(upbeat bright music) >> Hello, welcome back to theCUBE's main stage coverage of DockerCon 2022. I'm John for your host of theCUBE. We have Knox Anderson, vice president of Product Management, Sysdig. Knox, welcome to theCUBE. >> Thanks for having me. Glad to be back. >> So IAC containers is going crazy madness in terms of adoption, standard, even mainstream enterprise, IT and cloud are all containerized. It's only getting better, and it increases the complications when you start thinking about scale and supportability. This is a huge discussion, and it ranges from how do you support, how do you run operations, how do you secure in the supply chain. All this is happening, and with the growth of cloud and server (indistinct) seeing Kubernetes at the center of everything. So I got to ask you, how has Kubernetes changed how you secure cloud infrastructure? >> Yeah, so Kubernetes is really the modern operating system for the cloud. And with that, you get a lot of facilities. So you get things like Kubernetes' network policies, you can use things like admission controllers. And with that, you're securing multiple layers, whether it's the control plane, individual workloads. And so there's a nice mixture of built-in tools, and part of the Kubernetes platform that then you can leverage to do prevention, auditing, and things like that. But it really requires an entire rethink of your stack and the tools you bring in alongside your people and processes. And so it's an exciting time because it gives you an opportunity to be more secure, but really have to rethink your approach there. >> And I want to get into the whole observability trend here 'cause you start thinking about the mobility, what containers enables. And getting all the data is everything. And then also that feeds into kind of having a good sense of what is going on. And when you hear about shift left and data as code, you know, developers don't want to get stopped coding, right? And then have to come back and go dig into things that they thought they had taken care of. So you kind of got this kind of flywheel going in the wrong direction. So that's causing teams to be disrupted. So how do teams keep up with the changes to the containerized applications or what to prioritize around that? Because if I shift left, am I done or what? And these are the things that come up all the time. >> Yeah. You have to shift left but also watch the right. Like, shifting left is a little bit harder from a people and process perspective. Like you put a tool in place, then it's a gating factor for getting in. And so that runtime context on the right is equally as important. And it's often easier to roll out a runtime tool just because you're not going in and introducing new processes. And that runtime visibility can also make shift left much better. If you're scanning a container image, you might get a thousand different vulnerabilities that you need to address, but only three of those are in packages that are actually executed at runtime. And so we recently released a feature called risk spotlight which does that exact feedback loop. And that's something that's important whether you're addressing vulnerabilities, misconfigurations, or responding to event. What's on the right, what's on the left, and then tie those together. >> Yeah, it's like left, right, it's like driving training here in the United States. You got a stop sign, you want to be moving, always be moving. I got to ask you what are some of the side effects of infrastructure automation and the result in code artifacts? >> Yeah, it's really, like, Kubernetes is nice because it's a declarative system, but it doesn't always work out that way. Like, someone might have a Helm chart and then someone else changes it in production. So understanding what is drift is really important in these environments. And then it also has enabled real remediation workflows. I think previously, you might patch something, a week later there's a new deploy, that patch gets written over. And so because Kubernetes and the rise of IAC, it's now easier to see a misconfiguration in production, open a poll request, and then fix that at source, which provides that full kind of visibility across those different environments. And it allows you to actually fix issues versus constantly being in that kind of whack-a-mole of patching things and moving on. >> Yeah, I mean this is all about cloud native development, and you look at, you know, some of the things going on, you're starting to see best practices developed. What do you guys see as a best practice for getting started with designing and securing cloud native applications? What are some of the tools that people should look at for beginners and for the entry-level position? And then as they get traction, what does that turn into? >> Yeah, so the pattern we've often seen is like someone gets started on the open source side, whether you're using Open Policy Agent or Falco, which Laurice who've you met with before created. And so really when you're starting, choose kind of the open source option. Learn from that. And then often what we've seen with customers is at scale, there's some companies like if you're in Uber, or Snapchat, and Apple, you can maybe build something around open source, but a lot of other people start to really consolidate platforms that are built on top of those open source technologies, and trying to get that really single view into what's happening in their environment, what are those events. And the thing that I would say, process wise, is most important is build that container center of excellence, that cloud center of excellence, whatever you call it, that