(energetic music plays) >> Lisa: Hey everyone, we're so glad you're here with us. theCUBE is covering Cloud Native Security Con 23. Lisa Martin here with John Furrier. This is our second day of coverage of the event. We've had some great conversations with a lot of intellectual, exciting folks, as you know cuz you've been watching. John and I are very pleased to welcome back one of our alumni to theCUBE Taylor Dolezal joins us the head of ecosystem at CNCF. Taylor, welcome back to theCUBE. Great to see you. >> Taylor: Hey everybody, great to see you again. >> Lisa: So you are on the ground in Seattle. We're jealous. We've got fomo as John would say. Talk to us about, this is a inaugural event. We were watching Priyanka keynote yesterday. Seemed like a lot of folks there, 72 sessions a lot of content, a lot of discussions. What's the buzz, what's the reception of this inaugural event from your perspective? >> Taylor: So it's been really fantastic. I think the number one thing that has come out of this conference so far is that it's a wonderful chance to come together and for people to see one another. It's, it's been a long time that we've kind of had that opportunity to be able to interact with folks or you know, it's just a couple months since last Cube Con. But this is truly a different vibe and it's nice to have that focus on security. We're seeing a lot of folks within different organizations work through different problems and then finally have a vendor neutral space in which to talk about all of those contexts and really raise everybody up with all this new knowledge and new talking points, topics, and different facets of knowledge. >> John: Taylor, we were joking on our yesterday's summary of the keynotes, Dave Vellante and I, and the guests, Lisa and I, about the CNCF having an event operating system, you know, very decoupled highly cohesive events, strung together beautifully through the Linux Foundation, you know, kind of tongue in cheek but it was kind of fun to play on words because it's a very technical community. But the business model of, of hackers is booming. The reality of businesses booming and Cloud Native is the preferred developer environment for the future application. So the emphasis, it's very clear that this is a good move to do and targeting the community around security's a solid move. Amazon's done it with reinforce and reinvent. We see that Nice segmentation. What's the goal? Because this is really where it connects to Cube Con and Cloud Native Con as well because this shift left there too. But here it's very much about hardcore Cloud Native security. What's your positioning on this? Am I getting it right or is there is that how you guys see it? >> Taylor: Yeah, so, so that's what we've see that's what we were talking about as well as we were thinking on breaking this event out. So originally this event was a co-located event during the Cube Con windows in both Europe and North America. And then it just was so consistently popular clearly a topic that people wanted to talk, which is good that people want to talk of security. And so when we saw this massive continued kind of engagement, we wanted to break this off into its own conference. When we were going through that process internally, like you had mentioned the events team is just phenomenal to work with and they, I love how easy that they make it for us to be able to do these kinds of events too though we wanted to talk through how we differentiate this event from others and really what's changed for us and kind of how we see this space is that we didn't really see any developer-centric open source kinds of conferences. Ones that were really favoring of the developer and focus on APIs and ways in which to implement these things across all of your workloads within your organization. So that's truly what we're looking to go for here during these, all of these sessions. And that's how it's been playing out so far which has been really great to see. >> John: Taylor, I want to ask you on the ecosystem obviously the built-in ecosystem at CNCF.IO with Cube Cons Cloud Cons there, this is a new ecosystem opportunity to add more people that are security focused. Is their new entrance coming into the fold and what's been the reaction? >> Taylor: So short answer is yes we've seen a huge uptick across our vendor members and those are people that are creating Cloud offerings and selling those and working with others to implement them as well as our end users. So people consuming Cloud Native projects and using them to power core parts of their business. We have gotten a lot of data from groups like IBM and security, IBM security and put 'em on institute. They gave us a cost of data breach report that Priyanka mentioned and talked about 43% of those organizations haven't started or in the early stages of updating security practices of their cloud environments and then here on the ground, you know, talking through some best practices and really sharing those out as well. So it's, I've gotten to hear pieces and parts of different conversations and and I'm certain we'll hear more about those soon but it's just really been great to, to hear everybody with that main focus of, hey, there's more that we can do within the security space and you know, let's let's help one another out on that front just because it is such a vast landscape especially in the security space. >> Lisa: It's a huge landscape. And to your point earlier, Taylor it's everyone has the feeling that it's just so great to be back together again getting folks out of the silos that they've been operating in for such a long time. But I'd love to get some of your, whatever you can share in terms of some of the Cloud Native security projects that you've heard about over the last day or so. Anything exciting that you think is really demonstrating the value already and this inaugural event? >> Taylor: Yes, so I I've been really excited to hear a lot of, personally I've really liked the talks around EBPF. There are a whole bunch of projects utilizing that as far as runtime security goes and actually getting visibility into your workloads and being able to see things that you do expect and things that you don't expect and how to remediate those. And then I keep hearing a lot of talks about open policy agents and projects like Caverno around you know, how do we actually automate different policies or within regulated industries, how do we actually start to solve those problems? So I've heard even more around CNCF projects and other contexts that have come up but truly most of them have been around the telemetry space EBPF and, and quite a few others. So really great to, to see all those projects choosing something to bind to and making it that much more accessible for folks to implement or build on top of as well. >> John: I love the reference you guys had just the ChatGPT that was mentioned in the keynote yesterday and also the reference to Dan Kaminsky who was mentioned on the reference to DNS and Bind, lot of root level security going on. It seems like this is like a Tiger team event where all the top alpha security gurus come together, Priyanka said, experts bottoms up, developer first practitioners, that's the vibe. Is that kind of how you guys want it to be more practitioners hardcore? >> Taylor: Absolutely, absolutely. I think that when it comes to security, we really want to help. It's definitely a grassroots movement. It's great to have the people that have such a deep understanding of certain security, just bits of knowledge really when it comes to EBPF. You know, we have high surveillance here that we're talking things through. Falco is here with Sysdig and so it it's great to have all of these people here, though I have seen a good spread of folks that are, you know, most people have started their security journey but they're not where they want to be. And so people that are starting at a 2 0 1, 3 0 1, 4 0 1 level of understanding definitely seeing a good spread of knowledge on that front. But it's really, it's been great to have folks from all varying experiences, but then to have the expertise of the folks that are writing these specifications and pushing the boundaries of what's possible with security to to ensure that we're all okay and updated on that front too, I think was most notable yesterday. Like you had said >> Lisa: Sorry Taylor, when we think of security, again this is an issue that, that organizations in every industry face, nobody is immune to this. We can talk about the value in it for the hackers in terms of ransomware alone for example. But you mentioned a stat that there's a good amount of organizations that are really either early in their security journeys or haven't started yet which kind of sounds a bit scary given the landscape and how much has changed in the last couple of years. But it sounds like on the good news front it isn't too late for organizations. Talk a little bit about some of the recommendations and best practices for those organizations who are behind the curve knowing that the next attack is going to happen. >> Taylor: Absolutely. So fantastic question. I think that when it comes to understanding the fact that people need to implement security and abide by best practices, it's like I I'm sure that many of us can agree on that front, you know, hopefully all of us. But when it comes to actually implementing that, that's I agree with you completely. That's where it's really difficult to find where where do I start, where do I actually look at? And there are a couple of answers on that front. So within the CNTF ecosystem we have a technical action group security, so tag security and they have a whole bunch of working groups that cover different facets of the Cloud Native experience. So if you, for example, are concerned about runtime security or application delivery concerns within there, those are some really good places to find people knowledgeable about, that even when the conference isn't going on to get a sense of what's going on. And then TAG security has also published recently version two of their security report which is free accessible online. They can actually look through that, see what some of the recent topics are and points of focus and of interest are within our community. There are also other organizations like Open SSF which is taking a deeper dive into security. You know, initially kind of having a little bit more of an academic focus on that space and then now getting further into things around software bill materials or SBOMs supply chain security and other topics as well. >> John: Well we love you guys doing this. We think it's very big deal. We think it's important. We're starting to see events post COVID take a certain formation, you know joking aside about the event operating systems smaller events are happening, but they're tied together. And so this is key. And of course the critical need is our businesses are under siege with threats, ransomware, security challenges, that's IT moves to Cloud Native, not everyone's moved over yet. So that's in progress. So there's a huge business imperative and the hackers have a business model. So this isn't like pie in the sky, this is urgent. So, that being said, how do you see this developing from who should attend the next one or who are you looking for to be involved to get input from you guys are open arms and very diverse and great great culture there, but who are you looking for? What's the makeup persona that you hope to attract and nurture and grow? >> Taylor: Absolutely. I, think that when it comes to trying the folks that we're looking for the correct answer is it varies you know, from, you know, you're asking Priyanka or our executive director or Chris Aniszczyk our CTO, I work mostly with the end users, so for me personally I really want to see folks that are operating within our ecosystem and actually pulling these down, these projects down and using them and sharing those stories. Because there are people creating these projects and contributing to them might not always have an idea of how they're used or how they can be exploited too. A lot of these groups that I work with like Mercedes or Intuit for example, they're out there in the world using these, these projects and getting a sense for, you know, what can come up. And by sharing that knowledge I think that's what's most important across the board. So really looking for those stories to be told and novel ways in which people are trying to exploit security and attacking the supply chain, or building applications, or just things we haven't thought about. So truly that that developer archetype is really helpful to have the consumers, the end users, the folks that are actually using these. And then, yeah, and I'm truly anywhere knowledgeable about security or that wants to learn more >> John: Super important, we're here to help you scale those stories up whatever you need, send them our way. We're looking forward to getting those. This is a super important movement getting the end users who are on the front lines bringing it back into the open, building, more software, making it secure and verified, all super important. We really appreciate the mission you guys are on and again we're here to help. So send those stories our way. >> Taylor: Cool, cool. We couldn't do it without you. Yeah, just everyone contributing, everyone sharing the news. This is it's people, people is the is the true operating system of our ecosystem. So really great to, really great to share. >> Lisa: That's such a great point Taylor. It is all about people. You talked about this event having a different vibe. I wanted to learn a little bit more about that as we, as we wrap up because there's so much cultural change that's required for organizations to evolve their security practices. And so people of course are at the center of culture. Talk a little bit about why that vibe is different and do you think that yeah, it's finally time. Everyone's getting on the same page here we're understanding, we're learning from each other. >> Taylor: Yes. So, so to kind of answer that, I think it's really a focus on, there's this term shift left and shift right. And talking about where do we actually put security in the mix as it comes to people adopting this and and figuring out where things go. And if you keep shifting at left, that meaning that the developers should care more deeply about this and a deeper understanding of all of these, you know, even if it's, even if they don't understand how to put it together, maybe understand a little bit about it or how these topics and, and facets of knowledge work. But you know, like with anything, if you shift everything off to one side or the other that's also not going to be efficient. You know, you want a steady stream of knowledge flowing throughout your whole organization. So I think that that's been something that has been a really interesting topic and, and hearing people kind of navigate and try to get through, especially groups that have had, you know, deployed an app and it's going to be around for 40 years as well. So I think that those are some really interesting and unique areas of focus that I've come up on the floor and then in a couple of the sessions here >> Lisa: There's got to be that, that balance there. Last question as we wrap the last 30 seconds or so what are you excited about given the success and the momentum of day one? What excites you about what's ahead for us on day two? >> Taylor: So on day two, I'm really, it's, there's just so many sessions. I think that it was very difficult for me to, you know pick which one I was actually going to go see. There are a lot of favorites that I had kind of doubled up at each of the time so I'm honestly going to be in a lot of the sessions today. So really excited about that. Supply chain security is definitely one that's close to my heart as well but I'm really curious to see what new topics, concepts or novel ideas people have to kind of exploit things. Like one for example is a package is out there it's called Browser Test but somebody came up with one called Bowser Test. Just a very simple misname and then when you go and run that it does a fake kind of like, hey you've been exploited and just even these incorrect name attacks. That's something that is really close and dear to me as well. Kind of hearing about all these wild things people wouldn't think about in terms of exploitation. So really, really excited to hear more stories on that front and better protect myself both at home and within the Cloud Community as I stand these things up. >> Lisa: Absolutely you need to clone yourself so that you can, there's so many different sessions. There needs to be multiple versions of Taylor that you can attend and then you can all get together and talk about and learn. But that's actually a really good problem to have as we mentioned when we started 72 sessions yesterday and today. Lots of great content. Taylor, we thank you for your participation. We thank you for bringing the vibe and the buzz of the event to us and we look forward as well to hearing and seeing what day two brings us today. Thank you so much for your time Taylor. >> Taylor: Thank you for having me. >> John: All right >> Lisa: Right, for our guest and John Furrier, I'm Lisa Martin. You're watching theCube's Day two coverage of Cloud Native Security Con 23. (energetic music plays)

>>The cube presents, Coon and cloud native con Europe, 2022, brought to you by red hat, the cloud native computing foundation and its ecosystem partners. >>Welcome to Valencia Spain in Coon cloud native con 2022 Europe. I'm Keith Townsend, along with my cohot on Rico senior, Etti senior it analyst at gig home. We are talking to amazing people, creators people contributing to all these open source projects. Speaking of open source on Rico. Talk to me about the flavor of this show versus a traditional like vendor show of all these open source projects and open source based companies. >>Well, first of all, I think that the real difference is that this is a real conference. Hmm. So real people talking about, you know, projects about, so the, the open source stuff, the experiences are, you know, on stage and there are not really too many product pitches. It's, it's about, it's about the people. It's about the projects. It's about the, the challenges they had, how they, you know, overcome some of them. And, uh, that's the main difference. I mean, it's very educative informative and the kind of people is different. I mean, developers, you know, SREs, you know, you find ends on people. I mean, people that really do stuff that that's a real difference. I mean, uh, quite challenginghow discussing with them, but really, I mean, because they're really opinionated, but >>So we're gonna get talked to, to a company that has boosts on the ground doing open source since the, almost the start mm-hmm <affirmative> Kirsten newcomer, director of hybrid platform security at red hat and, uh, Connor Gorman, senior principal software engineer at red hat. So Kirsten, we're gonna start with you security and Kubernetes, you know, is Kubernetes. It's a, it's a race car. If I wanted security, I'd drive a minivan. <laugh> >>That's, that's a great frame. I think, I think though, if we stick with your, your car analogy, right, we have seen cars in cars and safety in cars evolve over the years to the point where you have airbags, even in, you know, souped up cars that somebody's driving on the street, a race car, race cars have safety built into, right. They do their best to protect those drivers. So I think while Kubernetes, you know, started as something that was largely, you know, used by Google in their environment, you know, had some perimeter based security as Kubernetes has become adopted throughout enterprises, as people. And especially, you know, we've seen the adoption accelerate during the pandemic, the move to both public cloud, but also private cloud is really accelerated. Security becomes even more important. You can't use Kubernetes in banking without security. You can't use it, uh, in automotive without security telco. >>And Kubernetes is, you know, Telco's adoption, Telco's deploying 5g on Kubernetes on open shift. Um, and, and this is just so the security capabilities have evolved over time to meet the customers and the adopters really red hat because of our enterprise customer base, we've been investing in security capabilities and we make those contributions upstream. We've been doing that really from the beginning of our adoption of Kubernetes, Kubernetes 1.0, and we continue to expand the security capabilities that we provide. And which is one of the reasons, you know, the acquisition of stack rocks was, was so important to us. >>And, and actually we are talking about security at different levels. I mean, so yeah, and different locations. So you are securing an edge location differently than a data center or, or, or maybe, you know, the cloud. So there are application level security. So there are so many angles to take this. >>Yeah. And, and you're right. I mean, I, there are the layers of the stack, which starts, you know, can start at the hardware level, right. And then the operating system, the Kubernetes orchestration all the services, you need to have a complete Kubernetes solution and application platform and then the services themselves. And you're absolutely right. That an edge deployment is different than a deployment, uh, on, you know, uh, AWS or in a private da data center. Um, and, and yet, because there is this, if you, if you're leveraging the heart of Kubernetes, the declarative nature of Kubernetes, you can do Kubernetes security in a way that can be consistent across these environments with the need to do some additions at the edge, right? You may, physical security is more important at the edge hardware based encryption, for example, whereas in a, in a cloud provider, your encryption might be at the cloud provider storage layer rather than hardware. >>So how do you orchestrate, because we are talking about orchestration all day and how do you orchestrate all these security? >>Yep. So one of the things, one of the evolutions that we've seen in our customer base in the last few years is we used to have, um, a small number of large clusters that our customers deployed and they used in a multi-tenant fashion, right? Multiple teams from within the organization. We're now starting to see a larger number of smaller clusters. And those clusters are in different locations. They might be, uh, customers are both deploying in public cloud, as well as private, you know, on premises, um, edge deployments, as you mentioned. And so we've invested in, uh, multi cluster management and, or, you know, sort of that orchestration for orchestrators, right? The, and because again of the declarative nature of Kubernetes, so we offer, uh, advanced cluster management, red hat, advanced cluster management, which we open sourced as the multi cluster engine CE. Um, so that component is now also freely available, open source. We do that with everything. So if you need a way to ensure that you have managed the configuration appropriately across all of these clusters in a declarative fashion, right. It's still YAML, it's written in YAML use ACM use CE in combination with a get ops approach, right. To manage that, uh, to ensure that you've got that environment consistent. And, and then, but then you have to monitor, right. You have to, I'm wearing >>All of these stack rocks >>Fits in. I mean, yeah, sure. >>Yeah. And so, um, you know, we took a Kubernetes native approach to securing all of this. Right. And there's kind of, uh, we have to say, there's like three major life cycles. You have the build life cycle, right. You're building these imutable images to go deployed to production. Right. That should never change that are, you know, locked at a point in time. And so you can do vulnerability scanning, you can do compliance checks at that point right. In the build phase. But then you put those in a registry, then those go and be deployed on top of Kubernetes. And you have the configuration of your application, you know, including any vulnerabilities that may exist in those images, you have the R back permissions, right. How much access does it have to the cluster? Is it exposed on the internet? Right. What can you do there? >>And then finally you have, the runtime perspective of is my pod is my container actually doing what I think it's supposed to do. Is it accessing all the right things? Is it running all the right processes? And then even taking that runtime information and influencing the configuration through things like network policies, where we have a feature called process baselining that you can say exactly what processes are supposed to run in this pod. Um, and then influencing configuration in that way to kind of be like, yeah, this is what it's doing. And let's go stamp this, you know, declaratively so that when you deploy it the next time you already have security built in at the Kubernetes level. >>So as we've talked about a couple of different topics, the abstraction layers, I have security around DevOps. So, you know, I have multi tendency, I have to deal with, think about how am I going to secure the, the, the Kubernetes infrastructure itself. Then I have what seems like you've been talking about here, Connor, which is dev SecOps mm-hmm <affirmative> and the practice of securing the application through policy. Right. Are customers really getting what's under the hood of dev SecOps? >>Do you wanna start or yeah. >>I mean, I think yes and no. I think, um, you know, we've, some organizations are definitely getting it right. And they have teams that are helping build things like network policies, which provide network segmentation. I think this is huge for compliance and multi-tenancy right. Just like containers, you know, one of the main benefits of containers, it provides this isolation between your applications, right? And then everyone's familiar with the network firewall, which is providing network segmentation, but now in between your applications inside Kubernetes, you can create, uh, network segmentation. Right. And so we have some folks that are super, super far along that path and, and creating those. And we have some folks who have no network policies except the ones that get installed with our products. Right. And then we say, okay, how can we help you guys start leveraging these things and, and creating maybe just basic name, space isolation, or things like that. And then trying to push that back into more the declarative approach. >>So some of what I think we hear from, from what Connor just te teed up is that real DevSecOps requires breaking down silos between developers, operations and security, including network security teams. And so the Kubernetes paradigm requires, uh, involvement actually, in some ways, it, it forces involvement of developers in things like network policy for the SDN layer, right? You need to, you know, the application developer knows which, what kinds of communication he or she, his app or her app needs to function. So they need to define, they need to figure out those network policies. Now, some network security teams, they're not familiar with YAML, they're not necessary familiar with software development, software defined networking. So there's this whole kind of, how do we do the network security in collaboration with the engineering team? And when people, one of the things I worry about, so DevSecOps it's technology, but it's people in process too. >>Right. And one of the things I think people are very comfortable adopting vulnerability scanning early on, but they haven't yet started to think about the