off to decide. You can start with one, you can go to the other one. We can have capacity for them like we're doing with SAP HEC today, SAP HANA Enterprise Cloud. They're using Power9 technology. The customers benefit in regardless of which deployment option they choose. Both with SUSE underneath it. I think we're trying to make it simpler for them to make those choices without infrastructure becoming the sticky point. >> Yeah, and you talked about the support that users can get, of course, from IBM. At SUSECON, a lot of the discussion about the community there. >> Absolutely. >> So, what can you tell us about, you've got thousands of customers that are running SAP HANA on Power, how do you help them rally together and be part of (muted). >> Yeah, so, you and I have known each other for a while and I think when we started working together at a prior company it was around communities practice. And the organizational network and social network. A big part of what we have done is just going to that same approach. Of just connecting people with people. Right? Connecting people from SUSE with people from IBM, with clients and trying to foster valuable interaction between those clients. Whether it's TechU, IBM TechU Conferences, SAP TechEd, SUSECON, you name it. We're always kind of looking for ways to bring people together. And I'll put in a plug for a client entity, a client council called the SAP Power Customer Council, which is a group of clients that decided on their own to get together and bring other customers who are doing SAP deployments on AIX, on Linux, obviously with SUSE and HANA, and come together once a year. We also have almost monthly interlock and workshops with them. But that is one way where the SUSE folks, IBM Power, SAP Development, all come together with a whole bunch of clients and they're giving us feedback. But also identifying things for us to work on next. From a support perspective, as you said, we have thousands of clients nowadays, and the really fantastic thing has been very few issues and the issues that we have had, SUSE, SAP and IBM, all three of us together, have been able to resolve them to the customers satisfaction. So it just kind of demonstrates that regardless of where something is invented SUSE with SLES, SAP with HANA, us with our hardware and our hypervisors, when it comes to the clients we all work very closely together for their success. >> Great. Those feedback loops are so critically important to everyone involved. I guess last thing, maybe if you've got a customer example that might highlight the partnership between IBM and SUSE? >> Yeah, there's a number of them and we have, I think it's over 60 public references together with SUSE of clients who are doing an SAP HANA with SUSE Empower. But a couple that come to mind, obviously Robert Bosch is a fantastic client for all of us. A fantastic partner. And they've been with us almost from the very beginning, together with SUSE and together with us. And they helped us to identify early on some things that they would like to be able to see supported. Some capabilities that they expected to be able to have, especially given that Bosch had a strong knowledge of IBM technology, IBM product. And they wanted to be able to apply some of the same capabilities around Live Partition Mobility and large size L-bars for HANA and things like that. And they worked very closely with SUSE and with us, and with SAP, to not just give us the requirement, but really help us to identify okay, how should this work? Right, it's not just creating the technology and adding more and more features but how do we integrate it, how do we integrate it in to Bosch, who had created a fantastic self-provisioning type of a portal for all of their clients, all of their internal entities around the world. That was really cool and it really kind of helped us to highlight how we could integrate into tools, monetary, and reporting, etc that our clients have. Another example if I can, is Richemont. Richemont International is based in Geneva. Luxury brand. And Helga Delterad who was the Director of Idea at the time, kind of came to me and gave me a challenge. He said, "Look, I love HANA Power. I love that we can do all of these things with it. But I really would like be able to share processors across multiple HANA instances. That would really reduce the bill. It would really reduce the cost. And Richemont would be able to achieve a much quicker return on investment than we had anticipated." So, he gave us a challenge. The challenge went to everybody. It went to SUSE, to us and to SAP, we all got together and again with Helga being the executive sponsor on the client side, he really kind of worked with all of us. Brought us together and it was a power of the possible type of situation that now is generally available to all clients. And it's thanks to Helga, thanks to Richemont, who brought us together and gave us that challenge. >> Excellent. Well Vincenta Morante, great to catch up with you. Thanks so much for sharing the update on IBM Power and the partnership with SUSE. >> Thanks Stu. >> All right, we'll be back with more coverage from SUSECON Digital '20. I'm Stu Miniman and as always, thank you for watching theCUBE. (upbeat music plays)