brings together people from your ops team, your infrastructure team, your dev team, your security team. Everyone's got to have a seat at the table to have containers be successful. It's a big shift, and if you do it right, it really takes off, but each team really needs to be included there. >> Yeah, there's a lot of operational discussions going on around the devs, and the devs are being pulled to the front lines. We've been saying this for a decade, but now when you got edge computing, you got cloud native operations, on-premises, you start to see that they're getting pulled even further to the frontline. So, you know, what are you guys up to Sysdig? You know, they got a lot of developers here at DockerCon, what's in it for them? Why Sysdig, why should they care? What would you say to the old developers that are watching? What's in it for them? >> Yeah, we really make it easier for you to prioritize what to fix and what to address in your environment. I know I've built something before and like, my test suite or my scanner just lights up like a Christmas tree, and you just want to move to another task because it's just too much to deal with at that time. And so we really help you focus on what matters and get the most bang for your buck. Everyone has way too much time or too many things going on and not enough time. And so being able to understand effective risk, your different vulnerabilities, what to fix, is really key to delivering secure software. >> I mean, it's like a doctor needs to know what to work on with the patient, if you will, when to, and what's important, and then the dependencies, and you got, a system's mindset, you got to know what the consequences. So it sounds easy, just knock down a list of things, but isn't that easy. You got to want to hit things that you know that will be, to have an impact right away. That seems to be the big aha moment here. >> Yeah, definitely. >> So we're going to be at KubeCon in Europe, you guys going to have booth there, what's the quick plug for the company? Give a shout out to what's happening at Sysdig and cloud native world. >> Yeah, really excited to be in Valencia. We have a ton of people at, sorry, at DockerCon with, giving a couple different talks here. So the first is Master Your Container Security Model and then Software Supply Chain Security and Standards. On the supply chain one, we're getting deep into SBOMs. So if that's a topic that's important to you, please join that one. >> Awesome, and then that's a big topic supply chain. We've got a minute and a half left. What's the most important thing people should pay attention to as open source continues to grow in prominence, not just from a code standpoint, but as a social environment, as people's doing ventures and venture capitalists are mining the area, what should they pay attention to as supply chain becomes important, what's the big thing? >> There's a lot of companies I think going around the SBOM space, and kind of trying to certify like where did this come from, and have that providence across the entire supply chain. We, under the hood, use those SBOMs to understand kind of what have you built, what packages are used, and then tie that with that runtime data. So a lot of the things that we talked around before with RiskSpotlight is based on that deep SBOM knowledge. And that's something that, I think the standards are still getting kind of worked out where there's CycloneDX, SBX. And so people really are saying, "Hey, I need to generate SBOMs," and we're regenerating them, but there's going to be more and more applications on "Okay what do you do with that? How does it integrate with other tools?" So it's kind of I think in the little bit of the early data lake phases where it's like, "I've taken all my data, I put it here. Now I need to do more with it." And so that's where I think we'll start to see some pretty exciting things over the next year or two. >> It's super exciting. On one hand you got the attackers, and that's a zero trust environment, and you get the builders, the developers where trust is everything. You got to know what it's in the code. It's really interesting time and super important to scale. So Knox, thanks for for coming on theCUBE and sharing the Sysdig update. Appreciate it, thanks for coming on. Now back to you at the DockerCon main stage, this is theCUBE. I'm John for your host. Thanks for watching. (upbeat bright music)

(upbeat music) >> Welcome to the Q3 AWS Startup Showcase. I'm Lisa Martin. I'm pleased to welcome Knox Anderson, the VP of Product Management, from Sysdig, to the program. Knox, welcome. >> Thanks for having me, Lisa. >> Excited to uncover Sysdig. Talk to me about what you guys do. >> So Sysdig, we are a secure DevOps platform, and we're going to really allow customers to secure the entire lifecycle of an application from source to production. So give you the ability to scan IAC for security best practices, misconfiguration, help you facilitate things like image scanning as part of the build process, and then monitor runtime behavior for compliance or threats, and then finish up with incident response, so that you can respond to and recover from incidents quickly. >> What are some of the main challenges that you're solving and have those changed in the last 18 months? >> I'd say the main challenge people face today is a skills gap with Kubernetes. Everyone wants to use Kubernetes, but the amount of people that can operate those platforms is really difficult. And then getting visibility into the apps, that's running in those environments is also a huge challenge. So with Sysdig, we provide just an easy way to get your Kubernetes clusters