network security angle. This is one area that not only do we have the ability in ACS stack rocks today to recommend a network policy based on a running deployment, and then make it easy to deploy that. But we're also working to shift that left so that you can actually analyze app deployment data prior to it being deployed, generate a network policy, tested out in staging and, and kind of go from the beginning. But again, people do vulnerability analysis shift left, but they kind of tend to stop there and you need to add app config analysis, network communication analysis, and then we need appropriate security gates at deployment time. We need the right automation that helps inform the developers. Not all developers have security expertise, not all security people understand a C I C D pipeline. Right. So, so how, you know, we need the right set of information to the right people in the place they're used to working in order to really do that infinity loop. >>Do you see this as a natural progression for developers? Do they really hit a wall before, you know, uh, finding out that they need to progress in, in this, uh, methodology? Or I know >>What else? Yeah. So I think, I think initially there's like a period of transition, right? Where there's sometimes there's opinion, oh, I, I ship my application. That's what I get paid for. That's what I do. Right. <laugh> um, and, and, but since, uh, Kubernetes has basically increased the velocity of developers on top, you know, of the platform in order to just deploy their own code. And, you know, we have every, some people have commits going to production, you know, every commitment on the repo goes to production. Right. Um, and so security is even more at the forefront there. So I think initially you hit a little bit of a wall security scans in CI. You could get some failures and some pushback, but as long as these are very informative and actionable, right. Then developers always wanna do the right thing. Right. I mean, we all want to ship secure code. >>Um, and so if you can inform you, Hey, this is why we do this. Or, or here's the information about this? I think it's really important because I'm like, right, okay. Now when I'm sending my next commits, I'm like, okay, these are some constraints that I'm thinking about, and it's sort of like a mindset shift, but I think through the tooling that we like know and love, and we use on top of Kubernetes, that's the best way to kind of convey that information of, you know, honestly significantly smaller security teams than the number of developers that are really pushing all of this code. >>So let's scale out what, talk to me about the larger landscape projects like prime cube, Litner, OPPI different areas of investment in, in, in security. Talk to me about where customers are making investments. >>You wanna start with coup linter. >>Sure. So coup linter was a open source project, uh, when we were still, uh, a private company and it was really around taking some of our functionality on our product and just making it available to everyone, to basically check configuration, um, both bridging DevOps and SecOps, right? There's some things around, uh, privileged containers, right? You usually don't wanna deploy those into your environment unless you really need to, but there's other things around, okay, do I have anti affinity rules, right. Am I running, you know, you can run 10 replicas of a pod on the same node, and now your failure domain is a single node. Now you want them on different nodes, right. And so you can do a bunch of checks just around the configuration DevOps best practices. And so we've actually seen quite a bit of adoption. I think we have like almost 2000 stars on, uh, and super happy to see people just really adopt that and integrate it into their pipelines. It's a single binary. So it's been super easy for people to take it into their C I C D and just, and start running three things through it and get, uh, you know, valuable insights into, to what configurations they should change. Right. >>And then if you're, if you were asking about things like, uh, OPPA, open policy agent and OPPA gatekeeper, so one of the things happening in the community about OPPA has been around for a while. Uh, they added, you know, the OPPA gatekeeper as an admission controller for Cobe. There's also veno another open source project that is doing, uh, admission as the Kubernetes community has, uh, kind of is decided to deprecate pod security policies, um, which had a level of complexity, but is one of the key security capabilities and gates built into Kubernetes itself. Um, OpenShift is gonna continue to have security context constraints, very similar, but it prevents by default on an OpenShift cluster. Uh, not a regular user cannot deploy a privileged pod or a pod that has access to the host network. Um, and there's se Linux configuration on by default also protects against container escapes to the file system or mitigates them. >>So pod security policies were one way to ensure that kind of constraint on what the developer did. Developers might not have had awareness of what was important in terms of the level of security. And so again, the cube and tools like that can help to inform the developer in the tools they use, and then a solution like OPPA, gatekeeper, or SCCs. That's something that runs on the cluster. So if something got through the pipeline or somebody's not using one of these tools, those gates can be leveraged to ensure that the security posture of the deployment is what the organization wants and OPPA gatekeeper. You can do very complex policies with that. And >>Lastly, talk to me about Falco and Claire, about what Falco >>Falco and yep, absolutely. So, um, Falco, great runtime analysis have been and something that stack rocks leveraged early on. So >>Yeah, so yeah, we leveraged, um, some libraries from Falco. Uh, we use either an EB P F pro or a kernel module to detect runtime events. Right. And we, we primarily focus on network and process activity as, um, as angles there. And then for Claire, um, it's, it's now within red hat again, <laugh>, uh, through the acquisition of cores, but, uh, we've forked in added a bunch of things around language vulnerabilities and, and different aspects that we wanted. And, uh, and you know, we're really interested in, I think, you know, the code bases have diversion a little bit Claire's on V4. We, we were based off V2, but I think we've both added a ton of really great features. And so I'm really looking forward to actually combining all of those features and kind of building, um, you know, we have two best of best of breed scanners right now. And I'm like, okay, what can we do when we put them together? And so that's something that, uh, I'm really excited about. >>So you, you somehow are aiming at, you know, your roadmap here now putting everything together. And again, orchestrated well integrated yeah. To, to get, you know, also a simplified experience, because that could be the >>Point. Yeah. And, and as you mentioned, you know, it's sort of that, that orchestration of orchestrators, like leveraging the Kubernetes operator principle to, to deliver an app, an opinionated Kubernetes platform has, has been one of the key things we've done. And we're doing that as well for security out of the box security policies, principles based on best practices with stack rocks that can be leveraged in the community or with red hat, advanced cluster security, combining our two scanners into one clear based scanner, contributing back, contributing back to Falco all of these things. >>Well, that speaks to the complexity of open source projects. There's a lot of overlap in reconciling. That is a very difficult thing. Kirsten Connor, thank you for joining the cube Connor. You're now a cube alone. Welcome to main elite group. Great. From Valencia Spain, I'm Keith Townsend, along with en Rico senior, and you're watching the cue, the leader in high tech coverage.

(upbeat bright music) >> Hello, welcome back to theCUBE's main stage coverage of DockerCon 2022. I'm John for your host of theCUBE. We have Knox Anderson, vice president of Product Management, Sysdig. Knox, welcome to theCUBE. >> Thanks for having me. Glad to be back. >> So IAC containers is going crazy madness in terms of adoption, standard, even mainstream enterprise, IT and cloud are all containerized. It's only getting better, and it increases the complications when you start thinking about scale and supportability. This is a huge discussion, and it ranges from how do you support, how do you run operations, how do you secure in the supply chain. All this is happening, and with the growth of cloud and server (indistinct) seeing Kubernetes at the center of everything. So I got to ask you, how has Kubernetes changed how you secure cloud infrastructure? >> Yeah, so Kubernetes is really the modern operating system for the cloud. And with that, you get a lot of facilities. So you get things like Kubernetes' network policies, you can use things like admission controllers. And with that, you're securing multiple layers, whether it's the control plane, individual workloads. And so there's a nice mixture of built-in tools, and part of the Kubernetes platform that then you can leverage to do prevention, auditing, and things like that. But it really requires an entire rethink of your stack and the tools you bring in alongside your people and processes. And so it's an exciting time because it gives you an opportunity to be more secure, but really have to rethink your approach there. >> And I want to get into the whole observability trend here 'cause you start thinking about the mobility, what containers enables. And getting all the data is everything. And then also that feeds into kind of having a good sense of what is going on. And when you hear about shift left and data as code, you know, developers don't want to get stopped coding, right? And then have to come back and go dig into things that they thought they had taken care of. So you kind of got this kind of flywheel going in the wrong direction. So that's causing teams to be disrupted. So how do teams keep up with the changes to the containerized applications or what to prioritize around that? Because if I shift left, am I done or what? And these are the things that come up all the time. >> Yeah. You have to shift left but also watch the right. Like, shifting left is a little bit harder from a people and process perspective. Like you put a tool in place, then it's a gating factor for getting in. And so that runtime context on the right is equally as important. And it's often easier to roll out a runtime tool just because you're not going in and introducing new processes. And that runtime visibility can also make shift left much better. If you're scanning a container image, you might get a thousand different vulnerabilities that you need to address, but only three of those are in packages that are actually executed at runtime. And so we recently released a feature called risk spotlight which does that exact feedback loop. And that's something that's important whether you're addressing vulnerabilities, misconfigurations, or responding to event. What's on the right, what's on the left, and then tie those together. >> Yeah, it's like left, right, it's like driving training here in the United States. You got a stop sign, you want to be moving, always be moving. I got to ask you what are some of the side effects of infrastructure automation and the result in code artifacts? >> Yeah, it's really, like, Kubernetes is nice because it's a declarative system, but it doesn't always work out that way. Like, someone might have a Helm chart and then someone else changes it in production. So understanding what is drift is really important in these environments. And then it also has enabled real remediation workflows. I think previously, you might patch something, a week later there's a new deploy, that patch gets written over. And so because Kubernetes and the rise of IAC, it's now easier to see a misconfiguration in production, open a poll request, and then fix that at source, which provides that full kind of visibility across those different environments. And it allows you to actually fix issues versus constantly being in that kind of whack-a-mole of patching things and moving on. >> Yeah, I mean this is all about cloud native development, and you look at, you know, some of the things going on, you're starting to see best practices developed. What do you guys see as a best practice for getting started with designing and securing cloud native applications? What are some of the tools that people should look at for beginners and for the entry-level position? And then as they get traction, what does that turn into? >> Yeah, so the pattern we've often seen is like someone gets started on the open source side, whether you're using Open Policy Agent or Falco, which Laurice who've you met with before created. And so really when you're starting, choose kind of the open source option. Learn from that. And then often what we've seen with customers is at scale, there's some companies like if you're in Uber, or Snapchat, and Apple, you can maybe build something around open source, but a lot of other people start to really consolidate platforms that are built on top of those open source technologies, and trying to get that really single view into what's happening in their environment, what are those events. And the thing that I would say, process wise, is most important is build that container center of excellence, that cloud center of excellence, whatever you call it, that brings together people from your ops team, your infrastructure team, your dev team, your security team. Everyone's got to have a seat at the table to have containers be successful. It's a big shift, and if you do it right, it really takes off, but each team really needs to be included there. >> Yeah, there's a lot of operational discussions going on around the devs, and the devs are being pulled to the front lines. We've been saying this for a decade, but now when you got edge computing, you got cloud native operations, on-premises, you start to see that they're getting pulled even further to the frontline. So, you know, what are you guys up to Sysdig? You know, they got a lot of developers here at DockerCon, what's in it for them? Why Sysdig, why should they care? What would you say to the old developers that are watching? What's in it for them? >> Yeah, we really make it easier for you to prioritize what to fix and what to address in your environment. I know I've built something before and like, my test suite or my scanner just lights up like a Christmas tree, and you just want to move to another task because it's just too much to deal with at that time. And so we really help you focus on what matters and get the most bang for your buck. Everyone has way too much time or too many things going on and not enough time. And so being able to understand effective risk, your different vulnerabilities, what to fix, is really key to delivering secure software. >> I mean, it's like a doctor needs to know what to work on with the patient, if you will, when to, and what's important, and then the dependencies, and you got, a system's mindset, you got to know what the consequences. So it sounds easy, just knock down a list of things, but isn't that easy. You got to want to hit things that you know that will be, to have an impact right away. That seems to be the big aha moment here. >> Yeah, definitely. >> So we're going to be at KubeCon in Europe, you guys going to have booth there, what's the quick plug for the company? Give a shout out to what's happening at Sysdig and cloud native world. >> Yeah, really excited to be in Valencia. We have a ton of people at, sorry, at DockerCon with, giving a couple different talks here. So the first is Master Your Container Security Model and then Software Supply Chain Security and Standards. On the supply chain one, we're getting deep into SBOMs. So if that's a topic that's important to you, please join that one. >> Awesome, and then that's a big topic supply chain. We've got a minute and a half left. What's the most important thing people should pay attention to as open source continues to grow in prominence, not just from a code standpoint, but as a social environment, as people's doing ventures and venture capitalists are mining the area, what should they pay attention to as supply chain becomes important, what's the big thing? >> There's a lot of companies I think going around the SBOM space, and kind of trying to certify like where did this come from, and have that providence across the entire supply chain. We, under the hood, use those SBOMs to understand kind of what have you built, what packages are used, and then tie that with that runtime data. So a lot of the things that we talked around before with RiskSpotlight is based on that deep SBOM knowledge. And that's something that, I think the standards are still getting kind of worked out where there's CycloneDX, SBX. And so people really are saying, "Hey, I need to generate SBOMs," and we're regenerating them, but there's going to be more and more applications on "Okay what do you do with that? How does it integrate with other tools?" So it's kind of I think in the little bit of the early data lake phases where it's like, "I've taken all my data, I put it here. Now I need to do more with it." And so that's where I think we'll start to see some pretty exciting things over the next year or two. >> It's super exciting. On one hand you got the attackers, and that's a zero trust environment, and you get the builders, the developers where trust is everything. You got to know what it's in the code. It's really interesting time and super important to scale. So Knox, thanks for for coming on theCUBE and sharing the Sysdig update. Appreciate it, thanks for coming on. Now back to you at the DockerCon main stage, this is theCUBE. I'm John for your host. Thanks for watching. (upbeat bright music)

(upbeat music) >> Hello, and welcome to this startup showcase. It's great to be here and talk about some of the innovations we are doing at AWS, how we work with our partner community, especially our open source partners. My name is Deepak Singh. I run our compute services organization, which is a very vague way of saying that I run a number of things that are connected together through compute. Very specifically, I run a container services organization. So for those of you who are into containers, ECS, EKS, fargate, ECR, App Runner Those are all teams that are within my org. I also run the Amazon Linux and BottleRocketing. So anything AWS does with Linux, both externally and internally, as well as our high-performance computing team. And perhaps very relevant to this discussion, I run the Amazon open source program office. Serving at AWS for over 13 years, almost 14, involved with compute in various ways, including EC2. What that has done has given me a vantage point of seeing how our customers use the services that we build for them, how they leverage various partner solutions, and along the way, how AWS itself has gotten involved with opensource. And I'll try and talk to you about some of those factors and how they impact, how you consume our services. So why don't we get started? So for many of you, you know, one of the things, there's two ways to look at AWS and open-source and Amazon in general. One is the number of contributors you may have. And the number of repositories that contribute to. Those are just a couple of measures. There are people that I work with on a regular basis, who will remind you that, those are not perfect measures. Sometimes you could just contribute to one thing and have outsized impact because of the nature of that thing. But it address being what it is, increasingly we'll look at different ways in which we can help contribute and enhance open source 'cause we consume a lot of it as well. I'll talk about it very specifically from the space that I work in the container space in particular, where we've worked a lot with people in the Kubernetes community. We've worked a lot with people in the broader CNCF community, as well as, you know, small projects that our customers might have got started off with. For example, I want to like talking about is Argo CD from Intuit. We were very actively involved with helping them figure out what to do with it. And it was great to see how into it. And we worked, etc, came together to think about get-ups at the Kubernetes level. And while those are their projects, we've always been involved with them. So we try and figure out what's important to our customers, how we can help and then take because of that. Well, let's talk about a little bit more, here's some examples of the kinds of open source projects that Amazon and AWS contribute to. They arranged from the open JDK. I think we even now have our own implementation of Java, the Corretto open source project. We contribute to projects like rust, where we are very active in the rest foundation from a leadership role as well, the robot operating system, just to pick some, we collaborate with Facebook and actively involved with the pirates project. And there's many others. You can see all the logos in here where we participate either because they're important to us as AWS in the services that we run or they're important to our customers and the services that they consume or the open source projects they care about and how we get to those. How we get and make those decisions is often depends on the importance of that particular project. At that point in time, how much impact they're having to AWS customers, or sometimes very feel that us contributing to that project is super critical because it helps us build more robust services. I'll talk about it in a completely, you know, somewhat different basis. You may have heard of us talk about our new next generation of Amazon Linux 2022, which is based on fedora as its sub stream. One of the reasons we made this decision was it allows us to go and participate in the preneurial project and make sure that the upstream project is robust, stays robust. And that, that what that ends up being is that Amazon Linux 2022 will be a robust operating system with the kinds of capabilities that our customers are asking for. That's just one example of how we think about it. So for example, you know, the Python software foundation is something that we work with very closely because so many of our customers use Python. So we help run something like PyPy which is many, you know, if you're a Python developer, I happened to be a Ruby one, but lots of our customers use Python and helping the Python project be robust by making sure PyPy is available to everybody is something that we help provide credits for help support in other ways. So it's not just code. It can mean many different ways of contributing as well, but in the end code and operations is where we hang our happens. Good examples of this is projects that we will create an open source because it makes sense to make sure that we open source some of the core primitives or foundations that are part of our own services. A great example of that, whether this be things that we open source or things that we contribute to. And I'll talk about both and I'll talk about things near and dear to my heart. There's many examples I've picked the two that I like talking about. The first of these is firecracker. Many of you have heard about it, a firecracker for those of you who don't know is a very lightweight virtual machine manager, which allows you to run these micro VMs. And why was this important many years ago when we started Lambda and quite honestly, Fugate and foggy, it still runs quite a bit in that mode, we used to have to run on VMs like everything else and finding the right VM for the size of tasks that somebody asks for the size of function that somebody asks for is requires us to provision capacity ahead of time. And it also wastes a lot of capacity because Lambda function is small. You won't even if you find the smallest VM possible, those can be a little that can be challenging. And you know, there's a lot of resources that are being wasted. VM start at a particular speed because they have to do a whole bunch of things before the operating system spins up and the virtual machine spins up and we asked ourselves, can we do better? come up with something that allows us to create right size, very lightweight, very fast booting. What's your machines, micro virtual machine that we ended up calling them. That's what led to firecracker. And we open source the project. And today firecrackers use, not just by AWS Lambda or foggy, but by a number of other folks, there's companies like fly IO that are using it. We know people using firecracker to run Kubernetes on prem on bare metal as an example. So we've seen a lot of other folks embrace it and use it as the foundation for building their own serverless services, their own container services. And we think there's a lot of value and learnings that we can bring to the table because we get the experience of operating at scale, but other people can bring to the table cause they may have specific requirements that we may not find it as important from an AWS perspective. So that's firecracker an example of a project where we contribute because we feel it's fundamentally important to us as continually. We were found, you know, we've been involved with continuity from the beginning. Today, we are a whole team that does nothing else, but contribute to container D because container D underlies foggy. It underlies our Kubernetes offerings. And it's increasingly being used by customers directly by their placement. You know, where they're running container D instead of running a full on Docker or similar container engine, what it has allowed us to do is focus on what's important so that we can operate continuously at scale, keep it robust and secure, add capabilities to it that AWS customers need manifested often through foggy Kubernetes, but in the end, it's a win-win for everybody. It makes continuously better. If you want to use containers for yourself on AWS, that's a great way to you. You know, you still, you still benefit from all the work that we're doing. The decision we took was since it's so important to us and our customers, we wanted a team that lived in breathed container D and made sure a super robust and there's many, many examples like that. No, that we ended up participating in, either by taking a project that exists or open sourcing our own. Here's an example of some of the open source projects that we have done from an AWS on Amazon perspective. And there's quite a few when I was looking at this list, I was quite surprised, not quite surprised I've seen the reports before, but every time I do, I have to recount and say, that's a lot more than one would have thought, even though I'd been looking at it for such a long time, examples of this in my world alone are things like, you know, what work had to do with Amazon Linux BottleRocket, which is a container host operating system. That's been open-sourced from day one. Firecracker is something we talked about. We have a project called AWS peril cluster, which allows you to spin up high performance computing clusters on AWS using the kind of schedulers you may use to use like slum. And that's an open source project. We have plenty of source projects in the web development space, in the security space. And more recently things like the open 3d engine, which is something that we are very excited about and that'd be open sourced a few months ago. And so there's a number of these projects that cover everything from tooling to