(upbeat bright music) >> Hello, welcome back to theCUBE's main stage coverage of DockerCon 2022. I'm John for your host of theCUBE. We have Knox Anderson, vice president of Product Management, Sysdig. Knox, welcome to theCUBE. >> Thanks for having me. Glad to be back. >> So IAC containers is going crazy madness in terms of adoption, standard, even mainstream enterprise, IT and cloud are all containerized. It's only getting better, and it increases the complications when you start thinking about scale and supportability. This is a huge discussion, and it ranges from how do you support, how do you run operations, how do you secure in the supply chain. All this is happening, and with the growth of cloud and server (indistinct) seeing Kubernetes at the center of everything. So I got to ask you, how has Kubernetes changed how you secure cloud infrastructure? >> Yeah, so Kubernetes is really the modern operating system for the cloud. And with that, you get a lot of facilities. So you get things like Kubernetes' network policies, you can use things like admission controllers. And with that, you're securing multiple layers, whether it's the control plane, individual workloads. And so there's a nice mixture of built-in tools, and part of the Kubernetes platform that then you can leverage to do prevention, auditing, and things like that. But it really requires an entire rethink of your stack and the tools you bring in alongside your people and processes. And so it's an exciting time because it gives you an opportunity to be more secure, but really have to rethink your approach there. >> And I want to get into the whole observability trend here 'cause you start thinking about the mobility, what containers enables. And getting all the data is everything. And then also that feeds into kind of having a good sense of what is going on. And when you hear about shift left and data as code, you know, developers don't want to get stopped coding, right? And then have to come back and go dig into things that they thought they had taken care of. So you kind of got this kind of flywheel going in the wrong direction. So that's causing teams to be disrupted. So how do teams keep up with the changes to the containerized applications or what to prioritize around that? Because if I shift left, am I done or what? And these are the things that come up all the time. >> Yeah. You have to shift left but also watch the right. Like, shifting left is a little bit harder from a people and process perspective. Like you put a tool in place, then it's a gating factor for getting in. And so that runtime context on the right is equally as important. And it's often easier to roll out a runtime tool just because you're not going in and introducing new processes. And that runtime visibility can also make shift left much better. If you're scanning a container image, you might get a thousand different vulnerabilities that you need to address, but only three of those are in packages that are actually executed at runtime. And so we recently released a feature called risk spotlight which does that exact feedback loop. And that's something that's important whether you're addressing vulnerabilities, misconfigurations, or responding to event. What's on the right, what's on the left, and then tie those together. >> Yeah, it's like left, right, it's like driving training here in the United States. You got a stop sign, you want to be moving, always be moving. I got to ask you what are some of the side effects of infrastructure automation and the result in code artifacts? >> Yeah, it's really, like, Kubernetes is nice because it's a declarative system, but it doesn't always work out that way. Like, someone might have a Helm chart and then someone else changes it in production. So understanding what is drift is really important in these environments. And then it also has enabled real remediation workflows. I think previously, you might patch something, a week later there's a new deploy, that patch gets written over. And so because Kubernetes and the rise of IAC, it's now easier to see a misconfiguration in production, open a poll request, and then fix that at source, which provides that full kind of visibility across those different environments. And it allows you to actually fix issues versus constantly being in that kind of whack-a-mole of patching things and moving on. >> Yeah, I mean this is all about cloud native development, and you look at, you know, some of the things going on, you're starting to see best practices developed. What do you guys see as a best practice for getting started with designing and securing cloud native applications? What are some of the tools that people should look at for beginners and for the entry-level position? And then as they get traction, what does that turn into? >> Yeah, so the pattern we've often seen is like someone gets started on the open source side, whether you're using Open Policy Agent or Falco, which Laurice who've you met with before created. And so really when you're starting, choose kind of the open source option. Learn from that. And then often what we've seen with customers is at scale, there's some companies like if you're in Uber, or Snapchat, and Apple, you can maybe build something around open source, but a lot of other people start to really consolidate platforms that are built on top of those open source technologies, and trying to get that really single view into what's happening in their environment, what are those events. And the thing that I would say, process wise, is most important is build that container center of excellence, that cloud center of excellence, whatever you call it, that brings together people from your ops team, your infrastructure team, your dev team, your security team. Everyone's got to have a seat at the table to have containers be successful. It's a big shift, and if you do it right, it really takes off, but each team really needs to be included there. >> Yeah, there's a lot of operational discussions going on around the devs, and the devs are being pulled to the front lines. We've been saying this for a decade, but now when you got edge computing, you got cloud native operations, on-premises, you start to see that they're getting pulled even further to the frontline. So, you know, what are you guys up to Sysdig? You know, they got a lot of developers here at DockerCon, what's in it for them? Why Sysdig, why should they care? What would you say to the old developers that are watching? What's in it for them? >> Yeah, we really make it easier for you to prioritize what to fix and what to address in your environment. I know I've built something before and like, my test suite or my scanner just lights up like a Christmas tree, and you just want to move to another task because it's just too much to deal with at that time. And so we really help you focus on what matters and get the most bang for your buck. Everyone has way too much time or too many things going on and not enough time. And so being able to understand effective risk, your different vulnerabilities, what to fix, is really key to delivering secure software. >> I mean, it's like a doctor needs to know what to work on with the patient, if you will, when to, and what's important, and then the dependencies, and you got, a system's mindset, you got to know what the consequences. So it sounds easy, just knock down a list of things, but isn't that easy. You got to want to hit things that you know that will be, to have an impact right away. That seems to be the big aha moment here. >> Yeah, definitely. >> So we're going to be at KubeCon in Europe, you guys going to have booth there, what's the quick plug for the company? Give a shout out to what's happening at Sysdig and cloud native world. >> Yeah, really excited to be in Valencia. We have a ton of people at, sorry, at DockerCon with, giving a couple different talks here. So the first is Master Your Container Security Model and then Software Supply Chain Security and Standards. On the supply chain one, we're getting deep into SBOMs. So if that's a topic that's important to you, please join that one. >> Awesome, and then that's a big topic supply chain. We've got a minute and a half left. What's the most important thing people should pay attention to as open source continues to grow in prominence, not just from a code standpoint, but as a social environment, as people's doing ventures and venture capitalists are mining the area, what should they pay attention to as supply chain becomes important, what's the big thing? >> There's a lot of companies I think going around the SBOM space, and kind of trying to certify like where did this come from, and have that providence across the entire supply chain. We, under the hood, use those SBOMs to understand kind of what have you built, what packages are used, and then tie that with that runtime data. So a lot of the things that we talked around before with RiskSpotlight is based on that deep SBOM knowledge. And that's something that, I think the standards are still getting kind of worked out where there's CycloneDX, SBX. And so people really are saying, "Hey, I need to generate SBOMs," and we're regenerating them, but there's going to be more and more applications on "Okay what do you do with that? How does it integrate with other tools?" So it's kind of I think in the little bit of the early data lake phases where it's like, "I've taken all my data, I put it here. Now I need to do more with it." And so that's where I think we'll start to see some pretty exciting things over the next year or two. >> It's super exciting. On one hand you got the attackers, and that's a zero trust environment, and you get the builders, the developers where trust is everything. You got to know what it's in the code. It's really interesting time and super important to scale. So Knox, thanks for for coming on theCUBE and sharing the Sysdig update. Appreciate it, thanks for coming on. Now back to you at the DockerCon main stage, this is theCUBE. I'm John for your host. Thanks for watching. (upbeat bright music)