instrumented, and then provide strong coverage for threat detection, compliance, and then observability for those environments. >> One of the things that we've seen in the last 18 months is a big change in the front landscape. So, I'm very curious to understand how you're helping customers navigate some of the major dynamics that are going on. >> Yeah, I'd say, the adoption of cloud and the adoption of Kubernetes have, have changed drastically. I'd say every single week, there's a different environment that has a cryptomining container. That's spun up in there. Obviously, if the price of a Bitcoin and things like that go up, there's more and more people that want to steal your resources for mining. So, we're seeing attacks of people pulling public images for Docker hub onto their clusters, and there's a couple of different ways that we'll help customers see that. We have default Falco rules, better vetted by the open source community to detect cryptomining. And then we also see a leading indicator of this as some of the metrics we, we collect for resource abuse and those types of things where you'll see the CPU spike, and then can easily identify some workload that could have been compromised and is now using your resources to mine Bitcoin or some other alt-coin. >> Give me a picture of a Sysdig customer. Help me understand the challenges they had, why they chose you and some of the results that they're achieving. >> Yeah, I used to say that we were very focused on financial services, but now everyone is doing Kubernetes. Really where we get introduced to an organization is they have their two or three clusters that are now in production and I'm going through a compliance audit, or it's now a big enough part of my estate that I need to get security for this Kubernetes and cloud environment. And, so we come in to really provide kind of the end-to-end tools that you would need for that compliance audit or to meet your internal security guidelines. So they'll usually have us integrated within their Dev pipelines so that developers are getting actionable data about what they need to do to make sure their workloads are as secure as possible before they get deployed to production. So that's part of that shift, left mindset. And then the second main point is around runtime detection. And that's where we started off by building our open source tool Falco, which is now a CNCF project. And that gives people visibility into the common things like, who's accessing my environment? Are there any suspicious connections? Are my workloads doing what they expected? And, those types of things. >> Since the threat landscape has changed so much in the last year and a half, as I mentioned. Are the conversations you're having with customers changing? Is this something at the C-suite or the board level from a security and a visibility standpoint? >> I think containers and Kubernetes and cloud adoption under the big umbrella of digital transformation is definitely at board level objective. And then, that starts to trickle down to, okay, we're taking this app from my on-prem data center, it's now in the cloud and it has to meet the twenty security mandates have been meeting for the last fifteen years. What am I going to do? And so definitely there's practitioners that are coming in and picking tools for different environments. But, I would definitely say that cloud adoption and Kubernetes adoption are something that everyone is trying to accelerate as quickly as possible. >> We've seen a lot of acceleration of cloud adoption in the last eighteen months here, right? Now, something that I want to get into with you is the recent executive order, the White House getting involved. How is this changing the cybersecurity discussion across industries? >> I really like how they kind of brought better awareness to some of the cybersecurity best practices. It's aligned with a lot of the NIST guidance that's come out before, but now cloud providers are picking, private sector, public sector are all looking at this as kind of a new set of standards that we need to pay attention to. So, the fact that they call out things like unauthorized access, you can look at that with Kubernetes audit logs, cloud trail, a bunch of different things. And then, the other term that I think you're going to hear a lot of, at least within the federal community and the tech community, over the next year, is this thing called an 'S bomb', which is for, which is a software bill of materials. And, it's basically saying, "as I'm delivering software to some end user, how can I keep track of everything that's in it?" A lot of this probably came out of solar winds where now you need to have a better view of what are all the different components, how are those being tracked over time? What's the life cycle of that? And, so the fact that things like S bombs are being explicitly called out is definitely going to raise a lot of the best practices as organizations move. And then the last point, money always talks. So, when you see AWS, Azure, Google all saying, we're putting 10, 10 billion plus dollars behind this for training and tooling and building more secure software, that's going to raise the cybersecurity industry as a whole. And so it's definitely driving a lot of investment and growth in the market. >> It's validation. Absolutely. Talk to me about some of the, maybe some of the leading edges that you're seeing in private sector versus public sector of folks and organizations who are going alright, we've got to change. We've got to adopt some of these mandates because the landscape is changing dramatically. >> I think Kubernetes at auction goes hand in hand