developer, application frameworks, all the way to database and analytics and machine learning. And you'll notice that in a few areas, containers, as an example, machine learning as an example, our default is to go with open source option is where we can open source. And it makes sense for us to do so where we feel the product community might benefit from it. That's our default stance. The CNCF, the cloud native computing foundation is something that we've been involved with quite a bit. You know, we contribute to Kubernetes, be contribute to Envoy. I talked about continuity a bit. We've also contributed projects like CDK 8, which marries the AWS cloud development kit with Kubernetes. It's now a sandbox project in Kubernetes, and those are some of the areas. CNCF is such a wide surface area. We don't contribute to everything, but we definitely participate actively in CNCF with projects like HCB that are critical to eat for us. We are very, very active in just how the project evolves, but also try and see which of the projects that are important to our customers who are running Kubernetes maybe by themselves or some other project on AWS. Envoy is a good example. Kubernetes itself is a good example because in the end, we want to make sure that people running Kubernetes on AWS, even if they are not using our services are successful and we can help them, or we can work on the projects that are important to them. That's kind of how we think about the world. And it's worked pretty well for us. We've done a bunch of work on the Kubernetes side to make sure that we can integrate and solve a customer problem. We've, you know, from everything from models to work that we have done with gravity on our arm processor to a virtual GPU plugin that allows you to share and media GPU resources to the elastic fabric adapter, which are the network device for high performance computing that it can use at Kubernetes on AWS, along with things that directly impact Kubernetes customers like the CDKs project. I talked about work that we do with the container networking interface to the Amazon control of a Kubernetes, which is an open source project that allows you to use other AWS services directly from Kubernetes clusters. Again, you notice success, Kubernetes, not EKS, which is a managed Kubernetes service, because if we want you to be successful with Kubernetes and AWS, whether using our managed service or running your own, or some third party service. Similarly, we worked with premetheus. We now have a managed premetheus service. And at reinvent last year, we announced the general availability of this thing called carpenter, which is a provisioning and auto-scaling engine for Kubernetes, which is also an open source project. But here's the beauty of carpenter. You don't have to be using EKS to use it. Anyone running Kubernetes on AWS can leverage it. We focus on the AWS provider, but we've built it in such a way that if you wanted to take carpenter and implemented on prem or another cloud provider, that'd be completely okay. That's how it's designed and what we anticipated people may want to do. I talked a little bit about BottleRocket it's our Linux-based open-source operating system. And the thing that we have done with BottleRocket is make sure that we focus on security and the needs of customers who want to run orchestrated container, very focused on that problem. So for example, BottleRocket only has essential software needed to run containers, se Linux. I just notice it says that's the lineups, but I'm sure that, you know, Lena Torvalds will be pretty happy. And seeing that SE linux is enabled by default, we use things like DM Verity, and it has a read only root file system, no shell, you can assess it. You can install it if you wanted to. We allowed it to create different bill types, variants as we call them, you can create a variant for a non AWS resource as well. If you have your own homegrown container orchestrator, you can create a variant for that. It's designed to be used in many different contexts and all of that is open sourced. And then we use the update framework to publish and secure repository and kind of how this transactional system way of updating the software. And it's something that we didn't invent, but we have embraced wholeheartedly. It's a bottle rockets, completely open source, you know, have partners like Aqua, where who develop security tools for containers. And for them, you know, something I bought in rocket is a natural partnership because people are running a container host operating system. You can use Aqua tooling to make sure that they have a secure Indiana environment. And we see many more examples like that. You may think so over us, it's all about AWS proprietary technology because Lambda is a proprietary service. But you know, if you look peek under the covers, that's not necessarily true. Lambda runs on top of firecracker, as we've talked about fact crackers and open-source projects. So the foundation of Lambda in many ways is open source. What it also allows people to do is because Lambda runs at such extreme scale. One of the things that firecracker is really good for is running at scale. So if you want to build your own firecracker base at scale service, you can have most of the confidence that as long as your workload fits the design parameters, a firecracker, the battle hardening the robustness is being proved out day-to-day by services at scale like Lambda and foggy. For those of you who don't know service support services, you know, in the end, our goal with serverless is to make sure that you don't think about all the infrastructure that your applications run on. We focus on business logic as much as you can. That's how we think about it. And serverless has become its own quote-unquote "Sort of environment." The number of partners and open-source frameworks and tools that are spun up around serverless. In which case mostly, I mean, Lambda, API gateway. So it says like that is pretty high. So, you know, number of open source projects like Zappa server serverless framework, there's so many that have come up that make it easier for our customers to consume AWS services like Lambda and API gateway. We've also done some of our own tooling and frameworks, a serverless application model, AWS jealous. If you're a Python developer, we have these open service runtimes for Lambda, rust dot other options. We have amount of number of tools that we opened source. So in general, you'll find that tooling that we do runtime will tend to be always be open-sourced. We will often take some of the guts of the things that we use to build our systems like firecracker and open-source them while the control plane, etc, AWS services may end up staying proprietary, which is the case in Lambda. Increasingly our customers build their applications and leverage the broader AWS partner network. The AWS partner network is a network of partnerships that we've built of trusted partners. when you go to the APN website and find a partner, they know that that partner meets a certain set of criteria that AWS has developed, and you can rely on those partners for your own business. So whether you're a little tiny business that wants some function fulfill that you don't have the resources for or large enterprise that wants all these applications that you've been using on prem for a long time, and want to keep leveraging them in the cloud, you can go to APN and find that partner and then bring their solution on as part of your cloud infrastructure and could even be a systems integrator, for example, to help you solve this specific development problem that you may have a need for. Increasingly, you know, one of the things we like to do is work with an apartment community that is full of open-source providers. So a great one, there's so many, and you have, we have a panel discussion with many other partners as well, who make it easier for you to build applications on AWS, all open source and built on open source. But I like to call it a couple of them. The first one of them is TIDELIFT. TIDELIFT, For those of you who don't know is a company that provides SAS based tools to curate track, manage open source catalogs. You know, they have a whole network of maintainers and providers. They help, if you're an independent open developer, or a smart team should probably get to know TIDELIFT. They provide you benefits and, you know, capabilities as a developer and maintainer that are pretty unique and really help. And I've seen a number of our open source community embraced TIDELIFT quite honestly, even before they were part of the APN. But as part of the partner network, they get to participate in things like ISP accelerate and they get to they're officially an advanced tier partner because they are, they migrated the SAS offering onto AWS. But in the end, if you're part of the open source supply chain, you're a maintainer, you are a developer. I would recommend working with TIDELIFT because their goal is making all of you who are developing open source solutions, especially on AWS, more successful. And that's why I enjoy this partnership with them. And I'm looking to do a lot more because I think as a company, we want to make sure that open source developers don't feel like they are not supported because all you have to do is read various forums. It's challenging often to be a maintainer, especially of a small project. So I think with helping with licensing license management, security identification remediation, helping these maintainers is a big part of what TIDELIFT to us and it was great to see them as part of a partner network. Another partner that I like to call sysdig. I actually got introduced to them many years ago when they first launched. And one of the things that happened where they were super interested in some of our serverless stuff. And we've been trying to figure out how we can work together because all of our customers are interested in the capabilities that cystic provides. And over the last few years, he found a number of areas where we can collaborate. So sysdig, I know them primarily in a security company. So people use cystic to secure the bills, detect, you know, do threat response, threat detection, completely continuously validate their posture, get this continuous analytics signal on how they're doing and monitor performance. At the end of it, it's a SAS platform. They have a very nice open source security stack. The one I'm most familiar with. And I think most of you are probably familiar with is Falco. You know, sysdig, a CNCF project has been super popular. It's just to go SSS what 3, 37, 40 million downloads by now. So that's pretty, pretty cool. And they have been a great partner because we've had to do make sure that their solution works at target, which is not a natural place for their software to run, but there was enough demand and interest from our customers that, you know, or both companies leaned in to make sure they can be successful. So last year sister got a security competency. We have a number of specific competencies that we for our partners, they have integration and security hub is great. partners are lean in the way cystic has onto making our customer successful. And working with us are the best partners that we have. And there's a number of open source companies out there built on open source where their entire portfolio is built on open source software or the active participants like we are that we love working with on a day to day basis. So, you know, I think the thing I would like to, as we wind this out in this presentation is, you know, AWS is constantly looking for partnerships because our partners enable our customers. They could be with companies like Redis with Mongo, confluent with Databricks customers. Your default reaction might be, "Hey, these are companies that maybe compete with AWS." but no, I mean, I think we are partners as well, like from somebody at the lower end of the spectrum where people run on top of the services that I own on Linux and containers are SE 2, For us, these partners are just as important customers as any AWS service or any third party, 20 external customer. And so it's not a zero sum game. We look forward to working with all these companies and open source projects from an AWS perspective, a big part of how, where my open source program spends its time is making it easy for our developers to contribute, to open source, making it easy for AWS teams to decide when to open source software or participate in open source projects. Over the last few years, we've made significant changes in how we reduce the friction. And I think you can see it in the results that I showed you earlier in this stock. And the last one is one of the most important things that I say and I'll keep saying that, that we do as AWS is carry the pager. There's a lot of open source projects out there, operationalizing them, running them at scale is not easy. It's not all for whatever reason. It may not have anything to do with the software itself. But our core competency is taking that and being really good at operating it and becoming experts at operating it. And then ideally taking that expertise and experience and operating that project, that software and contributing back upstream. Cause that makes it better for everybody. And I think you'll see us do a lot more of that going forward. We've been doing that for the last few years, you know, in the container space, we do it every day. And I'm excited about the possibilities. With that. Thank you very much. And I hope you enjoy the rest of the showcase. >> Okay. Welcome back. We have Deepak sing here. We just had the keynote closing keynote vice-president of compute services. Deepak. Great to a great keynote, great wisdom and insight from that session. A very notable highlights and cutting edge trends and product information. Thanks for sharing. >> No, anytime it's always good to be here. It's too bad that we still doing this virtually, but always good to talk to you, John. >> We'll get hopefully through this way pretty quickly, I want to jump right in. Cause we don't have a lot of time. I want to get some quick question. You've brought up a good things. Open source innovation. Okay. Going next level. You've seen the rise of super clouds and super apps developing at open source. You're seeing big companies contributing, you know, you mentioned Argo into it. You're seeing that dynamic where companies are forming around this. This is a rising tide. This is, this is actually real. It's not the old school of, okay, here's a project. And then someone manages support and commercialization of it. It's actually platform in cloud scale. This is next gen. >> Yeah. And actually I think it started a few years ago. We can talk about a company that, you know, you're very familiar with as part of this event, which is armory many years ago, Netflix spun off this project called Spinnaker. A Spinnaker is CISED you know, CSED system that was developed at Netflix for their own purposes, but they chose to open solicit. And since then, it's become very popular with customers who want to use it even on prem. And you have a company that spun up on it. I think what's making this world very unique is you have very large companies like Facebook that will build things for themselves like VITAS or Netflix with Spinnaker and open source them. And you can have a lot of discussion about why they chose to do so, etc. But increasingly that's becoming the default when Amazon or Netflix or Facebook or Mehta, I guess you call them these days, build something for themselves for their own needs. The first question we ask ourselves is, should it be opensource? And increasingly we are all saying yes. And here's what happens because of that. It gives an opportunity depending on how you open source it for innovation through commercial deployments, so that you get SaaS companies, you know, that are going to take that product and make it relevant and useful to a very broad number of customers. You build partnerships with cloud providers like AWS, because our customers love this open source project and they need help. And they may choose an AWS managed service, or they may end up working with this partner on a day-to-day basis. And we want to work with that partner because they're making our customers successful, which is one reason all of us are here. So you're having this set of innovation from large companies from, you know, whether they are just consumer companies like Metta infrastructure companies like us, or just random innovation that's happening in an open source project that which ends up in companies being spun up and that foster that innovative innovation and that flywheel that's happening right now. And I think you said that like, this is unique. I mean, you never saw this happen before from so many different directions. >> It really is a nice progression on the business model side as well. You mentioned Argo, which is a great organic thing that was Intuit developed. We just interviewed code fresh. They just presented here in the showcase as well. You seeing the formation around these projects develop now in the community at a different scale. I mean, look at code fresh. I mean, Intuit did it Argo and they're not just supporting it. They're building a platform. So you seeing the dynamics of tools and now emerging the platforms, you mentioned Lambda, okay. Which is proprietary for AWS and your talk powered by open source. So again, open source combined with cloud scale allows for new potential super applications or super clouds that are developing. This is a new phenomenon. This isn't just lift and shift and host on the cloud. This is actually a construction production developer workflow. >> Yeah. And you are seeing consumers, large companies, enterprises, startups, you know, it used to be that startups would be comfortable adopting some of these solutions, but now you see companies of all sizes doing so. And I said, it's not just software it's software, the services increasingly becoming the way these are given, delivered to customers. I actually think the innovation is just getting going, which is why we have this. We have so many partners here who are all in inventing and innovating on top of open source, whether it's developed by them or a broader community. >> Yeah. I liked, I liked the represent container. Do you guys have, did that drove that you've seen a lot of changes and again, with cloud scale and open source, you seeing the dynamics change, whether you're enabling that, and then you see kind of like real big change. So let's take snowflake, a big customer of AWS. They started out as a startup too, but they weren't a data warehouse. They were bringing data warehouse like functionality and then changing everything differently and making it consumable for the cloud. And hence they're huge. So that's a disruption into an incumbent leader or sector. Then you've got new capabilities emerging. What's your thoughts, Deepak? Can you share your vision on how you have the disruption to existing leaders, old guard, if you will, as you guys call them and then new capabilities as these new platforms emerge at a net new functionality, how do you see that emerging? >> Yeah. So I speak from my side of the world. I've lived in over the last few years, which has containers and serverless, right? There's a lot of, if you go to any enterprise and ask them, do you want to modernize the infrastructure? Do you want to take advantage of automated software delivery, continuous delivery infrastructure as code modern observability, all of them will say yes, but they also are still a large enterprise, which has these enterprise level requirements. I'm using the word enterprise a lot. And I usually it's a trigger word for me because so many customers have similar requirements, but I'm using it here as large company with a lot of existing software and existing practices. I think the innovation that's coming and I see a lot of companies doing that is saying, "Hey, we understand the problems you want to solve. We understand the world where you live in, which could be regulated." You want to use all these new modalities. How do we allow you to use all of them? Keep the advantages of switching to a Lambda or switching to, and a service running on far gate, but give you the same capabilities. And I think I'll bring up cystic here because we work so closely with them on Falco. As an example, I just talked about them in my keynote. They could have just said, "Oh no, we'll just support the SE2 and be done with it." They said, "No, we're going to make sure that serverless containers in particular are something that you're going to be really good at because our customers want to use them, but requires us to think differently. And then they ended up developing new things like Falco that are born in this new world, but understand the requirements of the old world. If you get what I'm saying. And I think that a real example. >> Yeah. Oh, well, I mean, first of all, they're smart. So that was pretty obvious for most people that know, sees that you can connect the dots on serverless, which is a great point, but not everyone can see that again, this is what's new and and systig was just found in his backyard. As I found out on my interview, a great, great founder, they would do a new thing. So it was a very easy to connect the dots there again, that's the trend. Well, I got to ask if they're doing that for serverless, you mentioned graviton in your speech and what came out of you mentioned graviton in your speech and what came out of re-invent this past year was all the innovation going on at the compute level with gravitron at many levels in the Silicon. How should companies and open source developers think about how to innovate with graviton? >> Yeah, I mean, you've seen examples from people blogging and tweeting about how fast their applications run and grab it on the price performance benefits that they get, whether it's on, you know, whether it's an observability or other places. something that AWS is going to embrace across a compute something that AWS is going to embrace across a compute portfolio. Obviously you can go find EC2 instances, the gravitron two instances and run on them and that'll be great. But we know that most of our customers, many of our customers are building new applications on serverless containers and serveless than even as containers increasingly with things like foggy, where they don't want to operate the underlying infrastructure. A big part of what we're doing is to make sure that graviton is available to you on every compute modality. You can run it on a C2 forever. You've been running, being able to use ECS and EKS and run and grab it on almost since launch. What do you want me to take it a step further? You elastic Beanstalk customers, elastic Beanstalk has been around for a decade, but you can now use it with graviton. people running ECS on for gate can now use graviton. Lambda customers can pick graviton as well. So we're taking this price performance benefits that you get So we're taking this price performance benefits that you get from graviton and basically putting it across the entire compute portfolio. What it means is every high level service that gets built on compute infrastructure. And you get the price performance benefits, you get the price performance benefits of the lower power consumption of arm processes. So I'm personally excited like crazy. And you know, this has graviton 2 graviton 3 is coming. >> That's incredible. It's an opportunity like serverless was it's pretty obvious. And I think hopefully everyone will jump on that final question as the time's ticking here. I want to get your thoughts quickly. If you look at what's happened with containers over the past say eight years since the original founding of the first Docker instance, if you will, to how that's evolved and then the introduction of Kubernetes and the cloud native wave we're seeing now, what is, how would you describe the relationship between the success Docker, seeing now with Kubernetes in the cloud native construct what's different and why is this combination so successful? >> Yeah. I often say that containers would have, let me rephrase that. what I say is that people would have adopted sort of the modern way of running applications, whether containers came around or not. But the fact that containers came around made that migration and that journey is so much more efficient for people. So right from, I still remember the first doc that Solomon gave Billy announced DACA and starting to use it on customers, starting to get interested all the way to the more sort of advanced orchestration that we have now for containers across the board. And there's so many examples of the way you can do that. Kubernetes being the most, most well-known one. Here's the thing that I think has changed. I think what Kubernetes or Docker, or the whole sort of modern way of building applications has done is it's taken people who would have taken years adopting these practices and by bringing it right to the fingertips and rebuilding it into the APIs. And in the case of Kubernetes building an entire sort of software world around it, the number of, I would say number of decisions people have to take has gone smaller in many ways. There's so many options, the number of decisions that become higher, but the com the speed at which they can get to a result and a production version of an application that works for them is way low. I have not seen anything like what I've seen in the last 6, 7, 8 years of how quickly the most you know, the most I would say is, you know, a company that you would think would never adopt modern technology has been able to go from, this is interesting to getting a production really quickly. And I think it's because the tooling makes it So, and the fact that you see the adoption that you see right and the fact that you see the adoption that you see right from the fact that you could do Docker run Docker, build Docker, you know, so easily back in the day, all the way to all the advanced orchestration you can do with container orchestrator is today. sort of taking all of that away as well. there's never been a better time to be a developer independent of whatever you're trying to build. And I think containers are a big central part of why that's happened. >> Like the recipe, the combination of cloud-scale, the timing of Kubernetes and the containerization concepts just explode as a beautiful thing. And it creates more opportunities and will challenges, which are opportunities that are net new, but it solves the automation piece that we're seeing this again, it's only makes things go faster. >> Yes. >> And that's the key trend. Deepak, thank you so much for coming on. We're seeing tons of open cloud innovations, thanks to the success of your team at AWS and being great participants in the community. We're seeing innovations from startups. You guys are helping enabling that. Of course, they want to live on their own and be successful and build their super clouds and super app. So thank you for spending the time with us. Appreciate. >> Yeah. Anytime. And thank you. And you know, this is a great event. So I look forward to people running software and building applications, using AWS services and all these wonderful partners that we have. >> Awesome, great stuff. Great startups, great next generation leaders emerging. When you see startups, when they get successful, they become the modern software applications platforms out there powering business and changing the world. This is the cube you're watching the AWS startup showcase. Season two episode one open cloud innovations on John Furrier your host, see you next time.