with that, where it's a declarative system. So, the way you define your infrastructure and source code repost is the same way that runs in production. So, things like auditing are much easier, being able to control what's in your environment. And then containers, it's much easier to package it once and then deploy it wherever you want. So container adoption really makes it easier to be more secure. It's a little tricky where normally like you move to something that's bleeding edge, and a lot of things become much harder. And there's operational parts that are hard about Kubernetes. But, from a pure security perspective, the apps are meant to do one thing. It should be easy to profile them. And so definitely I think the adoption of more modern technology and things like cloud services and Kubernetes is a way to be more secure as you move into these environments. >> Right? Imagine a way to be more secure and faster as well. I want to dig in now to the Sysdig AWS partnership. Talk to me about that. What do you guys do together? >> AWS is a great partner. We, as a company, wouldn't be able to deliver our software without AWS. So we run our SAS services on Amazon. We're in multiple regions around the globe. So we can deliver that to people in Europe and meet all the GDPR requirements and those kinds of things. So from a, a vendor partnership perspective, it's great there. And then on a co-development side, we've had a lot of success and a fun time working with the Fargate team, Fargate is a service on Amazon, that makes it easier for you to run your containers without worrying about the underlying compute. And so they faced the challenge about a year and a half ago where customers didn't want to deploy on Fargate because they couldn't do deeper detection and incident response. So we worked together to figure out different hooks that Amazon could provide to open source tools like Falco or commercial products like Sysdig. So then customers could meet those incident response needs, and those detection needs for Fargate. And really, we're seeing more and more Fargated option as kind of more and more companies are moving to the cloud. And, you don't want to worry about managing infrastructure, a service like Fargate is a great place to get started there. >> Talk to me a little bit about your joint. Go to mark. Is there a joint go-to-market? I should say. >> Yeah, we sell through the AWS marketplace. So customers can procure Sysdig software directly though AWS. It'll end up on your AWS bill. You can kind of take some of your committed spend and draw it down there. So that's a great way. And then we also work closely with different solutions architects teams, or people who are more boots on the ground with different AWS customers trying to solve those problems like PCI-compliance and Fargate, or just building a detection and response strategy for EKS and those types of things. >> Let's kind of shift gears now and talk about the role of open source, in security. What is Sysdig's perspective? >> Yeah, so the platform, open source is a platform, is something that driving more and more adoption these days. So, if you look at like the fundamental platform like Kubernetes, it has a lot of security capabilities baked in there's admission controllers, there's network policies. And so you used to buy a firewall or something like that. But with Kubernetes, you can enforce services, service communication, you put a service mesh on top of that, and you can almost pretend it's a WAF sometimes. So open source is building a lot of fundamental platform level security, and by default. And then the second thing is, we're also seeing a rise of just open source tools that traditionally had always come from commercial products. So, there's things like OPA, which handle authorization, which is becoming a standard. And then there's also projects like Falco, that provide an easy way for people to do IDS use cases and auditing use cases in these environments. >> Last question for you. Talk to me about some of the things that you're most excited about. That's coming down here. We are at, this is the, our Q3 AWS Startup Showcase, but what are some of the things that you're most excited about in terms of being able to help customers resolve some of those challenges even faster? >> I think there's more and more Kubernetes standardization that's going on. So a couple of weeks ago, Amazon released EKS Anywhere, which allows companies who still have an on-prem footprint to run Kubernetes locally the same way that they would run it in the cloud. That's only going to increase cloud adoption, because once you get used to just doing something that matches the cloud, the next question you're going to answer is, okay, how fast can I move that to the cloud? So that's something I'm definitely really excited about. And then, also, the different, or AWS is putting a lot of investment behind tools like security hub. And we're doing a lot of native integrations where we can publish different findings and events into security hubs, so that different practitioners who are used to working in the AWS console can remediate those quickly without ever kind of leading that native AWS ecosystem. And that's a trend I expect to see more and more of over time, as well. >> So a lot of co-innovation coming up with AWS. Where can folks go to learn more information? Is there a specific call to action that you'd like to point them to? >> The Sysdig blog is one of the best sources that I can recommend. We have a great mixture of technical practitioner content, some just one-oh-one level, it's, I'm starting with container security. What do I need to know? So I'd say we do a good job of touching the different areas and then really the best way to learn about anything is to get hands-on. We have a SAS trial. Most of the security vendors have something behind a paywall. You can come in, get started with us for free and start uncovering what's actually running in your infrastructure. >> Knox, let's talk about the secure DevOps movement. As we see that DevOps is becoming more and more common, how is it changing the role of security? >> Yeah, so a lot of traditional security requirements are now getting baked into what a DevOps team does day-to-day. So the DevOps team is doing things like implementing IAC. So your infrastructure is code, and no changes are manually made to environments anymore. It's all done by a Terraform file, a cloud formation, some code that's representing what your infrastructure looks at. And so now security teams, or sorry, these DevOps teams have to bake security into that process. So they're scanning their IAC, making sure there's not elevated privileges. It's not doing something, it shouldn't. DevOps teams, also, traditionally, now are managing your CI/CD Pipeline. And so that's where they're integrating scanning tools in as well, to go in and give actionable feedback to the developers around things like if there's a critical vulnerability with a fix, I'm not going to push that to my registry. So it can be deployed to production. That's something a developer needs to go in and change. So really a lot of these kind of actions and the day-to-day work is driven by corporate security requirements, but then DevOps has the freedom to go in and implement it however they want. And this is where Sysdig adds a lot of value because we provide both monitoring and security capabilities through a single platform. So that DevOps teams can go into one product, see what they need for capacity planning, chargebacks, health monitoring, and then in the same interface, go in and see, okay, is that Kubernetes cluster meeting my SOC 2 controls? How many images have my developers submitted to be scanned over the past day? And all those kinds of things without needing to learn to how to use four or five different tools? >> It sounds to me like a cultural shift almost in terms of the DevOps, the developers working with security. How does Sysdig help with that? If that's a cultural shift? >> Yeah, it's definitely a cultural shift. I see some people in the community getting angry when they see oh we're hiring for a Head of DevOps. They're like DevOps is a movement, not a person. So would totally agree with that there, I think the way we help is if you're troubleshooting an issue, if you're trying to uncover what's in your environment and you are comparing results across five different products, it always turns into kind of a point the finger, a blame game. There's a bunch of confusion. And so what we think, how we help that cultural shift, is by bringing different teams and different use cases together and doing that through a common lens of data, user workflows, integrations, and those types of things. >> Excellent. Knox, thank you for joining me on the program today, sharing with us, Sysdig, what you do, your partnership with AWS and how customers can get started. We appreciate your information. - Thank you. For Knox Anderson. I'm Lisa Martin. You're watching the cube.

(soft electronic music) >> Welcome to this CUBE Conversation. I'm Lisa Martin. This conversation is part of our third AWS Startup Showcase for this year. I'm pleased to welcome Knox Anderson, the VP of Product Management at Sysdig. Knox, welcome to the program. >> Thanks for having me, Lisa. >> Talk to me a little bit about Sysdig, secure DevOps for containers, Kubernetes, and cloud. Give the audience an overview of what you guys do. >> So Sysdig is this secure DevOps platform that provides observability, security, and compliance functions for anyone that's adopting Kubernetes and Cloud. We really secure the entire lifecycle from source to production, so do things like scan your ISE for misconfiguration, monitor your runtime environments for threats and operational best practices. We provide a lot of capabilities around Prometheus Monitoring, as well, and then also let organizations perform incident response and compliance audits against these environments. >> So founded in 2013, talk to me about the gap in the market that you guys saw then and what some of the key challenges are that you saw for your customers. >> Yeah so we came to market around the same time as containers and Kubernetes and I'd say 2015 to 2018 we kept on saying it's the year of Kubernetes, it's the year of Kubernetes, it's the year of Kubernetes. And then really during the last year and a half in the COVID pandemic, Kubernetes has gone gangbusters. Every major cloud is seeing a huge adoption in their Kubernetes services so that's really our wedge into a lot of organizations. They're changing their platform to take advantages of containers and Kubernetes and you really have to rethink all of your security tooling, and that's when a company like Sysdig comes in. >> Talk to me about customers in terms of, especially in the last year and a half when things have been so dynamic, we've seen so much too, on the threat landscape front changing. Give me an example of a customer or two that you're really helped with solving some of their major challenges, here. >> Yeah, a great customer that we work with is SAP Concur and they kind of encompass a lot of the things that are nice about modern DevOps. So it's a DevOps team that's running a Kubernetes platform that thousands of developers are building their apps and deploying those onto. And they