(gentle upbeat music) >> Hello, and welcome to theCUBE presentation of the AWS Startup Showcase Open Cloud Innovations. This is season two episode one of an ongoing series covering setting status from the AWS ecosystem. Talking about innovation, here it's open source for this theme. We do this every episode, we pick a theme and have a lot of fun talking to the leaders in the industry and the hottest startups. I'm your host John Furrier here with Lisa Martin in our Palo Alto studios. Lisa great series, great to see you again. >> Good to see you too. Great series, always such spirited conversations with very empowered and enlightened individuals. >> I love the episodic nature of these events, we get more stories out there than ever before. They're the hottest startups in the AWS ecosystem, which is dominating the cloud sector. And there's a lot of them really changing the game on cloud native and the enablement, the stories that are coming out here are pretty compelling, not just from startups they're actually penetrating the enterprise and the buyers are changing their architectures, and it's just really fun to catch the wave here. >> They are, and one of the things too about the open source community is these companies embracing that and how that's opening up their entry to your point into the enterprise. I was talking with several customers, companies who were talking about the 70% of their pipeline comes from the open source community. That's using the premium version of the technology. So, it's really been a very smart, strategic way into the enterprise. >> Yeah, and I love the format too. We get the keynote we're doing now, opening keynote, some great guests. We have Sir John on from AWS started program, he is the global startups lead. We got Swami coming on and then closing keynote with Deepak Singh. Who's really grown in the Amazon organization from containers now, compute services, which now span how modern applications are being built. And I think the big trend that we're seeing that these startups are riding on that big wave is cloud natives driving the modern architecture for software development, not just startups, but existing, large ISV and software companies are rearchitecting and the customers who buy their products and services in the cloud are rearchitecting too. So, it's a whole new growth wave coming in, the modern era of cloud some say, and it's exciting a small startup could be the next big name tomorrow. >> One of the things that kind of was a theme throughout the conversations that I had with these different guests was from a modern application security perspective is, security is key, but it's not just about shifting lab. It's about doing so empowering the developers. They don't have to be security experts. They need to have a developer brain and a security heart, and how those two organizations within companies can work better together, more collaboratively, but ultimately empowering those developers, which goes a long way. >> Well, for the folks who are watching this, the format is very simple. We have a keynote, editorial keynote speakers come in, and then we're going to have a bunch of companies who are going to present their story and their showcase. We've interviewed them, myself, you Dave Vallante and Dave Nicholson from theCUBE team. They're going to tell their stories and between the companies and the AWS heroes, 14 companies are represented and some of them new business models and Deepak Singh who leads the AWS team, he's going to have the closing keynote. He talks about the new changing business model in open source, not just the tech, which has a lot of tech, but how companies are being started around the new business models around open source. It's really, really amazing. >> I bet, and does he see any specific verticals that are taking off? >> Well, he's seeing the contribution from big companies like AWS and the Facebook's of the world and large companies, Netflix, Intuit, all contributing content to the open source and then startups forming around them. So Netflix does some great work. They donated to open source and next thing you know a small group of people get together entrepreneurs, they form a company and they create a platform around it with unification and scale. So, the cloud is enabling this new super application environment, superclouds as we call them, that's emerging and this new supercloud and super applications are scaling data-driven machine learning and AI that's the new formula for success. >> The new formula for success also has to have that velocity that developers expect, but also that the consumerization of tech has kind of driven all of us to expect things very quickly. >> Well, we're going to bring in Serge Shevchenko, AWS Global Startup program into the program. Serge is our partner. He is the leader at AWS who has been working on this program Serge, great to see you. Thanks for coming on. >> Yeah, likewise, John, thank you for having me very excited to be here. >> We've been working together on collaborating on this for over a year. Again, season two of this new innovative program, which is a combination of CUBE Media partnership, and AWS getting the stories out. And this has been a real success because there's a real hunger to discover content. And then in the marketplace, as these new solutions coming from startups are the next big thing coming. So, you're starting to see this going on. So I have to ask you, first and foremost, what's the AWS startup showcase about. Can you explain in your terms, your team's vision behind it, and why those startup focus? >> Yeah, absolutely. You know John, we curated the AWS Startup Showcase really to bring meaningful and oftentimes educational content to our customers and partners highlighting innovative solutions within these themes and ultimately to help customers find the best solutions for their use cases, which is a combination of AWS and our partners. And really from pre-seed to IPO, John, the world's most innovative startups build on AWS. From leadership downward, very intentional about cultivating vigorous AWS community and since 2019 at re:Invent at the launch of the AWS Global Startup program, we've helped hundreds of startups accelerate their growth through product development support, go to market and co-sell programs. >> So Serge question for you on the theme of today, John mentioned our showcases having themes. Today's theme is going to cover open source software. Talk to us about how Amazon thinks about opensource. >> Sure, absolutely. And I'll just touch on it briefly, but I'm very excited for the keynote at the end of today, that will be delivered by Deepak the VP of compute services at AWS. We here at Amazon believe in open source. In fact, Amazon contributes to open source in multiple ways, whether that's through directly contributing to third-party project, repos or significant code contributions to Kubernetes, Rust and other projects. And all the way down to leadership participation in organizations such as the CNCF. And supporting of dozens of ISV myself over the years, I've seen explosive growth when it comes to open source adoption. I mean, look at projects like Checkov, within 12 months of launching their open source project, they had about a million users. And another great example is Falco within, under a decade actually they've had about 37 million downloads and that's about 300% increase since it's become an incubating project in the CNCF. So, very exciting things that we're seeing here at AWS. >> So explosive growth, lot of content. What do you hope that our viewers and our guests are going to be able to get out of today? >> Yeah, great question, Lisa. I really hope that today's event will help customers understand why AWS is the best place for them to run open source, commercial and which partner solutions will help them along their journey. I think that today the lineup through the partner solutions and Deepak at the end with the ending keynote is going to present a very valuable narrative for customers and startups in selecting where and which projects to run on AWS. >> That's great stuff Serge would love to have you on and again, I want to just say really congratulate your team and we enjoy working with them. We think this showcase does a great service for the community. It's kind of open source in its own way if I can co contributing working on out there, but you're really getting the voices out at scale. We've got companies like Armory, Kubecost, Sysdig, Tidelift, Codefresh. I mean, these are some of the companies that are changing the game. We even had Patreon a customer and one of the partners sneak with security, all the big names in the startup scene. Plus AWS Deepak saying Swami is going to be on the AWS Heroes. I mean really at scale and this is really a great. So, thank you so much for participating and enabling all of this. >> No, thank you to theCUBE. You've been a great partner in this whole process, very excited for today. >> Thanks Serge really appreciate it. Lisa, what a great segment that was kicking off the event. We've got a great lineup coming up. We've got the keynote, final keynote fireside chat with Deepak Singh a big name at AWS, but Serge in the startup showcase really innovative. >> Very innovative and in a short time period, he talked about the launch of this at re:Invent 2019. They've helped hundreds of startups. We've had over 50 I think on the showcase in the last year or so John. So we really gotten to cover a lot of great customers, a lot of great stories, a lot of great content coming out of theCUBE. >> I love the openness of it. I love the scale, the storytelling. I love the collaboration, a great model, Lisa, great to work with you. We also Dave Vallante and Dave Nicholson interview. They're not here, but let's kick off the show. Let's get started with our next guest Swami. The leader at AWS Swami just got promoted to VP of the database, but also he ran machine learning and AI at AWS. He is a leader. He's the author of the original DynamoDB paper, which is celebrating its 10th year anniversary really impacted distributed computing and open source. Swami's introduced many opensource aspects of products within AWS and has been a leader in the engineering side for many, many years at AWS, from an intern to now an executive. Swami, great to see you. Thanks for coming on our AWS startup showcase. Thanks for spending the time with us. >> My pleasure, thanks again, John. Thanks for having me. >> I wanted to just, if you don't mind asking about the database market over the past 10 to 20 years cloud and application development as you see, has changed a lot. You've been involved in so many product launches over the years. Cloud and machine learning are the biggest waves happening to your point to what you're doing now. Software is under the covers it's powering it all infrastructure is code. Open source has been a big part of it and it continues to grow and change. Deepak Singh from AWS talks about the business model transformation of how like Netflix donates to the open source. Then a company starts around it and creates more growth. Machine learnings and all the open source conversations around automation as developers and builders, like software as cloud and machine learning become the key pistons in the engine. This is a big wave, what's your view on this? How how has cloud scale and data impacting the software market? >> I mean, that's a broad question. So I'm going to break it down to kind of give some of the back data. So now how we are thinking about it first, I'd say when it comes to the open source, I'll start off by saying first the longevity and by ability of open sources are very important to our customers and that is why we have been a significant contributor and supporter of these communities. I mean, there are several efforts in open source, even internally by actually open sourcing some of our key Amazon technologies like Firecracker or BottleRocket or our CDK to help advance the industry. For example, CDK itself provides some really powerful way to build and configure cloud services as well. And we also contribute to a lot of different open source projects that are existing ones, open telemetries and Linux, Java, Redis and Kubernetes, Grafana and Kafka and Robotics Operating System and Hadoop, Leucine and so forth. So, I think, I can go on and on, but even now I'd say the database and observability space say machine learning we have always started with embracing open source in a big material way. If you see, even in deep learning framework, we championed MX Linux and some of the core components and we open sourced our auto ML technology auto Glue on, and also be open sourced and collaborated with partners like Facebook Meta on Fighter showing some major components and there, and then we are open search Edge Compiler. So, I would say the number one thing is, I mean, we are actually are very, very excited to partner with broader community on problems that really mattered to the customers and actually ensure that they are able to get amazing benefit of this. >> And I see machine learning is a huge thing. If you look at how cloud group and when you had DynamoDB paper, when you wrote it, that that was the beginning of, I call the cloud surge. It was the beginning of not just being a resource versus building a data center, certainly a great alternative. Every startup did it. That's history phase one inning and a half, first half inning. Then it became a large scale. Machine learning feels like the same way now. You feel like you're seeing a lot of people using it. A lot of people are playing around with it. It's evolving. It's been around as a science, but combined with cloud scale, this is a big thing. What should people who are in the enterprise think about how should they think about machine learning? How has some of your top customers thought about machine learning as they refactor their applications? What are some of the things that you can share from your experience and journey here? >> I mean, one of the key things I'd say just to set some context on scale and numbers. More than one and a half million customers use our database analytics or ML services end-to-end. Part of which machine learning services and capabilities are easily used by more than a hundred thousand customers at a really good scale. However, I still think in Amazon, we tend to use the phrase, "It's day one in the age of internet," even though it's an, or the phrase, "Now, but it's a golden one," but I would say in the world of machine learning, yes it's day one but I also think we just woke up and we haven't even had a cup of coffee yet. That's really that early, so. And, but when you it's interesting, you've compared it to where cloud was like 10, 12 years ago. That's early days when I used to talk to engineering leaders who are running their own data center and then we talked about cloud and various disruptive technologies. I still used to get a sense about like why cloud and basic and whatnot at that time, Whereas now with machine learning though almost every CIO, CEO, all of them never asked me why machine learning. Instead, the number one question, I get is, how do I get started with it? What are the best use cases? which is great, and this is where I always tell them one of the learnings that we actually learned in Amazon. So again, a few years ago, probably seven or eight years ago, and Amazon itself realized as a company, the impact of what machine learning could do in terms of changing how we actually run our business and what it means to provide better customer experience optimize our supply chain and so far we realized that the we need to help our builders learn machine learning and the help even our business leaders understand the power of machine learning. So we did two things. One, we actually, from a bottom-up level, we built what I call as machine learning university, which is run in my team. It's literally stocked with professors and teachers who offer curriculum to builders so that they get educated on machine learning. And now from a top-down level we also, in our yearly planning process, we call it the operational planning process where we write Amazon style narratives six pages and then answer FAQ's. We asked everyone to answer one question around, like how do you plan to leverage machine learning in your business? And typically when someone says, I really don't play into our, it does not apply. It's usually it doesn't go well. So we kind of politely encourage them to do better and come back with a better answer. This kind of dynamic on top-down and bottom-up, changed the conversation and we started seeing more and more measurable growth. And these are some of the things you're starting to see more and more among our customers too. They see the business benefit, but this is where to address the talent gap. We also made machine learning university curriculum actually now open source and freely available. And we launched SageMaker Studio Lab, which is a no cost, no set up SageMaker notebook service for educating learner profiles and all the students as well. And we are excited to also announce AIMLE scholarship for underrepresented students as well. So, so much more we can do well. >> Well, congratulations on the DynamoDB paper. That's the 10 year anniversary, which is a revolutionary product, changed the game that did change the world and that a huge impact. And now as machine learning goes to the next level, the next intern out there is at school with machine learning. They're going to be writing that next paper, your advice to them real quick. >> My biggest advice is, always, I encourage all the builders to always dream big, and don't be hesitant to speak your mind as long as you have the right conviction saying you're addressing a real customer problem. So when you feel like you have an amazing solution to address a customer problem, take the time to articulate your thoughts better, and then feel free to speak up and communicate to the folks you're working with. And I'm sure any company that nurtures good talent and knows how to hire and develop the best they will be willing to listen and then you will be able to have an amazing impact in the industry. >> Swami, great to know you're CUBE alumni love our conversations from intern on the paper of DynamoDB to the technical leader at AWS and database analyst machine learning, congratulations on all your success and continue innovating on behalf of the customers and the industry. Thanks for spending the time here on theCUBE and our program, appreciate it. >> Thanks again, John. Really appreciate it. >> Okay, now let's kick off our program. That ends the keynote track here on the AWS startup showcase. Season two, episode one, enjoy the program and don't miss the closing keynote with Deepak Singh. He goes into great detail on the changing business models, all the exciting open source innovation. (gentle bright music)

>>Welcoming into the cubes presentation of AWS startup showcase open cloud innovations. This is season two episode one of the ongoing series covering exciting hot startups from the AWS ecosystem. Today's episode. One of season two theme is open source community and the open cloud innovations. I'm your host, John farrier of the cube. And today we're excited to be joined by Loris Dajani who is the C T O chief technology officer and founder of cystic found that in his backyard with some wine and beer. Great to see you. We're here to talk about Falco finding cloud threats in real time. Thank you for joining us, Laura. Thanks. Good to see you >>Love that your company was founded in your backyard. Classic startup story. You have been growing very, very fast. And the key point of the showcase is to talk about the startups that are making a difference and, and that are winning and doing well. You guys have done extremely well with your business. Congratulations, but thank you. The big theme is security and as organizations have moved their business critical applications to the cloud, the attackers have followed. This is Billy important in the industry. You guys are in the middle of this. What's your view on this? What's your take? What's your reaction? >>Yeah. As we, as a end ecosystem are moving to the cloud as more and more, we are developing cloud native applications. We relying on CACD. We are relying on orchestrations in containers. Security is becoming more and more important. And I would say more and more complex. I mean, we're reading every day in the news about attacks about data leaks and so on. There's rarely a day when there's nothing major happening and that we can see the press from this point of view. And definitely things are evolving. Things are changing in the cloud. In for example, Cisco just released a cloud native security and usage report a few days ago. And the mundane things that we found among our user base, for example, 60, 66% of containers are running as rude. So still many organizations adopting a relatively relaxed way to deploy their applications. Not because they like doing it, but because it tends to be, you know, easier and a little bit with a little bit less ration. >>We also found that that 27% of users unnecessary route access in the 73% of the cloud accounts, public has three buckets. This is all stuff that is all good, but can generate consequences when you make a mistake, like typically, you know, your data leaks, no, because of super sophisticated attacks, but because somebody in your organization forgets maybe some data on it on a public history bucket, or because some credentials that are not restrictive enough, maybe are leaked to another team member or, or, or a Gita, you know, repository or something like that. So is infrastructures and the software becomes a let's a more sophisticated and more automated. There's also at the same time, more risks and opportunities for misconfigurations that then tend to be, you know, very often the sewers of, of issues in the cloud. >>Yeah, those self-inflicted wounds definitely come up. We've seen people leaving S3 buckets open, you know, it's user error, but, you know, w w those are small little things that get taken care of pretty quickly. That's just hygiene. It's just discipline. You know, most of the sophisticated enterprises are moving way past that, but now they're adopting more cloud native, right. And as they get into the critical apps, securing them has been challenging. We've talked to many CEOs and CSOs, and they say that to us. Yeah. It's very challenging, but we're on it. I have to ask you, what should people worry about when secure in the cloud, because they know is challenging, then they'll have the opportunity on the other side, what are they worried about? What do you see people scared of or addressing, or what should I be worried about when securing the cloud? >>Yeah, definitely. Sometimes when I'm talking about the security, I like to compare, you know, the old data center in that the old monolithic applications to a castle, you know, in middle aged castle. So what, what did you do to protect your castle? You used to build very thick walls around it, and then a small entrance and be very careful about the entrance, you know, protect the entrance very well. So what we used to doing that, that data center was protect everything, you know, the, the whole perimeter in a very aggressive way with firewalls and making sure that there was only a very narrow entrance to our data center. And, you know, as much as possible, like active security there, like firewalls or this kind of stuff. Now we're in the cloud. Now, it's everything. Everything is much more diffused, right? Our users, our customers are coming from all over the planet, every country, every geography, every time, but also our internal team is coming from everywhere because they're all accessing a cloud environment. >>You know, they often from home for different offices, again, from every different geography, every different country. So in this configuration, the metaphor data that they like to use is an amusement park, right? You have a big area with many important things inside in the users and operators that are coming from different dangerous is that you cannot really block, you know, you need to let everything come in and in operate together in these kinds of environment, the traditional protection is not really effective. It's overwhelming. And it doesn't really serve the purpose that we need. We cannot build a giant water under our amusement park. We need people to come in. So what we're finding is that understanding, getting visibility and doing, if you Rheodyne is much more important. So it's more like we need to replace the big walls with a granular network of security cameras that allow us to see what's happening in the, in the different areas of our amusement park. And we need to be able to do that in a way that is real time and allows us to react in a smart way as things happen because in the modern world of cloud five minutes of delay in understanding that something is wrong, mean that you're ready being, you know, attacked and your data's already being >>Well. I also love the analogy of the amusement park. And of course, certain rides, you need to be a certain height to ride the rollercoaster that I guess, that's it credentials or security credentials, as we say, but in all seriousness, the perimeter is dead. We all know that also moats were relied upon as well in the old days, you know, you secure the firewall, nothing comes in, goes out, and then once you're in, you don't know what's going on. Now that's flipped. There's no walls, there's no moats everyone's in. And so you're saying this kind of security camera kind of model is key. So again, this topic here is securing real time. Yeah. How do you do that? Because it's happening so fast. It's moving. There's a lot of movement. It's not at rest there's data moving around fast. What's the secret sauce to making real identifying real-time threats in an enterprise. >>Yeah. And in, in our opinion, there are some key ingredients. One is a granularity, right? You cannot really understand the threats in your amusement park. If you're just watching these from, from a satellite picture. So you need to be there. You need to be granular. You need to be located in the, in the areas where stuff happens. This means, for example, in, in security for the clowning in runtime, security is important to whoever your sensors that are distributed, that are able to observe every single end point. Not only that, but you also need to look at the infrastructure, right? From this point of view, cloud providers like Amazon, for example, offer nice facilities. Like for example, there's CloudTrail in AWS that collects in a nice opinionated consistent way, the data that is coming from multiple cloud services. So it's important from one point of view, to go deep into, into the endpoint, into the processes, into what's executing, but also collect his information like the cultural information and being able to correlate it to there's no full security without covering all of the basics. >>So a security is a matter of both granularity and being able to go deep and understanding what every single item does, but also being able to go abroad and collect the right data, the right data sources and correlated. And then the real time is really critical. So decisions need to be taken as the data comes in. So the streaming nature of security engines is becoming more and more important. So the step one of course, security, especially cost security, posture management was very much let's ball. Once in a while, let's, let's involve the API and see what's happening. This is still important. Of course, you know, you need to have the basics covered, but more and more, the paradigm needs to change to, okay, the data is coming in second by second, instead of asking for the data manually, once in a while, second by second, there's the moment it arrives. You need to be able to detect, correlate, take decisions. And so, you know, machine learning is very important. Automation is very important. The rules that are coming from the community on a daily basis are, are very important. >>Let me ask you a question, cause I love this topic because it's a data problem at the same time. There's some network action going on. I love this idea of no perimeter. You're going to be monitoring anything, but there's been trade offs in the past, overhead involved, whether you're monitoring or putting probes in the network or the different, there's all kinds of different approaches. How does the new technology with cloud and machine learning change the dynamics of the kinds of approaches? Because it's kind of not old tech, but you the same similar concepts to network management, other things, what what's going on now that's different and what makes this possible today? >>Yeah, I think from the friction point of view, which is one very important topic here. So this needs to be deployed efficiently and easily in this transparency, transparent as possible, everywhere, everywhere to avoid blind spots and making sure that everything is scheduled in front. His point of view, it's very important to integrate with the orchestration is very important to make use of all of the facilities that Amazon provides in the it's very important to have a system that is deployed automatically and not manually. That is in particular, the only to avoid blind spots because it's manual deployment is employed. Somebody would forget, you know, to deploy where somewhere where it's important. And then from the performance point of view, very much, for example, with Falco, you know, our open source front-end security engine, we really took key design decisions at the beginning to make sure that the engine would be able to support in Paris, millions of events per second, with minimal overhead. >>You know, they're barely measure measurable overhead. When you want to design something like that, you know, that you need to accept some kind of trade-offs. You need to know that you need to maybe limit a little bit this expressiveness, you know, or what can be done, but ease of deployment and performance were more important goals here. And you know, it's not uncommon for us is Dave to have users of Farco or commercial customers that they have tens of thousands, hundreds of thousands of machines. You know, I said two machines and sometimes millions of containers. And in these environments, lightweight is key. You want death, but you want overhead to be really meaningful and >>Okay, so a amusement park, a lot of diverse applications. So integration, I get that orchestration brings back the Kubernetes angle a little bit and Falco and per overhead and performance cloud scale. So all these things are working in favor. If I get that right, is that, am I getting that right? You get the cloud scale, you get the integration and open. >>Yeah, exactly. Any like ingredients over SEP, you know, and that, and with these ingredients, it's possible to bake a, a recipe to, to have a plate better, can be more usable, more effective and more efficient. That may be the place that we're doing in the previous direction. >>Oh, so I've got to ask you about Falco because it's come up a lot. We talked about it on our cube conversations already on the internet. Check that out. And a great conversation there. You guys have close to 40 million plus million downloads of, of this. You have also 80 was far gate integration, so six, some significant traction. What does this mean? I mean, what is it telling us? Why is this successful? What are people doing with Falco? I see this as a leading indicator, and I know you guys were sponsoring the project, so congratulations and propelled your business, but there's something going on here. What does this as a leading indicator of? >>Yeah. And for, for the audience, Falco is the runtime security tool of the cloud native generation such. And so when we, the Falco, we were inspired by previous generation, for example, network intrusion detection, system tools, and a post protection tools and so on. But we created essentially a unique tool that would really be designed for the modern paradigm of containers, cloud CIC, and salt and Falco essentially is able to collect a bunch of brainer information from your applications that are running in the cloud and is a religion that is based on policies that are driven by the community, essentially that allow you to detect misconfigurations attacks and normals conditions in your cloud, in your cloud applications. Recently, we announced that the extension of Falco to support a cloud infrastructure and time security by parsing cloud logs, like cloud trail and so on. So now Falba can be used at the same time to protect the workloads that are running in virtual machines or containers. >>And also the cloud infrastructure to give the audience a couple of examples, focused, able to detect if somebody is running a shelf in a radius container, or if somebody is downloading a sensitive by, from an S3 bucket, all of these in real time with Falco, we decided to go really with CR study. This is Degas was one of the team members that started it, but we decided to go to the community right away, because this is one other ingredient. We are talking about the ingredients before, and there's not a successful modern security tool without being able to leverage the community and empower the community to contribute to it, to use it, to validate and so on. And that's also why we contributed Falco to the cloud native computing foundation. So that Falco is a CNCF tool and is blessed by many organizations. We are also partnering with many companies, including Amazon. Last year, we released that far gate support for Falco. And that was done is a project that was done in cooperation with Amazon, so that we could have strong runtime security for the containers that are running in. >>Well, I've got to say, first of all, congratulations. And I think that's a bold move to donate or not donate contribute to the open source community because you're enabling a lot of people to do great things. And some people might be scared. They think they might be foreclosing and beneficial in the future, but in the reality, that is the new business model open source. So I think that's worth calling out and congratulations. This is the new commercial open source paradigm. And it kind of leads into my last question, which is why is security well-positioned to benefit from open source besides the fact that the new model of getting people enabled and getting scale and getting standards like you're doing, makes everybody win. And again, that's a community model. That's not a proprietary approach. So again, source again, big part of this. Why was security benefit from opensource? >>I am a strong believer. I mean, we are in a better, we could say we are in a war, right? The good guys versus the bad guys. The internet is full of bad guys. And these bad guys are coordinated, are motivated, are sometimes we'll find it. And we'll equip. We win only if we fight this war as a community. So the old paradigm of vendors building their own Eva towers, you know, their own self-contained ecosystems and that the us as users as, as, as customers, every many different, you know, environments that don't communicate with each other, just doesn't take advantage of our capabilities. Our strength is as a community. So we are much stronger against the big guys and we have a much better chance doing when this war, if we adopt a paradigm that allows us to work together. Think only about for example, I don't know, companies any to train, you know, the workforce on the security best practices on the security tools. >>It's much better to standardize on something, build the stack that is accepted by everybody and tell it can focus on learning the stack and becoming a master of the steak rounded rather than every single organization naming the different tool. And, and then B it's very hard to attract talent and to have the right, you know, people that can help you with, with your issues in, in, in, in, in, with your goals. So the future of security is going to be open source. I'm a strong believer in that, and we'll see more and more examples like Falco of initiatives that really start with, with the community and for the community. >>Like we always say an open, open winds, always turn the lights on, put the code out there. And I think, I think the community model is winning. Congratulations, Loris Dajani CTO and founder of SIS dig congratulatory success. And thank you for coming on the cube for the ADB startup showcase open cloud innovations. Thanks for coming on. Okay. Is the cube stay with us all day long every day with the cube, check us out the cube.net. I'm John furrier. Thanks for watching.