chose Sysdig because really it's not scalable to have every single data team ping that DevOps team and say what's the performance of my service, how is it responding, how can I get scanning integrated with that and so they use Sysdig as a platform that allows developers to easily onboard onto their Kubernetes clusters and then ensure that they're meeting compliance needs and FedRAMP needs for that platform that they deliver their core business apps on. >> Let's talk about the Sysdig's commitment to opensource on the Falco project. >> So Falco is a opensource project that we started at Sysdig, it's built on top of our core system core instrumentation. And so Falco meets a lot of your IDS or your file integrity monitoring requirements that you might have as you move to Kubernetes. And really, it's something we started at about 2016. In 2019, we donated that project to the CMCS which is the same governance body behind Kubernetes, Prometheus, and other kind of core building blocks of the climate of ecosystem. Since then, it's grown immensely. Companies like Shopify are using it to make sure that their PCI apps that they run Kubernetes are fully compliant. And so it's something that we are constantly contributing to the community also from even companies like AWS is a core contributor to the Falco project. And I'm really excited to see where it goes over the next year as Falco extends to also cover some cloud security use cases. >> What can you tell me about the relationship that Sysdig and AWS have? >> They've been a great partner. We internally run our SaaS on AWS so we're using AWS services to deliver our product to our customers. And then we've also really worked closely around how you can provide better security for services like Fargate. So we did working sessions with their engineering teams, learned what we could do to get the visibility that we need for tools like Falco and Sysdig to work seamlessly in Fargate environments. And last April we were able to kind of, AWS released that new functionality, Sysdig built on top of that, and we've already seen great adoption of customers using the Sysdig product on top of Fargate. >> Excellent. Well thank you very much, Knox, for stopping by theCUBE telling us about Sysdig, what you guys are doing ahead of the AWS Startup Showcase. We appreciate your time and your information. >> Thanks for having me. >> For Knox Anderson, I'm Lisa Martin. You're watching this CUBE Conversation. (soft electronic music)

(upbeat music) [Reporter] - Live from San Diego, California it's theCUBE covering Goodcloud and Cloud- Native cloud. Brought to you by Red Hat the Cloud-Native computing foundation. and its ecosystem partners. >> Welcome back, we're here at Kubecon Cloud-Native con 2019 in San Diego, I'm Stu Miniman. We've got over 12,000 in attendance here and we have a three guest lineup of Kubecon veterans here. To my right is Loris Degioanni who's the CTO and founder of Sysdig. To his right, representing the Tiger is Amit Gupta who's vice president of business development and Product Management at Tigera, and also Knox Anderson who's Director of Product Management. We know from the Octopus, Amit, that also means that he's with Sysdig. So gentlemen, thank you all for joining. [Loris]- Octopus and Tiger >> Octopus and Tiger, bringing it all together on the tube. We have a menagerie as it were. So Loris, let's start as they said, you know all veterans, you've been here, you've almost been to every single one, something about a you know, a child being born made you miss one. [Loris] - The very first one. >> So, why don't you bring us in kind of what's so important about this ecosystem, why it's growing so fast and Sysdig's relationship with the community? >> Yeah, I mean, you can just look around, right? Kubecon is growing year after year, it's becoming bigger and bigger and this just a reflection of the community getting bigger and bigger every year, right? It's really looks like we are, you know, here with this community creating the next step, you know? For computing, for cloud computing, and really, you know, Kubernetes is becoming the operating system powering, you know, the cloud and the old CNC ecosystem around it is really becoming, essentially the ecosystem around it. And the beauty of it is it's completely open this time, right? For the first time in history. >> All right, so since you are the founder, I need to ask, give me the why? So we've been saying you know, we've been starting this program almost 10 years ago and the big challenge of our time is you know building software for distributed systems. Cloud's doing that, Edge is taking that even further. Bring us back to that moment of the birth of Sysdig and how that plays into all the open source and that growth you're talking about. >> Yeah, I mean, Sysdig was born, so first of all, a little bit of background of me. I've been working in open source and networking for my whole career. My previous company was the business behind washer, then it took on a live service, so, a huge open source community and working with enterprises all around the world, essentially to bring visibility over their neighbors. And then I started realizing the stack was changing radically, right? With the event of cloud computing. With the event of containers and Docker. With the event of Kubernetes. It, legacy ways of approaching the problem were just not working. Were not working the technical level because, you need to create something completely new for the new stack but they were also not working at the approach level. Every thing was proprietary. Every thing was in silos, right? So the approach now is much more, like inclusive and community first, and that's why I decided to start Sysdig. >> All right. so Amit, we know things are changing all the time. One thing that does not ever change is security is paramount. I really say, I go back 10 or 15 years you know, they've got a lot of lip service around security. Today, it's a board level discussion. Money, development, especially here in the Cloud-Native space it's really important so, talk about Tigera relationship with Sysdig and very much focused on the Kubernetes ecosystems. >> Absolutely. So I couldn't agree with you more, Stu. I mean, security is super critical and more so now as folks are deploying more and more mission critical applications on the Kubernetes based platform. So, Sysdig is a great partner for us. Tigera provides networking and network security aspects of that Kubernetes deployment. And if you think about it how modern applications are built today, you've taken a big large model and decomposed into hundreds of micro services so there's procedural cause that were happening inside the code and now API calls on the network so you've got a much bigger network with that service a highly distributed environment. So the traditional architectures where you manage the security typically with the firewall or a gateway, it's not sufficient. It's important, it's needed and that's really where, as people design their architecture, they have to think about how do you design security across that entire infrastructure in a distributed fashion or done in the early stages of your projects. >> Knox, help us understand the relationship here, how it fits into Sysdig's product with Tigera. >> Yeah, so we're great partners with Tigera. Tigera lives at the network security level. Sysdig's secure in that the product we built extends the instrumentation that Loris started off with our open source tool, to provide security across the entire container lifecycle. So at build time, making sure your images are properly configured, free of vulnerabilities at run time, looking at all the activity that's happening and then the big challenge in the Kubernetes space is around incident response and audit. So if something happens in that pod, Kubernetes is going to kill it before anyone can investigate and Sysdig helps you with those work flows. >> Maybe it would help, we all throw around those terms, Cloud-Native a lot and it's a term I've heard for a number of years. But the definition like cloud itself is one that you know matures over time and when we get there so, maybe if we focus in a little bit on Cloud-Native security. You know, what is it we're hearing from customers, what does it mean to really build Cloud-Native Security. What makes that different from the security we've been building in our data centers, in clouds for years? >> Well I thought Cloud-Native was just a buzzword. Does it actually mean something? (laughs) >> Well hopefully it's more than just a buzzword and that's what I'm hoping you could explain. >> Yeah, so again, the way I see it is the real change that you are witnessing is how software is being written. And we're touching a little bit on it at this point. Software intended to be architected as big monoliths now is being splayed into smaller components. And this is just a reflection of software development teams in a general way being much more efficient when you can essentially, break the problem into sub-problems and break the responsibilities into sub-responsibilities. This is perhaps something that is extremely beneficial especially in terms of productivity. But also, sort of revolutionizes the way you write software, you run software, you maintain software, CICD, you know continues development, continues integration, pipelines, the reliance on GIT and suppository to store everything. And this also means that, securing, monitoring, troubleshooting infrastructures becomes much different. And one of things we are seeing is legacy two's don't work anymore and the new approaches like Calico Networking or like Falco and runtime security or like Sysdig secure, for the lifecycle and security of containers are something bubbling up as alternatives to the old way of doing things. >> I would add to that I agree with you. I would add that if you're defining a Cloud-Native security the Cloud-Native means it's a distributed architecture. So your security architecture has got to be distributed as well, absolutely got a plan for that. And then to your point, you have to automate the security as part of the various aspects of your lifecycle. Security can not be an afterthought you have to design for that right from the beginning and then one last thing I would add is just like your applications are being deployed in an automated fashion your security has to be done in that fashion so, policy is good, infrastructure is good and the security is just baked in as part of that process. It's critical you design that way to get the best outcomes. >> Yeah, and I'd say the asset landscape has completely changed. Before you needed to surface finding against a host or an IP. Now you need to surface vulnerabilities and findings against clusters, name spaces, deployments, pods, services and that huge explosion of assets is making it much harder for teams to triage events, vulnerabilities and it's really changing the process in how the sock works. >> And I think that the landscape of the essence is changing also is reflected on the fact that the persona landscape is changing. So, the separation between attempts and operation people is becoming thinner and thinner and more and more security becomes a responsibility of the operation team, which is the team in charge of essentially