(upbeat music) >> Hello, and welcome to this Cube Conversation kicking off 2022, I'm John Furrier, your host of theCUBE. We're with Loris Degioanni, Chief Technology Officer and founder of Sysdig. A company that's in the pioneering cloud native and cloud native security, open source, big part of the CNCF, CUBECon coverage. Of course, we know them as of that environment as well as DockerCon which we've covered many times. Sysdig is a very successful company. Loris, welcome to theCUBE Conversation. >> Thank you and thanks for having me. >> Well, we know a lot about you, but a lot of folks are learning about you guys with your success. Congratulations on the funding and the validation of your product, which is not a surprise. We've been saying on theCUBE open source has been powering innovation for some time and getting stronger, faster. The predictions in the Linux Foundation about this open source contributions continue to be blown away by their projections and more and more is coming. A new generation is upon us. Cloud Native, Edge, Kubernetes. All of these things are powering a modern application environment which is changing business. And under the covers, you guys are a big part of it. So take us through who Sysdig is, what you guys do for the folks out there and let's get into it. Obviously open source is a big part of it. Take us through who is Sysdig and what do you guys do. >> Yeah, Sysdig helps you run your software in the cloud in a way that is secure and confidently. We have a security solution that covers containers, cloud and Kubernetes. And we cover you in the life cycle of modern application. So the Sysdig security platform helps you secure application in a way that ranges from like shift left in CSD and finding vulnerabilities in your CSD pipeline to run time security that is very important in the cloud in particular with orchestrated infrastructures like the ones that are run by Kubernetes. And then of course, everything that has to do with the forensics, threat-hunting and so on. And the world is changing, security is changing, and Sysdig is one of the startups, one of the companies that is at the forefront of true modern cloud native security. >> So I got to ask you. Were you sitting in your backyard one day thinking, hey, I'm going to start a company? How did this all come together? I mean, the originator story, because we saw open source, we saw even more before CNCF was formed, you saw what cloud was doing. Again, we saw OpenStack and all these other things happening around technology. What was the driver behind the founding of Sysdig, and then how did that progress? Because again, there's an open source component here I want to get into. >> Yeah, and it's interesting that you say backyard because actually Sysdig was actually started in my backyard. Just outside of here. So the backyard metaphor is very, very fitting here. And in a general way, let's say I come from a background in open source for a very long time. Sysdig is my second company. My first company was called Case Technologies. It was the company behind an open source network analyzer called Wireshark, which is widely used by millions and millions of people around the world to do network troubleshooting and network analysis. And when we were doing network packets, we were using like the network devices to collect information. The data that is being transferred on the network has some very nice properties, it's rich. It's very deep. When you can see and decode what's happening on the network, you can understand what applications are doing, what the users are doing. I used to say, packets never lie, right? Because you could connect to the router and collect this data and they have a very good picture without any two instrument libraries to link, to install stuff and so on. And all of a sudden, we're moving to the cloud and the router that was like the vintage point for this beautiful way of doing security and visibility disappears. And you're renting instances that are floating in the Amazon cloud. And when the world changed that way from one point of view, I was sure that what we're doing before was useful and was powerful for the users. But I was also sure, okay, the world is going to change. The retrofitted solutions are not going to work. We can take our product, but then we have the innovator dilemma. We have a product that we cannot completely radically change. So I decided let's start from scratch. Let's start Sysdig. Let's try to understand actually what this cloud is going, where containers are going. There's this new Kubernetes thing that everybody's talking about. What does it mean to offer deep, rich, but at the same time lightweight and easy to deploy security and visibility for this kind of new way of writing software and that's how Sysdig was born. >> So if I remember correctly back in that timeframe, that couple you said you found a millions people using that application. If I remember correctly, that was software network monitoring. Is that true? Is that open source at that time? Was that an open project or was that? >> Yeah, like Wireshark is a network analyzer and the software that we're doing was heavily open source oriented and was mostly software and there were also potentially appliances because this was data center more kind of stuff. >> That was before cloud even came here. So again, defined data center software and defined clouds happening. So again, good segue into kind of where security, you mentioned footprints, you can track people with packets. So to your point, is this the tie into security, tell us how this fits in with open source and security with the software piece? >> Yeah, what Sysdig did essentially, the idea was let's learn from our prior life. I always say that every new wave of technology is built on the shoulders of the previous one. And you'd never reinvent anything. You just apply it and evolve it. And the same thing we did with Sysdig. So we learned what was working with our previous approaches that were based on observing the applications behavior by looking essentially at network traffic, but we adapted it to modern infrastructures. And open source was our mantra before with Wireshark and became our mantra with Sysdig. Sysdig, the company name comes from the open source tool that we released was the first thing that we released in our company. And then few years later with Falco, which now is the premier open source project that was created by Sysdig and is now part of the CNCF, it's an incubating project. And it's essentially the runtime security tool for containers, Kubernetes, and cloud. >> Take us through that Falco, because I think this is an important distinction on your success trajectory because CNCF has a nice playbook where companies can contribute to the CNCF at the same time, that creates an open environment for all, and then have a business model tied to it. This is kind of a new, not new, but this is a successful way to be open source and have a commercial opportunity. >> Yeah, and very much a substantial portion of our commercial product is let's say an extension of Falco. But let's say our approach was like, let's first produce something that is truly useful for the community and fits in the proper way with the ecosystem, with the rest of the ecosystem. Nowadays in every field security as well, you don't build any more a single solution. You build something that needs to fit very well in the stack. Kubernetes, Prometers, network meshes and DCO and this kind of stuff, these all fit together. So Falco, which is the runtime security component needs to fit as well. So initially our focus was like, okay, we need to fill the gap of runtime security for containers, for Kubernetes, and also for cloud. But we need to do that in a way that is community first and data really helps, but also engages and takes advantage of the users, of the broader community. At that point, going to the CNCF and telling the CNCF, hey, look, we developed these, are you interested in partnering with us and being essentially the organization behind this project, was very natural. And that's what we did in 2016, sorry, 2018. 2016 is when Falco started, 2018. And at that point, you know, it's a great partnership because the CNCF is really a great home for all of these projects and really makes it possible for the users to trust a project in a way that they know that even if the commercial banker, even if the original creators, even if the team rotates and changes and evolves, the end users can still use this project, trust this project and know that it's community driven. And it's been a great journey for us. >> How would you describe what Falco is and what are the key use cases? >> Yeah, Falco is, I compare it to the security camera for your containers, your house and your cloud infrastructure. So the same way that the security camera allows you to observe maybe what's happening in your home, even if you have a lock, is still useful to have a security camera, right? To understand when something breaks in what they're doing, when they do it, get an alarm when something better happens. Similarly, in software infrastructures, you can still have your lock, your firewall and so on, but then you use a security camera like Falco that is able to observe every single container, every single process, every single machine, every single network connection and so on. Keep an eye on it and then it has sort of a points-based system that includes a bunch of policies that come essentially pre-packaged that allow the users to detect when something dangerous or suspicious happens in the infrastructure. For example, I don't know somebody is spawning or sharing their radius container. Or somebody is logging in AWS without multi-factor authentication. Falco keeps a constant eye and lets you know, it gives you an alert when something like that happens. >> You know what I love about what you guys do and kind of highlights what we've been saying on theCUBE for many, many years is that the networking concepts of the older generations have been moving up the stack with cloud because you got rule engines, policy automation, all these things are now part of connected systems. So if you have the cloud, which is essentially a distributed computing, you have more networks, more connections. And so the networking paradigms of packets can be moved over to software, well, software maintenance, if you will, or anything, any middleware, whatever you want to call it. I mean, this is kind of a new paradigm. So, what's your reaction to that? I want to get your take on this because this is kind of really happening. >> Yeah, and you are absolutely right. And what us as a Falco community or as Sysdig as a company is exactly that. We're taking the concepts that were maybe at the base of the previous generation of the data center in terms of policies, in terms of one clause and we're sort of elevating them to what modern cloud is. To give you an example, I don't know if you remember, but a Falco was inspired by a tool called Snort and the company also was Sourcefire. Snort used to listen on the network, constantly observe the network traffic and the deploy policies to tell you, okay, somebody uploaded a file from China and this file contains a malware. Now we do this, but we're able to see inside containers. We have cloud context. We understand the regions. We understand Kubernetes namespace and all these kinds of stuff. So we're able to put so much more context and be so much closer to the user, but the concepts are the same. We're just, as I was saying, sitting on the shoulders of people before us that invented this and we're modernizing them. >> Well, this is what refactoring is all about. This is the benefit of the cloud. I think, this is why a lot of the cloud native success is happening because companies are realizing that they can actually not just re platform in the cloud, but actually refactor their business, completely different. Using other paradigms and not necessarily rip and replace or just cut and paste. They can take concepts and codify them in their workloads, not necessarily general purpose. So again, key cloud concept and only going to get stronger with the edge developing. So again, more and more complexity, connected complexity. >> Yeah, complexity that more and more you manage through automation, right? Which is another key concept in the cloud. So we are able as a market, as a community to have and manage more and more complex infrastructures because we have tools that are able to automate, to take care of stuff for us, to potentially remediate, which is another big theme in modern security for us and so on. And of course, again, companies like Sysdig, try to really read these in the plight, in a proper way that can be the most possible useful. >> And hackers love complexity, right? And love chaos. And so unless you tame that with really good software, this is the key challenge. >> You need to manage chaos and you need good software to help you manage chaos. >> All right, final question for you. How is Sysdig and the Falco community working with AWS? >> Yeah, in a number of ways. One of the beauties, as I was telling before of essentially being built on an open source project like Falco is that you can really work together with cloud providers like AWS with mutual advantage. For example, AWS and team members at Amazon have done many contributions to Falco and the Sysdig system and integrations and so on. We partnered as Falco community and Sysdig with AWS to offer proper support for Falco versus the products on Fargate, which is, managed containers are the future, are very powerful. Everybody wants to go there, but then you need to make sure that you are covered, you have security from the point of view of severability and so on. Sysdig and AWS work together on doing a P trace based implementation, this is a technical thing, but essentially it means that a tool like Falco can give you invitations, can be the security camera for Fargate as well. And in general way, Amazon is a great partner for us on a daily basis as a community and as a company. >> Loris, you've got a great company there. And again, it was great to see you guys grow from the beginning and the wave is here. As they say, in California, you guys are riding the right wave. And I think it's just the beginning. I think you're going to see more and more security be programmable, built in, automated, under the covers, invisible, but working. And I think the same is going to be true for data and other things. So a lot more to do. And again, it's distributed computing. We've seen this movie before, but not in this environment. So new tools are coming and you guys are a big part of it. Thank you so much for coming on theCUBE and sharing what you guys are doing and the technology behind Sysdig. Thanks for coming on. >> Thank you very much and thank you for the great conversation. >> Okay, this is theCUBE I'm John Furrier your host for Cube conversations with Sysdig's Loris Degioanni, CTO of Sysdig. Thanks for watching. (gentle music)

(upbeat music) >> Welcome to the Q3 AWS Startup Showcase. I'm Lisa Martin. I'm pleased to welcome Knox Anderson, the VP of Product Management, from Sysdig, to the program. Knox, welcome. >> Thanks for having me, Lisa. >> Excited to uncover Sysdig. Talk to me about what you guys do. >> So Sysdig, we are a secure DevOps platform, and we're going to really allow customers to secure the entire lifecycle of an application from source to production. So give you the ability to scan IAC for security best practices, misconfiguration, help you facilitate things like image scanning as part of the build process, and then monitor runtime behavior for compliance or threats, and then finish up with incident response, so that you can respond to and recover from incidents quickly. >> What are some of the main challenges that you're solving and have those changed in the last 18 months? >> I'd say the main challenge people face today is a skills gap with Kubernetes. Everyone wants to use Kubernetes, but the amount of people that can operate those platforms is really difficult. And then getting visibility into the apps, that's running in those environments is also a huge challenge. So with Sysdig, we provide just an easy way to get your Kubernetes clusters instrumented, and then provide strong coverage for threat detection, compliance, and then observability for those environments. >> One of the things that we've seen in the last 18 months is a big change in the front landscape. So, I'm very curious to understand how you're helping customers navigate some of the major dynamics that are going on. >> Yeah, I'd say, the adoption of cloud and the adoption of Kubernetes have, have changed drastically. I'd say every single week, there's a different environment that has a cryptomining container. That's spun up in there. Obviously, if the price of a Bitcoin and things like that go up, there's more and more people that want to steal your resources for mining. So, we're seeing attacks of people pulling public images for Docker hub onto their clusters, and there's a couple of different ways that we'll help customers see that. We have default Falco rules, better vetted by the open source community to detect cryptomining. And then we also see a leading indicator of this as some of the metrics we, we collect for resource abuse and those types of things where you'll see the CPU spike, and then can easily identify some workload that could have been compromised and is now using your resources to mine Bitcoin or some other alt-coin. >> Give me a picture of a Sysdig customer. Help me understand the challenges they had, why they chose you and some of the results that they're achieving. >> Yeah, I used to say that we were very focused on financial services, but now everyone is doing Kubernetes. Really where we get introduced to an organization is they have their two or three clusters that are now in production and I'm going through a compliance audit, or it's now a big enough part of my estate that I need to get security for this Kubernetes and cloud environment. And, so we come in to really provide kind of the end-to-end tools that you would need for that compliance audit or to meet your internal security guidelines. So they'll usually have us integrated within their Dev pipelines so that developers are getting actionable data about what they need to do to make sure their workloads are as secure as possible before they get deployed to production. So that's part of that shift, left mindset. And then the second main point is around runtime detection. And that's where we started off by building our open source tool Falco, which is now a CNCF project. And that gives people visibility into the common things like, who's accessing my environment? Are there any suspicious connections? Are my workloads doing what they expected? And, those types of things. >> Since the threat landscape has changed so much in the last year and a half, as I mentioned. Are the conversations you're having with customers changing? Is this something at the C-suite or the board level from a security and a visibility standpoint? >> I think containers and Kubernetes and cloud adoption under the big umbrella of digital transformation is definitely at board level objective. And then, that starts to trickle down to, okay, we're taking this app from my on-prem data center, it's now in the cloud and it has to meet the twenty security mandates have been meeting for the last fifteen years. What am I going to do? And so definitely there's practitioners that are coming in and picking tools for different environments. But, I would definitely say that cloud adoption and Kubernetes adoption are something that everyone is trying to accelerate as quickly as possible. >> We've seen a lot of acceleration of cloud adoption in the last eighteen months here, right? Now, something that I want to get into with you is the recent executive order, the White House getting involved. How is this changing the cybersecurity discussion across industries? >> I really like how they kind of brought better awareness to some of the cybersecurity best practices. It's aligned with a lot of the NIST guidance that's come out before, but now cloud providers are picking, private sector, public sector are all looking at this as kind of a new set of standards that we need to pay attention to. So, the fact that they call out things like unauthorized access, you can look at that with Kubernetes audit logs, cloud trail, a bunch of different things. And then, the other term that I think you're going to hear a lot of, at least within the federal community and the tech community, over the next year, is this thing called an 'S bomb', which is for, which is a software bill of materials. And, it's basically saying, "as I'm delivering software to some end user, how can I keep track of everything that's in it?" A lot of this probably came out of solar winds where now you need to have a better view of what are all the different components, how are those being tracked over time? What's the life cycle of that? And, so the fact that things like S bombs are being explicitly called out is definitely going to raise a lot of the best practices as organizations move. And then the last point, money always talks. So, when you see AWS, Azure, Google all saying, we're putting 10, 10 billion plus dollars behind this for training and tooling and building more secure software, that's going to raise the cybersecurity industry as a whole. And so it's definitely driving a lot of investment and growth in the market. >> It's validation. Absolutely. Talk to me about some of the, maybe some of the leading edges that you're seeing in private sector versus public sector of folks and organizations who are going alright, we've got to change. We've got to adopt some of these mandates because the landscape is changing dramatically. >> I think Kubernetes at auction goes hand in hand with that, where it's a declarative system. So, the way you define your infrastructure and source code repost is the same way that runs in production. So, things like auditing are much easier, being able to control what's in your environment. And then containers, it's much easier to package it once and then deploy it wherever you want. So container adoption really makes it easier to be more secure. It's a little tricky where normally like you move to something that's bleeding edge, and a lot of things become much harder. And there's operational parts that are hard about Kubernetes. But, from a pure security perspective, the apps are meant to do one thing. It should be easy to profile them. And so definitely I think the adoption of more modern technology and things like cloud services and Kubernetes is a way to be more secure as you move into these environments. >> Right? Imagine a way to be more secure and faster as well. I want to dig in now to the Sysdig AWS partnership. Talk to me about that. What do you guys do together? >> AWS is a great partner. We, as a company, wouldn't be able to deliver our software without AWS. So we run our SAS services on Amazon. We're in multiple regions around the globe. So we can deliver that to people in Europe and meet all the GDPR requirements and those kinds of things. So from a, a vendor partnership perspective, it's great there. And then on a co-development side, we've had a lot of success and a fun time working with the Fargate team, Fargate is a service on Amazon, that makes it easier for you to run your containers without worrying about the underlying compute. And so they faced the challenge about a year and a half ago where customers didn't want to deploy on Fargate because they couldn't do deeper detection and incident response. So we worked together to figure out different hooks that Amazon could provide to open source tools like Falco or commercial products like Sysdig. So then customers could meet those incident response needs, and those detection needs for Fargate. And really, we're seeing more and more Fargated option as kind of more and more companies are moving to the cloud. And, you don't want to worry about managing infrastructure, a service like Fargate is a great place to get started there. >> Talk to me a little bit about your joint. Go to mark. Is there a joint go-to-market? I should say. >> Yeah, we sell through the AWS marketplace. So customers can procure Sysdig software directly though AWS. It'll end up on your AWS bill. You can kind of take some of your committed spend and draw it down there. So that's a great way. And then we also work closely with different solutions architects teams, or people who are more boots on the ground with different AWS customers trying to solve those problems like PCI-compliance and Fargate, or just building a