owning the infrastructure and taking care of it, not only for the operational point of view but also from the security. >> Yeah, I think I've heard the point that you've made a many times. Security can't be a bolt on or an afterthought. It's really something fundamental, we talk about DevOps is, it needs to be just baked into the process, >> Yeah. >> It's, as I've heard chanted at some conferences, you know, security is everyone's responsibility, >> Correct. >> make sure you step up. We're talking a lot about open source here. There's a couple of projects you mentioned, Falco and Calico, you're partners with Red hat. I remember going to the Red Hat show years ago and they'd run these studies and be like, people are worried that open source and security couldn't go side by side, but no, no you could actually, you know open source is secure but taking the next step and talking about building security products with open source give us, where that stands today and how customers are you know embracing that? And how can it actually keep up with the ever expanding threat surfaces and attacks that are coming out? >> Yeah. First of all as we know open source is actually more secure and we're getting proof of that you know, pretty much on a daily basis including you know, the fact that tools like Kubernetes are regularly scrutinized by the security ecosystem and the vulnerabilities are found early on and disclosed. In particular, Sysdig is the original creator of Falco which is an open source, CNCF phased anomaly detection system that is based on collecting high granular data from a running Kubernetes environment. For example, through the capture of the system calls and understanding the activity of the containers and being able to alert about the anomalous behavior. For example, somebody being able to break into your container, extricating data or modifying binaries, or you know perpetrating an attack or stuff like that. We decided to go with an approach that is open source first because, first of all, of course, we believe into participating with the community and giving something as an inclusive player to the community. But also we believe that you really achieve better security by being integrated in the stack, right? It's very hard , for example, to have, I don't know, security in AWS that is deeply integrated with the cloud stack upon us, alright? Because this it's propietary. Why would Kubernetes solutions like Falco or even like Calico, we can really work with the rest of the community to have them really tightly coupled and so much more effective than we could do in the past. >> You know, I mean I would make one additional point to your question. It's not only that users are adopting open source security. It's actually very critical that security solutions are available as an open source, because, I mean, look around us here this is a community of open source people, they're building and distributing infrastructure platform from that is all open source so we're doing this service if we don't offer a good set of security tools to them, not an open source. So that's really our fundamental model that's why Calico provides two key problems networking and network security for our users, you deploy your clusters, your infrastructures, and you have all the bells and whistles you need to be able to run a highly secure, highly performing cluster in your environment and I believe that's very critical for this community. >> Yeah, and I'd say that and now with open source, prevention has moved into the platform. So, with network policy and things like Calico or in our 3.0 launch we incorporated the ability to automate tests and apply pod security policies. And those types of prevention mechanisms weren't available on your platforms before. >> Okay, I often find if you've got any customer examples, talk about, you know, how they're running this production kind of the key, when they use your solutions you know, the benefits that they're having? >> Yeah, I'll take a few examples. I mean, today it is probably fair to say Calico from the partial phone home data we get a 100,000 plus customers across the globe, some of the, I can't take the actual names of the customers but, so the largest banks are using Calico for their enterprise networking scenarios and essentially, the policies, the segmentation inside the clusters should be able to manage the security for those workloads inside their environments. So that's how I would say. >> Yeah, and Sysdig, we, have an open core base with Falco, and then we offer a commercial product called Sysdig secure, in particular, last week we release version 3.0 of our commercial product which is another interesting dynamic because if we can offer the open core essentially to the community but then offer additional features with our commercial product. And Falco is installed in many, many thousands extension of platforms. and Sysdig secure you know secures, and offers visibility to the biggest enterprises in the world. We have deployments that are at a huge scale with the biggest banks, insurance companies, media companies, and we tend to fall to cover the full life cycle of applications because as the application and as the software moves in the CICD pipeline so security needs to essentially accompany the application through the different stages. >> All right, well thank you all three of you for providing the update. Really appreciate you joining us in the program and have a great rest of the week >> Thank you very much. >> Thank you. >> Thank you. >> We'll be back with more coverage here from Kubecon, Cloud-Nativecon. I'm Stu Miniman and thanks for watching theCUBE. (upbeat music)