detection and response strategy for EKS and those types of things. >> Let's kind of shift gears now and talk about the role of open source, in security. What is Sysdig's perspective? >> Yeah, so the platform, open source is a platform, is something that driving more and more adoption these days. So, if you look at like the fundamental platform like Kubernetes, it has a lot of security capabilities baked in there's admission controllers, there's network policies. And so you used to buy a firewall or something like that. But with Kubernetes, you can enforce services, service communication, you put a service mesh on top of that, and you can almost pretend it's a WAF sometimes. So open source is building a lot of fundamental platform level security, and by default. And then the second thing is, we're also seeing a rise of just open source tools that traditionally had always come from commercial products. So, there's things like OPA, which handle authorization, which is becoming a standard. And then there's also projects like Falco, that provide an easy way for people to do IDS use cases and auditing use cases in these environments. >> Last question for you. Talk to me about some of the things that you're most excited about. That's coming down here. We are at, this is the, our Q3 AWS Startup Showcase, but what are some of the things that you're most excited about in terms of being able to help customers resolve some of those challenges even faster? >> I think there's more and more Kubernetes standardization that's going on. So a couple of weeks ago, Amazon released EKS Anywhere, which allows companies who still have an on-prem footprint to run Kubernetes locally the same way that they would run it in the cloud. That's only going to increase cloud adoption, because once you get used to just doing something that matches the cloud, the next question you're going to answer is, okay, how fast can I move that to the cloud? So that's something I'm definitely really excited about. And then, also, the different, or AWS is putting a lot of investment behind tools like security hub. And we're doing a lot of native integrations where we can publish different findings and events into security hubs, so that different practitioners who are used to working in the AWS console can remediate those quickly without ever kind of leading that native AWS ecosystem. And that's a trend I expect to see more and more of over time, as well. >> So a lot of co-innovation coming up with AWS. Where can folks go to learn more information? Is there a specific call to action that you'd like to point them to? >> The Sysdig blog is one of the best sources that I can recommend. We have a great mixture of technical practitioner content, some just one-oh-one level, it's, I'm starting with container security. What do I need to know? So I'd say we do a good job of touching the different areas and then really the best way to learn about anything is to get hands-on. We have a SAS trial. Most of the security vendors have something behind a paywall. You can come in, get started with us for free and start uncovering what's actually running in your infrastructure. >> Knox, let's talk about the secure DevOps movement. As we see that DevOps is becoming more and more common, how is it changing the role of security? >> Yeah, so a lot of traditional security requirements are now getting baked into what a DevOps team does day-to-day. So the DevOps team is doing things like implementing IAC. So your infrastructure is code, and no changes are manually made to environments anymore. It's all done by a Terraform file, a cloud formation, some code that's representing what your infrastructure looks at. And so now security teams, or sorry, these DevOps teams have to bake security into that process. So they're scanning their IAC, making sure there's not elevated privileges. It's not doing something, it shouldn't. DevOps teams, also, traditionally, now are managing your CI/CD Pipeline. And so that's where they're integrating scanning tools in as well, to go in and give actionable feedback to the developers around things like if there's a critical vulnerability with a fix, I'm not going to push that to my registry. So it can be deployed to production. That's something a developer needs to go in and change. So really a lot of these kind of actions and the day-to-day work is driven by corporate security requirements, but then DevOps has the freedom to go in and implement it however they want. And this is where Sysdig adds a lot of value because we provide both monitoring and security capabilities through a single platform. So that DevOps teams can go into one product, see what they need for capacity planning, chargebacks, health monitoring, and then in the same interface, go in and see, okay, is that Kubernetes cluster meeting my SOC 2 controls? How many images have my developers submitted to be scanned over the past day? And all those kinds of things without needing to learn to how to use four or five different tools? >> It sounds to me like a cultural shift almost in terms of the DevOps, the developers working with security. How does Sysdig help with that? If that's a cultural shift? >> Yeah, it's definitely a cultural shift. I see some people in the community getting angry when they see oh we're hiring for a Head of DevOps. They're like DevOps is a movement, not a person. So would totally agree with that there, I think the way we help is if you're troubleshooting an issue, if you're trying to uncover what's in your environment and you are comparing results across five different products, it always turns into kind of a point the finger, a blame game. There's a bunch of confusion. And so what we think, how we help that cultural shift, is by bringing different teams and different use cases together and doing that through a common lens of data, user workflows, integrations, and those types of things. >> Excellent. Knox, thank you for joining me on the program today, sharing with us, Sysdig, what you do, your partnership with AWS and how customers can get started. We appreciate your information. - Thank you. For Knox Anderson. I'm Lisa Martin. You're watching the cube.

(soft electronic music) >> Welcome to this CUBE Conversation. I'm Lisa Martin. This conversation is part of our third AWS Startup Showcase for this year. I'm pleased to welcome Knox Anderson, the VP of Product Management at Sysdig. Knox, welcome to the program. >> Thanks for having me, Lisa. >> Talk to me a little bit about Sysdig, secure DevOps for containers, Kubernetes, and cloud. Give the audience an overview of what you guys do. >> So Sysdig is this secure DevOps platform that provides observability, security, and compliance functions for anyone that's adopting Kubernetes and Cloud. We really secure the entire lifecycle from source to production, so do things like scan your ISE for misconfiguration, monitor your runtime environments for threats and operational best practices. We provide a lot of capabilities around Prometheus Monitoring, as well, and then also let organizations perform incident response and compliance audits against these environments. >> So founded in 2013, talk to me about the gap in the market that you guys saw then and what some of the key challenges are that you saw for your customers. >> Yeah so we came to market around the same time as containers and Kubernetes and I'd say 2015 to 2018 we kept on saying it's the year of Kubernetes, it's the year of Kubernetes, it's the year of Kubernetes. And then really during the last year and a half in the COVID pandemic, Kubernetes has gone gangbusters. Every major cloud is seeing a huge adoption in their Kubernetes services so that's really our wedge into a lot of organizations. They're changing their platform to take advantages of containers and Kubernetes and you really have to rethink all of your security tooling, and that's when a company like Sysdig comes in. >> Talk to me about customers in terms of, especially in the last year and a half when things have been so dynamic, we've seen so much too, on the threat landscape front changing. Give me an example of a customer or two that you're really helped with solving some of their major challenges, here. >> Yeah, a great customer that we work with is SAP Concur and they kind of encompass a lot of the things that are nice about modern DevOps. So it's a DevOps team that's running a Kubernetes platform that thousands of developers are building their apps and deploying those onto. And they chose Sysdig because really it's not scalable to have every single data team ping that DevOps team and say what's the performance of my service, how is it responding, how can I get scanning integrated with that and so they use Sysdig as a platform that allows developers to easily onboard onto their Kubernetes clusters and then ensure that they're meeting compliance needs and FedRAMP needs for that platform that they deliver their core business apps on. >> Let's talk about the Sysdig's commitment to opensource on the Falco project. >> So Falco is a opensource project that we started at Sysdig, it's built on top of our core system core instrumentation. And so Falco meets a lot of your IDS or your file integrity monitoring requirements that you might have as you move to Kubernetes. And really, it's something we started at about 2016. In 2019, we donated that project to the CMCS which is the same governance body behind Kubernetes, Prometheus, and other kind of core building blocks of the climate of ecosystem. Since then, it's grown immensely. Companies like Shopify are using it to make sure that their PCI apps that they run Kubernetes are fully compliant. And so it's something that we are constantly contributing to the community also from even companies like AWS is a core contributor to the Falco project. And I'm really excited to see where it goes over the next year as Falco extends to also cover some cloud security use cases. >> What can you tell me about the relationship that Sysdig and AWS have? >> They've been a great partner. We internally run our SaaS on AWS so we're using AWS services to deliver our product to our customers. And then we've also really worked closely around how you can provide better security for services like Fargate. So we did working sessions with their engineering teams, learned what we could do to get the visibility that we need for tools like Falco and Sysdig to work seamlessly in Fargate environments. And last April we were able to kind of, AWS released that new functionality, Sysdig built on top of that, and we've already seen great adoption of customers using the Sysdig product on top of Fargate. >> Excellent. Well thank you very much, Knox, for stopping by theCUBE telling us about Sysdig, what you guys are doing ahead of the AWS Startup Showcase. We appreciate your time and your information. >> Thanks for having me. >> For Knox Anderson, I'm Lisa Martin. You're watching this CUBE Conversation. (soft electronic music)

>>Welcome back to the doctor khan cube conversation. Dr khan 2021 virtual. I'm john for your host of the cube of mulch, Donny co founder and CTO and see so for accurate hot startup hot company. Uh, thanks for coming on the cube for dr continent and talking cybersecurity and cloud native. Super important. Thanks for coming on, >>appreciate john. Thanks for having me. >>So here dr khan. Obviously the conversations around developer experience, um, making things more productive. Obviously cloud scale cloud native with docker containers with kubernetes all lining up right in line with the trend that's now going mainstream and all commercial enterprises. I mean developer productivity security is a huge times thing if you don't get it right. So, you know, shifting left is that everyone's talking about, but this is a huge challenge. Can you, can you talk about what you guys do at your company and specifically why it relates to this conversation for developers at dr khan. >>Sure. Um, so john as we understand today, there are millions of uh, you know, code comments that are happening in cloud native environments on daily basis. Um, you know, in a recent report, Airbnb reported, they've checked in 125,000 plus times ham charts in an ear. And what that means is that, you know, the guitars revolution is here. Uh, and that also means that, well, you got your kubernetes clusters sinking up with infrastructure as code, such as ham chart customized and yarrow files right almost several times a day now, what that also means is that the opportunity to make sure that your clusters are being deployed securely by these infrastructure as code templates and deployment has called template is available before the deployment happens and not after the deployment. Also, in order to reduce the cost or detecting security challenges. The best option and opportunity is during the development time and during the deployment time, which is the pipeline time and that's what we offer. We shift your cloud, native security posture detection to left. We detect all your security posture related issues while the code is in development in the design phase as well as while it is about to get deployed, that is within the guitars pipelines or your traditional develops pipelines and not only with detect where we sell feel the code as well, specifically infrastructure as code. So we detect the problems and we fix the problem by generating the remediation code which we like to call it as remediation is called. The detection mechanisms like all this policy is called. That's the primary use case that we offer. We help developers reduce the cost of remediation and also meantime to the mediations for security problems >>and actually see them a boatload of hassle to going back and figure out how they wrote the code at that time. And kind of what happened always is a problem. Um, I gotta Okay, so I'm gonna get into this policy is code. You mentioned that also you mentioned Getafe's revolution. Let's get to that in a second. But first I want you to explain to the folks what is cloud native security and what does that mean? And what kind of attacks emerge as that surface area becomes apparent? >>Absolutely. So cloud native security is a very interesting new paradigm. Uh it's not just related with one single control pain like take, for example, Cuban haters, it's not just that, it's also the supply chain elements that go into the deployment of your cloud native clusters. Like see if kubernetes cluster you need to secure not just the application code which is running inside your container images, but also the container image itself, then the pod, then the name space, then the cluster. And also you need to do all the other cyber hygienic, high generated things that we were doing previously. So it's so much of complexity because availability of different control planes, you need to be able to make sure that you are doing security, not just right, but at a very, very cost effective in a very, very cost effective manner. And the kind of attacks that we are predicting we're going to see in cloud native world are going to be very different from what we have seen so far. Especially there's a new attack type that I am have coined. I call that as cloud native waterhole attack. What it means is that imagine that most of the cloud native infrastructures are developed out of a lot of different open source components and pieces. So imagine you're pulling up a container image from a open source container agency and that continued which contains a man there container image can directly land into your cluster and not only can enter into your so called secure cluster environment. Usually the cluster control planes are not exposed to internet but deployment of one supply chain element like a Mallory's container image and exposed to an entire cluster. And that's what is waterhole attack when it comes to chlorinated water hole attacks to supply chains. So these are some very innovative and noble attacks that you know, we Uh you know, predict are going to come to our weigh in next 12-18 months. >>So you say it's a waterhole attack. That's the that's the coin term that you've made. So basically what you're saying is the container could be infected with all the properties that is containing into a secure cluster. It's almost been penetrated like malware would or spear phishing attack, it targets the cluster and then infects it. >>So not only that because your continuing images that you're pulling in um from your registries registries can be located anywhere right? If you do not do proper sanitization and checking off your supply chain components such as a continuing image, it can land insecure zones like this. So not only in a cluster, it can become part of a system named space very soon and and that's where the risks are that, you know, you had a parameter, you know, at least of some sort when it was non cloud native environments. And now you have a kind of false sense of security that I have equivalent is cluster, which sort of air gap in one way like there's no exposure to internet of the control plane control being a P. I. Is not supposed to Internet, that doesn't mean anything. A container enters into your cluster can take over the entire cluster. >>All right, so that's cool. So I love that attacks kind of attack. So back to cloud native security definition. So you're defining cloud native security as cloud native clusters. Is it specific around kubernetes or what specifically the cloud native security? What's the category? If the if water holds the attack vector, what's cloud native security means? >>So what it means is that you need to worry about multiple different control planes in a cloud native environment. It's not just a single control pain that you have to worry about. You have to worry about your uh as I said, kubernetes control plane, you have service measures on top of it, You could have server less layers on top of it and when you have to worry about so many different control pains, but it also means is that the security needs to become part of and has to get baked into the entire process of building cloud native environment, not afterthought or it shouldn't happen after the fact. >>See the containers for containers that watch the containers security for the security to watch the security. So you get so let's get we'll get to that. I want to get back to the solution, but one more thing. Um this one piece. So your c so um there you have a lot of shops in there from your background, I know that. Um So if if people out there, other Csos are looking at expanding, You know, day one day 2 ongoing, you know, ai ops get upstate to operate what everyone call it cloud native environments. How do they consider figuring out how to deploy and understand cloud need to secure? What do they have to do if you're a c So knowing what, you know, what steps are you taking? >>Yeah, it's funny that, you know, there's a big silo today between the sea, so organizations and the devops and get ops teams. Uh so the number one priority, in my opinion, that the sea so s uh you know, have to really follow is having visibility into the uh developers. So developers who are developing not just code but also infrastructure as code. So there is a slight difference between writing python code versus writing uh say ham charts or customized templates. Right? So you need as a see saw, you know, see so our needs to have full visibility into Okay, out of 100 developers, how many do I have who are writing deployment as code? And then how many of them are continuously checking in code and introducing security issues? Those issues have to be visualized while the issues are written in code and as they are getting checked into the repositories, so catch the security issues while the code is getting checked into the repository. And the next best stages catch the issues while the pipelines are picking up the code from the repository. So sisters needs to have visibility into this. I call it as shift left visibility for CSOS. So sisters need to know, okay, what are my top 10 developers who are writing infrastructure as code? How many of those developers are committing wonderful code. How many of these pull requests which have been raised have got security violations? How many of them have been fixed and how many have not been fixed? That's what is the visibility that can uh you know, provide opportunities to seize organizations to >>react and more things to put KPI S around two to understand where the gaps are and where the potential blind spots are. Okay, shift left visibility to see. So if you've got the get ups revolution, you got the waterhole attacks. You have multiple control planes obviously complex. The benefits of cloud native though are significant and people doing modern applications are seeing that. So clearly this is direction that everyone's going. The consensus is clear. So how do you solve this? You mentioned policy as code. I'm kind of connecting the dots here. If I'm going to understand what's going on in real time as the code is in flight as it's checking in. For instance, this is kind of in the pipeline as you say. So this has to be solved. What is the answer to this? Because it's clearly the way people want it. No one wants to come back and say we got hacked or development being pulled off task to figure out what they fixed or didn't do what's the policy is code angle? >>So um you know, of course, you know, there could be more than one ways to solve this problem. The way we are solving this problem is that first thing we are bringing all top type of infrastructure as code and the control planes into a single uniform format, which we like to call it as cloud, as code. The reason why we do that so that we can normalize the representation of these different data sets in one single normalized format. And then we apply open policy agent which is a C N C F uh graduated project, which is kind of the de facto standard to do any kind of policy is called use cases in the cloud native world today. So we apply open policy agent to this middleware that we create, which basically brings all these different control plane data, all the different infrastructures code into anomalous format. We apply O P A and we use policies to apply uh Opie on this data this way. What happens is that we write, for example, we want to write a policy, you don't want certain parts to be exposed to Internet in a given name space. You can write such a policy. This policy, you can run on life cluster as well as on the hand charts, which is your development side of the artifact. Right. Because we're bringing both these datasets into middleware. So in short, one of the solutions that we are proposing is that different control planes, different infrastructures, code has to be brought into a normalized format. And then you apply frameworks like Opie a open policy agent to achieve your policy is called use cases. >>What is the attraction for this direction? O. P. A. In particular obviously controlled planes. I get that. I can see the benefit of having this abstraction away with the normalization. I think that would enable a lot of innovation on top of it. Um Makes a lot of sense, totally cool. What's the attraction? What's the vibe? Are people reacting to this? Uh Some people might say whoa hold on, you're taking on too much uh your eyes are bigger than your stomach. You're taking on too much territory. Whoa, slow down. I can I I want to own that control plane. There's a lot of people trying to own the control plane. So again it's a little bit of politics here. What's your what's your thoughts on the momentum? What's the support, what's it look like? >>Yeah, I think you are getting it right, the political side of things. So, um, you know, one responses that, look, we have launched our open source project contour a scan uh last year and uh you know, we're doing pretty well. It's a full opium based uh in a project which allows you to do policies code on not only new cloud control planes, like, you know, kubernetes and others, but also the traditional control planes provided by CSP s like cloud security, cloud service providers. So parents can can be used not just for hand charts and customized, but also for terra form. What we are uh promoting is open culture. With scan. We want community to contribute, become part of it. Um yes, we are promoting a middleware here uh but we want to do it with the help of the community and our reaction what we're getting is very very good. We are in our commercial offering also we use opa we have good adoption going on right now. We believe will be able to uh you know with the developer community, you have this thing going for us. >>I love cloud as code. It's so much more broader than infrastructure as code and I'll see the control plane benefits. You know when I talk to customers, I want to get your reaction to this because I really appreciate your experience and and leadership here. I talked to customers all the time and I wont say name, I won't name names but they're big, big and fintech and you'll big and life sciences in other areas. They all say we want to bring best to breed together but it's too hard to make it all work. We can get it done, but it's a lot of energy. So obviously building code and getting into production that is just brute force. Anyway, they got to get that done and they're working on their pipe lining. But getting other best of breed stuff together and making it work is really hard. Does this solve that? Do you, are you helping solve that problem? Is this an integration opportunity? >>Yes, that and that is true and we have realized it, you know, uh long back. So that's why we do not introduce any new tooling into the existing developer workflows, no new tool whatsoever. We integrate with all existing developer workflows. So if you are a, you know, modern uh, you know, get off shop and you're using flux or Argo, we integrate terrace can seamlessly integrated flux in Argo, you don't even get to know that you already have what policy is called enabled if you're using flux Argo or any equivalent, you know, getups, toolkit. Likewise, if you are using any kind of uh, you know, say existing developer pipeline or workflows such as, you know, the pipelines available on guitar, get lab, you know, get bucket and other pipelines. We seamlessly integrate our motor is very, very simple. We don't want to introduce one more two for developers, we want to introduce one more per security. We want to get good old days, >>no one wants another tool in the tool shed. I mean it's like, it's like really like the tool shit, they get all these tools laying around. But everyone again, this is back to the platform wars in the old days when I was younger. Breaking into the early days of the web platforms were everything you have to build your own proprietary platform Wasn't some open source being used, but mostly it was full stack. Now platforms are inter operating with hybrid and now Edge. So I want to get your thoughts on and I'm just really a little bit off topic. But it's kind of related. How should companies think about platform engineering? Because you now have the cloud scale, which in a way is half a stack. You don't really if you're gonna have horizontal scalability and you're gonna have these kind of unified control planes and infrastructure as code. Then in a way you don't really need that full stack developer. I mean I could program the network. I don't need to get into the weeds on that. I got now open policy agent on with terrorists. Can I really can focus on developing this is kind of like an OS concept. So how should companies think about platforms and hiring platform engineers and and something that will scale and have automation and all the benefits and goodness of the cloud scale. >>Yeah, I mean you actually nailed it when you began uh we've been experienced since we've been experiencing now since last at least 18 months that and if I were specifically also, I'll touch based on the security side of things as well. But platform engineering and platforms, especially now everything is about interoperability and uh, what we have started experiencing is that it has to be open. The credibility any platform can gain is only through openness interoperability and also neutrality. If these three elements are missing, it's very hard to push and capture the mind share of the users to adopt the platform. And why do you want to build a platform to actually attract partners who can build integrations and also to build apps on top of it or plug ins on top of it? And that can only be encouraged if there is, you know, totally openness, key components have to be open source, especially in security. I can give you several examples. The future of security is absolutely open source, the credibility cannot be gained without that. A quick example of that is cystic. I mean, who thought they were gonna be pulling such a huge, you know, funding round, of course that all is on the background of Falco, Right? So what I'm trying to play and sing and same for psyllium, Right? So what I'm clearly able to see is the science are that especially in cybersecurity community, you are delivering open source based platforms, you will have the credibility because that's where you will get the mindshare developers will come and you know, and work with you of course, you know, I have no shame naming fellow vendors right, who are doing this right and this is the right way to do it. >>Yeah. And I think it's it's totally true and you see the validation on that just to verify your point out that we have a little love fest here on open source, it's pretty obvious the the end user communities are controlled not the hard core and users like the hyper scholars, you know, classic enterprises are are starting not only contribute participate but add value more than they've ever have. The question I want to ask you is okay. I totally agree on open as data becomes super important because remember data is only as good as what you have and the more data the better the machine learning the better the data scale, um, sharing is important. So open sharing kind of ties into open source. What's your thoughts on data? Data policy, is this going to extend out into data control planes? What's your thoughts there? I'd love to get your input. >>We are a little little bit early in that thought. I think it's gonna take a little while uh for you know, the uh for the industry bosses to come to terms to that uh data lakes and uh you know, data control planes eventually will open up. But you know, I I see there is resistance in that space today uh but eventually it's gonna come around. You know, that has because that would be the next level of openness, you know, once the platforms uh in a mature as an example right today. Um you want to write uh you know, any kind of say policies for your same products, right. Uh you have the option available to write policies and customized, you know, languages. But then many platforms are coming up which are supporting policy is developed in in languages which are open and that's data which is going to open up, you know very soon. So you will not be measured in terms of how many policies you have as a product, but you will be measured. Can you consume? Open policies are not so i that it is going to go there, it's going to take a little while, but I think he is going to move that. >>It makes sense. Get the apparatus built on the infrastructure side. Once you have some open policy capability that's going to build an abstraction on top of it, then you can program data to be more policy driven or dynamic based upon contextual behavioural dynamics. So it makes a lot of sense. Oh, great insight here, love the conversation, Congratulations on your success. Love the vision. Love the openness. I'll see. We think uh data as code is big too. Obviously media's data where CUBA is open. We have we have the same philosophy. So thanks for sharing. Love the vision. Take a minute to plug the company. What are you guys looking to do? Uh you guys hiring, take a minute to put the plug out for the for the company? >>Absolutely. We are absolutely hiring great ingenious, you know, a great startup mind folks who want to come and work for a very, very innovative environment. Uh we are very research and development, you know driven and have brought various positions available today. Um we are trying to do something which has not been attempted before. Our focus is 100% on reducing the cost of security. And uh you know, in order to do that, you really have to do things that previously were not in development environments. And that's where we're going. We're open source uh, you know, open source initiatives, big open source lovers and we welcome people come in and apply our positions, >>reduce the cost of security, do the heavy lifting for the customer with code and have great performance, that's the ultimate goal. Great stuff. Cloud need security, threat modeling, deV stickups, shifting left in real time. You guys got a lot of hard problems you're attacking? >>Um well, you know, some of the good things uh that we're doing is also because of the team that we have right. Most of our co team comes from very heavy threat modeling, threat analysis and third intelligence background. So we have we're blending a very unique perspective of allowing developers to tackle the threats, which they're not supposed to even understand how they work. We do the heavy lifting from threat intelligence point of view, we just let the developers work on the code that we generate for them to fix those threats. So we're shipping threat intelligence and threat modeling also to left. Uh we're one of the first companies to create threat models just out of infrastructure is called, we read your infrastructure as code and we create a digital twin of your cloud late at one time, even before it has been actually built. So we do some of those things which we like to call it just advanced bridge card prediction where we can predict whether you have reach parts a lot in your runtime environment that would have been committed. >>And then the Holy Grail obviously the automation and self healing um is really kind of where you've got to get to. Right, that's the whole that's the whole ballgame, right? They're making that productive. Oh, thank you for coming on a cube here. Dr khan 2021 sharing your insights, co founder and CTO and see so. Oh much Danny. Thank you for coming on. I appreciate it, >>monsieur john thank you for having >>Okay Cube coverage of Dr Khan 2021. Um your host, John Fury? The Cube. Thanks for watching. Yeah.

>>Ly from San Diego, California. It's the cube covering to clock in cloud native con brought to you by red hat, the cloud native computing foundation and its ecosystem Marsh. >>Welcome back. This is the cubes fourth year at coupon cloud native con 2019 here in San Diego. I'm zooming in and my cohost is John Troyer and welcome to the program, John Coyle, who's the vice president of business and corporate development at Sumo logic. Thanks so much for joining us. Thank you. All right, so John, we had the cube at Summa logic illuminate, uh, where you had a relevant announcement. I've heard you've had some great momentum of that. So why don't you bring us up to speed kind of the communities related >>happy to, yeah, this is an exciting CubeCon for us. This year, two months ago at our user conference, we announced our, our Kubernetes solution. Um, we believe it's the, the, the uh, the first true dev sec ops solution for Kubernetes that is one platform to, to provide monitoring, troubleshooting, and security across a Kubernetes environment. And uh, so far it's been an incredibly successful launch. Um, it seems to have hit a real, real sweet spot with, uh, with customers that are, uh, increasingly, or their adoption of Kubernetes and, uh, and growing, uh, growing quite rapidly and, and figuring out how to monitor and troubleshoot and secure that at scale is a huge challenge. >>Well, yeah, so look, you brought up DevSecOps and, and you know that scaling the surface area is ever increasing. We're talking a lot about edge at this conference, uh, too. So that that surface area is getting order of magnitude bigger, the amount of change going through there. So, you know, how do you help those teams? You know, it can't just be people. There's gotta be, there's gotta be automation, there's gotta be platforms that just enable me. Yeah. Great. So what do we really mean by dev sec >>ops instead of just throwing it around? Really, the way we break it down, uh, broke the solution down is that the three core components, the ability to, uh, to, to, to do discoverability observability and security. So when we say discoverability, creating an intuitive interface by which, uh, everyone from an SRE to a SOC analyst can easily, uh, denify, um, issues and, and uh, the context of the application that's running on Kubernetes. The next piece is then observability being able to, um, get all of the relevant data, the logs, the metrics, the events that you care about to, to determine whether you have an issue or not. And then doing that all in the context of not a traditional infrastructure view, but really in a service level view, which our practitioners and our customers really care about. They think about their, their microservices based apps in terms of the app itself and the all of the different microservices that uses not on the underlying infrastructure that's there. And, uh, although that may sound subtle difference between monitoring and providing visibility from an infrastructure perspective, it actually makes all the difference in terms of being able to effectively and quickly identify an issue and then remediate it. Um, these environments are getting way, way too complex, especially in on top of Kubernetes as you look. The, I had serverless, the ephemeral nature of these environments. It's, it's, it's, it's a huge trend. >>All right, so just, I hear you throw out a lot of things and there's a word I didn't hear that I've been hearing a lot this year, especially when you talk about, uh, you know, when the container rolled and even serverless, it's observability because you know, that the traditional looking at logs, monitoring environments, I need a system view. I need to be able to deal with all of the realtime changes. So, uh, what, what sumos take on a kind of this observability trend that we've heard a lot of companies talking about. >>Yeah, yeah. That's where we've invested. The vast majority of the, the, the, the development in this solution is around deservability. And again, it starts with being able to ingest all the logs, metrics and events. Um, and in that, in, in that way, we've, we've embraced the open source community and you're using things like fluent bit fluent D Prometheus's. So leveraging the tools that are already out there, getting that data into the platform and then being able to allow, you know, different users. The, uh, a hierarchical approach to navigate through the data and the content that they care about and basically apply the mental model they have for their microservices that are Coobernetti's infrastructure to, to the actual tool they're using. So we've brought out, uh, a new Explorer UI, which allows, as I mentioned, from an SRE to a SOC analyst to go get the view they care about that's relevant to the security problem they're trying to solve or, you know, a reliability issue they're seeing with one of their, one of their core applications. >>John, I want to stick with good with Kubernetes itself for a minute here. And some of the words that have already been, you've already, we've already said here are things like microservices. Yup. And also scalability and complexity. So what is Kubernetes and apps that are built on Kubernetes bringing, uh, to the data center or the, or the public cloud that, uh, are, what are the problems they're bringing with them that, that you all are helping solve? Oh yeah, that's a great question. Um, I think some of them were, you know, complexity of microservices. And let me ask you for answering first in the context of what we see. Uh, at our larger customers that are more traditional, that have legacy systems, generally what's happening is they're their most important applications. The customer facing, the revenue generating applications, whether it's an insurance company or a bank. Those applications are getting modernized first and they're moving to containers, microservices, Kubernetes. >>Um, and as those teams go ahead and develop and build, um, the, uh, the it and the security systems designed for legacy apps can't really support them. So first and foremost, those teams are struggling with visibility to what actually is happening and, and, you know, the traditional monitoring and troubleshooting, but really doing it from a service focused perspective as opposed to just an infrastructure, you know, whether something's up or down or, or, or, or, or, or, or slow or fast. And that is one of the biggest challenges they have. And providing that, that discoverability coupled with that observability is key for our more mid market type customers that were born in the cloud or cloud native. They get this right away and have really been solving this problem by uh, a hodgepodge of different solutions and really having a swivel chair type management where they move from one pane of glass to another and they kind of connect the dots. >>And again this comes back to they already have a mental model of the way their infrastructure and their applications work so they're able to piece that together. Um, but I think that that, that, those days of, of, of relying on that are, are, are, are, are fewer and fewer because the applications and the, and the systems are becoming more and more distributed, more and more complex. And especially then as you add security into the mix, which I think a lot of customers are waking up. This is great. We're not really securing this as effectively as we should be. How do you bring that into the mix also? So John, I'm wondering if you could bring us into the organizational dynamics of what's happening here. You talk about scale. Every customer we talk to here is they're spanning between their traditional environment and then they're modernizing things. >>They build some new somethings get ported over. But you know, I don't want to use the word bi-modal, but they need to pull things along and security needs to live in all of these worlds. So, so what, what, what kind of impact is that having on the organization? And we think it's dramatic and that's why I, I started out the conversation by we really believe we have a dev sec ops solution. It's just not marketing speak where, um, if you look at the announcement we made at illuminate, um, we, we highlighted how we, we've also embraced Falco, the security opensource Gabriel, but also announced integrations with the leading container and Kubernetes solutions in the market. Aqua Twistlock, uh, stack rocks where, um, dev ops and security are really all coming together. Where that, again, back to the analogy I made before the platform needs to be able to serve both the SRE for a traditional, you know, reliability issue all the way up to a SOC analyst who's trying to troubleshoot and identify whether there's a real threat with a particular application vulnerability. >>And it all needs to be in the context of, of, of one platform. You can't have two different systems going forward. The, uh, with the, um, I lost my question here. So a partnership announcement announced this week. We were talking about some of the partners you work with. Give us broader view as to, you know, what the, what, what the news is this. Yeah, we're, we're excited. So the, we, uh, on Monday we announced the, the Sumo logic app intelligence partner program. Um, and really this, the, the first iteration of this was this was announced at illuminate with, uh, with the, the partners I mentioned. Uh, Aqua stack rocks Twistlock, um, armory, um, circle CEI, uh, code fresh who all built apps integrated into our Kubernetes solution that provides customers with, uh, with a deep insight into monitoring, troubleshooting and securing those different tools. Um, and this partner program extends that where we're now making it a much more open and easier for any, any, any vendor here today to join the program, build, uh, an integration directly to the Sumo logic platform and, and provide rich, rich content. >>We've been building an awful lot of these apps ourselves over the years. Um, but we're working, looking to work with partners more closely as they know their, their apps, their use cases, their content much better than we will. And kind of forging that, that, that, that, that partnership to, to bring that, you know, combined added value to customers. And this is something that our customers continually ask us for. I've got this new tool, I want to get that information into Sumo and be able to, to, to get value like I am with all the other solutions. I haven't seen them. I do want to follow up now. Okay. Which is that you do have a great customer base, right? And so you have a great visibility into the market. Yeah. One of the buzzwords that flies around the industry is multi-cloud. Yes. And so I'm very curious on how you and your customers are seeing the progression in the marketplace, their landscape, multi-cloud. >>Because there are people out out there who are very, very far ahead of everybody else who are kind of, sometimes the word multicloud gets made fun of. I think it's actually real life. So can you talk to us a little bit about your costs? Yes. Yeah. We've, we see that, uh, we see that front and center and Kubernetes has run to the big drivers to it, right? It's, it's, uh, it's made these different clouds, uh, very equal for whether I run a, a Kubernetes environment on premise or move in AWS. I could easily move into GCP or Azure. And, uh, at our user conference two months ago, we brought out a continuous talent report that we bring out annually. And there's some interesting statistics in that where we see the more the growth and, uh, customers that are multi-cloud. It's all being driven by their adoption of Kubernetes. >>And it, it, it basically, uh, abstracts out the, the underlying the underlying infrastructure and now allows them to, to move across that. And uh, we see that as a huge demand. Yeah. I actually have some of the stats here that's, which reminded me of my question, which is, you know, enterprise adoption of multi-cloud in your survey, 50% growth year over year, you know, 80% of customers, if you look at all the clouds are, are using some sort of Kubernetes. So I mean that's the, those are real struggling numbers actually. Yeah. Yeah. Just about every major company we speak to has some initiative to get to multi-cloud timing question of how large and when they're going to actually do all that. But it's on everyone's roadmap for sure. >>All right, well, John, I'm glad we've solved all the security issues in multicloud today. Um, for, for those people that might have a little bit more to fix, you know, give us a little bit of a look forward as to what more, uh, you know, where we're going. Uh, both for Sumo and for everybody in the dev sec ops space on that, that kind of the, the, the, the growing, uh, maturity there. >>Yeah, I think, uh, you know, two areas, uh, we're, we're excited about is, um, being able to, you know, many respects. I, I look at our business, uh, we're very, very similar to a bank. People in invest or we ingest their data into the bank of Sumo, uh, with the promise of returning it back to them with some interest or some, some, some return on it. And, um, there's no shortage of data coming to us. So being able to allow customers to do and use that data in more granular, uh, and bifurcate that data all day does not, uh, created equal but allow them, uh, economically to get more value out of that data. You're going to see a lot of, uh, you know, what we call like economic disruption coming from us in the next, uh, next few weeks, next, uh, next year. And some of the things we're, we're, we're talking about. >>Um, and then also, um, taking a, a powerful platform like sumos continuous intelligence platform and really helping customers map it more directly to specific use cases. Uh, we have, uh, we have, uh, a graphic on the, on the new website announcing the app intelligence partner program that basically shows here's just about any customers, uh, uh, uh, development pipeline, whether it's a bank or a hot startup going from an idea all the way to production. Um, they need visibility and security across all of that. That, that, that, that, that, uh, that infrastructure and those applications and we can provide that what we need to do a better job is helping customers understand how they can apply the power of what we have to these specific use cases all along that pipeline. Um, and you know, as I'm sure you can attest some other conversations there, there's, there's a lack of, of a, uh, there's a labor shortage of knowledge of how you take all these new technologies and really apply them, uh, very effectively at scale. Um, and that's, that's an area we're going to be investing in heavily to help customers do that. All right, >>perfect. Way to end. Thank you, John. Thanks for giving us the update. Chandon congratulate to them the progress since illuminate for John Troyer Omstead amendment. Stay with us for more wall-to-wall covered here from cube con cloud native con 2019 stay classy. San Diego and thank you for watching the cube.

(upbeat music) [Reporter] - Live from San Diego, California it's theCUBE covering Goodcloud and Cloud- Native cloud. Brought to you by Red Hat the Cloud-Native computing foundation. and its ecosystem partners. >> Welcome back, we're here at Kubecon Cloud-Native con 2019 in San Diego, I'm Stu Miniman. We've got over 12,000 in attendance here and we have a three guest lineup of Kubecon veterans here. To my right is Loris Degioanni who's the CTO and founder of Sysdig. To his right, representing the Tiger is Amit Gupta who's vice president of business development and Product Management at Tigera, and also Knox Anderson who's Director of Product Management. We know from the Octopus, Amit, that also means that he's with Sysdig. So gentlemen, thank you all for joining. [Loris]- Octopus and Tiger >> Octopus and Tiger, bringing it all together on the tube. We have a menagerie as it were. So Loris, let's start as they said, you know all veterans, you've been here, you've almost been to every single one, something about a you know, a child being born made you miss one. [Loris] - The very first one. >> So, why don't you bring us in kind of what's so important about this ecosystem, why it's growing so fast and Sysdig's relationship with the community? >> Yeah, I mean, you can just look around, right? Kubecon is growing year after year, it's becoming bigger and bigger and this just a reflection of the community getting bigger and bigger every year, right? It's really looks like we are, you know, here with this community creating the next step, you know? For computing, for cloud computing, and really, you know, Kubernetes is becoming the operating system powering, you know, the cloud and the old CNC ecosystem around it is really becoming, essentially the ecosystem around it. And the beauty of it is it's completely open this time, right? For the first time in history. >> All right, so since you are the founder, I need to ask, give me the why? So we've been saying you know, we've been starting this program almost 10 years ago and the big challenge of our time is you know building software for distributed systems. Cloud's doing that, Edge is taking that even further. Bring us back to that moment of the birth of Sysdig and how that plays into all the open source and that growth you're talking about. >> Yeah, I mean, Sysdig was born, so first of all, a little bit of background of me. I've been working in open source and networking for my whole career. My previous company was the business behind washer, then it took on a live service, so, a huge open source community and working with enterprises all around the world, essentially to bring visibility over their neighbors. And then I started realizing the stack was changing radically, right? With the event of cloud computing. With the event of containers and Docker. With the event of Kubernetes. It, legacy ways of approaching the problem were just not working. Were not working the technical level because, you need to create something completely new for the new stack but they were also not working at the approach level. Every thing was proprietary. Every thing was in silos, right? So the approach now is much more, like inclusive and community first, and that's why I decided to start Sysdig. >> All right. so Amit, we know things are changing all the time. One thing that does not ever change is security is paramount. I really say, I go back 10 or 15 years you know, they've got a lot of lip service around security. Today, it's a board level discussion. Money, development, especially here in the Cloud-Native space it's really important so, talk about Tigera relationship with Sysdig and very much focused on the Kubernetes ecosystems. >> Absolutely. So I couldn't agree with you more, Stu. I mean, security is super critical and more so now as folks are deploying more and more mission critical applications on the Kubernetes based platform. So, Sysdig is a great partner for us. Tigera provides networking and network security aspects of that Kubernetes deployment. And if you think about it how modern applications are built today, you've taken a big large model and decomposed into hundreds of micro services so there's procedural cause that were happening inside the code and now API calls on the network so you've got a much bigger network with that service a highly distributed environment. So the traditional architectures where you manage the security typically with the firewall or a gateway, it's not sufficient. It's important, it's needed and that's really where, as people design their architecture, they have to think about how do you design security across that entire infrastructure in a distributed fashion or done in the early stages of your projects. >> Knox, help us understand the relationship here, how it fits into Sysdig's product with Tigera. >> Yeah, so we're great partners with Tigera. Tigera lives at the network security level. Sysdig's secure in that the product we built extends the instrumentation that Loris started off with our open source tool, to provide security across the entire container lifecycle. So at build time, making sure your images are properly configured, free of vulnerabilities at run time, looking at all the activity that's happening and then the big challenge in the Kubernetes space is around incident response and audit. So if something happens in that pod, Kubernetes is going to kill it before anyone can investigate and Sysdig helps you with those work flows. >> Maybe it would help, we all throw around those terms, Cloud-Native a lot and it's a term I've heard for a number of years. But the definition like cloud itself is one that you know matures over time and when we get there so, maybe if we focus in a little bit on Cloud-Native security. You know, what is it we're hearing from customers, what does it mean to really build Cloud-Native Security. What makes that different from the security we've been building in our data centers, in clouds for years? >> Well I thought Cloud-Native was just a buzzword. Does it actually mean something? (laughs) >> Well hopefully it's more than just a buzzword and that's what I'm hoping you could explain. >> Yeah, so again, the way I see it is the real change that you are witnessing is how software is being written. And we're touching a little bit on it at this point. Software intended to be architected as big monoliths now is being splayed into smaller components. And this is just a reflection of software development teams in a general way being much more efficient when you can essentially, break the problem into sub-problems and break the responsibilities into sub-responsibilities. This is perhaps something that is extremely beneficial especially in terms of productivity. But also, sort of revolutionizes the way you write software, you run software, you maintain software, CICD, you know continues development, continues integration, pipelines, the reliance on GIT and suppository to store everything. And this also means that, securing, monitoring, troubleshooting infrastructures becomes much different. And one of things we are seeing is legacy two's don't work anymore and the new approaches like Calico Networking or like Falco and runtime security or like Sysdig secure, for the lifecycle and security of containers are something bubbling up as alternatives to the old way of doing things. >> I would add to that I agree with you. I would add that if you're defining a Cloud-Native security the Cloud-Native means it's a distributed architecture. So your security architecture has got to be distributed as well, absolutely got a plan for that. And then to your point, you have to automate the security as part of the various aspects of your lifecycle. Security can not be an afterthought you have to design for that right from the beginning and then one last thing I would add is just like your applications are being deployed in an automated fashion your security has to be done in that fashion so, policy is good, infrastructure is good and the security is just baked in as part of that process. It's critical you design that way to get the best outcomes. >> Yeah, and I'd say the asset landscape has completely changed. Before you needed to surface finding against a host or an IP. Now you need to surface vulnerabilities and findings against clusters, name spaces, deployments, pods, services and that huge explosion of assets is making it much harder for teams to triage events, vulnerabilities and it's really changing the process in how the sock works. >> And I think that the landscape of the essence is changing also is reflected on the fact that the persona landscape is changing. So, the separation between attempts and operation people is becoming thinner and thinner and more and more security becomes a responsibility of the operation team, which is the team in charge of essentially owning the infrastructure and taking care of it, not only for the operational point of view but also from the security. >> Yeah, I think I've heard the point that you've made a many times. Security can't be a bolt on or an afterthought. It's really something fundamental, we talk about DevOps is, it needs to be just baked into the process, >> Yeah. >> It's, as I've heard chanted at some conferences, you know, security is everyone's responsibility, >> Correct. >> make sure you step up. We're talking a lot about open source here. There's a couple of projects you mentioned, Falco and Calico, you're partners with Red hat. I remember going to the Red Hat show years ago and they'd run these studies and be like, people are worried that open source and security couldn't go side by side, but no, no you could actually, you know open source is secure but taking the next step and talking about building security products with open source give us, where that stands today and how customers are you know embracing that? And how can it actually keep up with the ever expanding threat surfaces and attacks that are coming out? >> Yeah. First of all as we know open source is actually more secure and we're getting proof of that you know, pretty much on a daily basis including you know, the fact that tools like Kubernetes are regularly scrutinized by the security ecosystem and the vulnerabilities are found early on and disclosed. In particular, Sysdig is the original creator of Falco which is an open source, CNCF phased anomaly detection system that is based on collecting high granular data from a running Kubernetes environment. For example, through the capture of the system calls and understanding the activity of the containers and being able to alert about the anomalous behavior. For example, somebody being able to break into your container, extricating data or modifying binaries, or you know perpetrating an attack or stuff like that. We decided to go with an approach that is open source first because, first of all, of course, we believe into participating with the community and giving something as an inclusive player to the community. But also we believe that you really achieve better security by being integrated in the stack, right? It's very hard , for example, to have, I don't know, security in AWS that is deeply integrated with the cloud stack upon us, alright? Because this it's propietary. Why would Kubernetes solutions like Falco or even like Calico, we can really work with the rest of the community to have them really tightly coupled and so much more effective than we could do in the past. >> You know, I mean I would make one additional point to your question. It's not only that users are adopting open source security. It's actually very critical that security solutions are available as an open source, because, I mean, look around us here this is a community of open source people, they're building and distributing infrastructure platform from that is all open source so we're doing this service if we don't offer a good set of security tools to them, not an open source. So that's really our fundamental model that's why Calico provides two key problems networking and network security for our users, you deploy your clusters, your infrastructures, and you have all the bells and whistles you need to be able to run a highly secure, highly performing cluster in your environment and I believe that's very critical for this community. >> Yeah, and I'd say that and now with open source, prevention has moved into the platform. So, with network policy and things like Calico or in our 3.0 launch we incorporated the ability to automate tests and apply pod security policies. And those types of prevention mechanisms weren't available on your platforms before. >> Okay, I often find if you've got any customer examples, talk about, you know, how they're running this production kind of the key, when they use your solutions you know, the benefits that they're having? >> Yeah, I'll take a few examples. I mean, today it is probably fair to say Calico from the partial phone home data we get a 100,000 plus customers across the globe, some of the, I can't take the actual names of the customers but, so the largest banks are using Calico for their enterprise networking scenarios and essentially, the policies, the segmentation inside the clusters should be able to manage the security for those workloads inside their environments. So that's how I would say. >> Yeah, and Sysdig, we, have an open core base with Falco, and then we offer a commercial product called Sysdig secure, in particular, last week we release version 3.0 of our commercial product which is another interesting dynamic because if we can offer the open core essentially to the community but then offer additional features with our commercial product. And Falco is installed in many, many thousands extension of platforms. and Sysdig secure you know secures, and offers visibility to the biggest enterprises in the world. We have deployments that are at a huge scale with the biggest banks, insurance companies, media companies, and we tend to fall to cover the full life cycle of applications because as the application and as the software moves in the CICD pipeline so security needs to essentially accompany the application through the different stages. >> All right, well thank you all three of you for providing the update. Really appreciate you joining us in the program and have a great rest of the week >> Thank you very much. >> Thank you. >> Thank you. >> We'll be back with more coverage here from Kubecon, Cloud-Nativecon. I'm Stu Miniman and thanks for watching theCUBE. (upbeat music)

(dramatic orchestral music) >> Hey, welcome back everybody. Jeff Frick, here, at theCUBE. We're at the Palo Alto studios taking a very short break in the middle of the crazy fall conference season. We'll be back on the road again next week. But we're excited to take an opportunity to take a breath. Again, meet new companies, have CUBE conversations here in the studio, and we're really excited to have our next guest. He's Apurva Dave, the CMO of Sysdig. Apurva, great to see you. >> Thanks, Jeff, thanks for having me here. >> Yea, welcome, happy Friday. >> Appreciate it, happy Friday, always worth it. >> So give us kind of the 101 on Sysdig. >> Yep, Sysdig is a really cool story. It is founded by a gentleman named Loris Degioanni. And, I think the geeks in your audience will probably know Loris in a heartbeat because he was one of the co-creators of a really famous open source project called Wireshark. It's at 20 million users worldwide, for network forensics, network visibility, troubleshooting, all that great stuff. And, way back when, in 2012, Loris realized what cloud and containers were doing to the market and how people build applications. And he stepped back and said, "We're going to need "a totally new way to monitor "and secure these applications." So he left all that Wireshark success behind, and he started another open source project, which eventually became Sysdig. >> Okay. >> Fast-forward to today. Millions of people are using the open source Sysdig and the sister project Sysdig Falco to monitor and secure these containerized applications. >> So what did Sysdig the company delineate itself from Sysdig the open source project? >> Well, you know, that's part of the challenge with open source, it's like part of your identity, right. Open source is who you are. And, what we've done is, we've taken Loris's vision and made it a reality, which is, using this open source technology and instrumentation, we can then build these enterprise class products on top for security monitoring and forensics at scales that the biggest banks in the world can use, governments can use, pharma, healthcare, insurance, all these large companies that need enterprise class products. All based on that same, original open source technology that Loris conceived so many years ago. >> So would you say, so the one that we see all the time and kind of use a base for the open source model, you kind of, Hortonworks, it's really pure, open source Hadoop. Then you have, kind of, Mapbar, you know, it's kind of proprietary on top of Hadoop. And then you have Cloudera. It's kind of open core with a wrapper. I mean, how does the open piece fit within the other pieces that you guys provide? >> That's really a really insightful question because Loris has always had a different model to open source, which is, you create these powerful open source projects that, on their own, will solve a particular problem or use case. For example, the initial Sysdig open source project is really good at forensics and troubleshooting. Sysdig Falco is really good at runtime container security. Those are useful in and of themselves. But then for enterprise class companies, you operate that at massive scale and simplicity. So we add powerful user interfaces, enterprise class management, auditing, security. We bundle that all on top. And that becomes this Cloud-Native intelligence platform that we sell to enterprise. >> And how do they buy that? >> You can, as subscription model. You can use it either as software as a service, where we operate it for you, or you can use it as on-premise software, where we deliver the bits to you and you deploy it behind your firewall. Both of those products are exactly the same functionally, and that's kind of the benefit we had as a younger company coming to market. We knew when we started, we'd need to deliver our software in both forms. >> Okay and then how does that map to, you know, Docker, probably the most broadly known container application, which rose and really disturbed everything a couple years ago. And then that's been disturbed by the next great thing, which is Kubernetes. So how do you guys fit in within those two really well-known pieces of the puzzle? >> Yeah, well you know, like we were talking about earlier, there's so much magic and stardust around Kubernetes and Docker and you just say it to an IT person anywhere and either they're working on Kubernetes, they're thinking about working on Kubernetes, or they're wondering when they can get to working on Kubernetes. The challenge becomes that, once the stardust wears off, and you realize that yeah, this thing is valuable, but there's a lot of work to actually implementing it and operationalizing it, that's when your customers realize that their entire life is going to be upended when they implement these new technologies and implement this new platform. So that's where Sysdig and other products come in. We want to help those customers actually operationalize that software. For us, that's solving the huge gaps around monitoring, security, network visibility, forensics, and so on. And, part of my goal in marketing, is to help the customers realize that they're going to need all these capabilities as they start moving to Kubernetes. >> Right, certainly, it's the hot topic. I mean, we were just at VMworld, we've been covering VMworld forever, and both Pat and Sanjay had Kubernetes as parts of their keynotes on day one and day two. So they're all in, as well, all time for Amazon, and it goes without saying with Google. >> Yeah, so it's funny is, we released initial support for Kubernetes, get this, back in 2015. And, this was the point where, basically the world hadn't yet really, they didn't really know what Kubernetes was. >> Unless they watched theCUBE. >> Unless they watched-- >> They had Craig Mcklecky-- >> Okay, alright. >> On Google cloud platform next 2014. I looked it up. >> Awesome. Very nice-- >> Told us, even the story of the ship wheel and everything. But you're right, I don't think that many people were there. It was at Mission Bay Conference Center, which is not where you would think a Google conference would be. It's a 400 person conference facility. >> Exactly, and I think this year, CubeCon is probably going to be 7,000 people. Shows you a little bit of the growth of this industry. But, even back in 2015, we kind of recognized that it wasn't just about containers, but it was about the microservices that you build on top on containers and how you control those containers. That's really going to change the way enterprises build software. And that's been a guiding principle for us, as we've built out the company and the products. >> Well, way to get ahead of the curve, I love it. So, I see it of more of a philosophical question on an open source company. It's such an important piece of the modern software world, and you guys are foundationally built on that, but I always think about when you're managing your own resources. You know, how much time do you enable the engineers to spend on the open source piece of the open source project, and how much, which is great, and they get a lot of kudos in the ecosystem, and they're great contributors, and they get to speak at conferences, and it's good, it's important. Versus how much time they need to spend on the company stuff, and managing those two resource allocations, 'cause they're very different, they're both very important, and in a company, like Sysdig, they're so intimately tied together. >> Yeah, that last point to me is the biggest driver. I think some companies deal with open source as a side project that gives engineers an outlet to do some fun, interesting things they wouldn't otherwise do. For a company like Sysdig, open source is core to what we do. We think of these two communities that we serve, the open source community and the enterprise community. But it's all based on the same technology. And our job in this mix is to facilitate the activity going on in both of these communities in a way that's appropriate for how those communities want to operate. I think most people understand how an enterprise, you know, a commercial enterprise community wants to operate. They want Sysdig to have a roadmap and deliver on that roadmap, and that's all well and good. That open source element is really kind of new and challenging. Our model has always been that the core open source technology fuels our enterprise business, and what we need to do is put as much energy as we can into the open source, such that the community is inspired to interact with us, experiment, and give back. And if we do it right, two things happen. We see massive contribution from the community, the community might even take over our open source projects. We see that happening with Sysdig Falco right now. For us, our job then is to sit back, understand how that community is innovating, and how we can add value on top of it. So coming back all the way to your question around engineers and what they should be doing, step one, always contribute to the open source. Make our open source better, so that the community is inspired to interact with us. And then from there, we'll leverage all that goodness in a way that's right for our enterprise community. >> So really getting in almost like a flywheel effect. Just investing in that core flywheel and then spin off all kinds of great stuff. >> You got it, you know, my motto's always been like, if the open source is this thing off to the side, that you're wondering, oh, should our engineers be working on it, or shouldn't they, it's going to be a tough model to sustain long-term. There has to be an integrated value to your overall organization and you have to recognize that. And then, resource it appropriately. >> Right, so let's kind of come up to the present. You guys just had a big round of funding, congratulations. >> Yep, thank you. >> So you got some new cash in the bank. So what's next for Sysdig? Now you got this new powder, if you will, so what's on the horizon, where are you guys going next? Where are you taking the company forward? >> Great question, so, we just raised a $68.5 million Series D round, led by Inside Ventures and follow-on investors from our previous investors, Accel and Bane. 68.5 doesn't happen overnight. It's certainly been a set of wins since Loris first introduced those open source projects to releasing our monitoring product, adding our security product. In fact, earlier this year, we brought on a very experienced CEO, Suresh Vasudevan, who was the previous CEO of Nimble Storage, as a partner to Loris, so that they could grow the business together. Come this summer, we're having massive success. It feels like we've hit a hockey stick late last year, where we signed up some of the largest investment banks in the world, large government organizations, Fortune 500s, all the magic is happening that you hope for, and all of a sudden, we found these investors knocking at our door, we weren't actually even out looking for funds, and we ended up with an over-subscribed round. >> Right. >> So our next goal, like what are you going to do with all that money, is first of all, we're moving to a phase where, it's not just about the product, but it's about the overall experience with Sysdig the company. We're really building that out, so that every enterprise has an incredible experience with our product and the company itself, so that they're just, you know, amazed with what Sysdig did to help make Cloud-Native a reality. >> That's great and you got to bring in an extra investor, like in a crunch phase, you guys haven't had that many investors in the company, relatively a small number of participants. >> It's been very tightly held, and we like it that way. We want to keep out community small and tight. >> Well, Apurva, exciting times, and I'm sure you're excited to have some of that money to spend on marketing going forward. >> Well, we'll do our part. >> Well, thanks for sharing your story, and have a great weekend. I'm happy it's Friday, I'm sure you are, too. >> Thanks so much, have a great weekend. Thanks for having me. >> He's Apurva, I'm Jeff, you're watching theCUBE. It's theCUBE conversation in Palo Alto, we'll be back on the road next week, so keep on watching. See you next time. (dramatic orchestral music)