>>Welcoming into the cubes presentation of AWS startup showcase open cloud innovations. This is season two episode one of the ongoing series covering exciting hot startups from the AWS ecosystem. Today's episode. One of season two theme is open source community and the open cloud innovations. I'm your host, John farrier of the cube. And today we're excited to be joined by Loris Dajani who is the C T O chief technology officer and founder of cystic found that in his backyard with some wine and beer. Great to see you. We're here to talk about Falco finding cloud threats in real time. Thank you for joining us, Laura. Thanks. Good to see you >>Love that your company was founded in your backyard. Classic startup story. You have been growing very, very fast. And the key point of the showcase is to talk about the startups that are making a difference and, and that are winning and doing well. You guys have done extremely well with your business. Congratulations, but thank you. The big theme is security and as organizations have moved their business critical applications to the cloud, the attackers have followed. This is Billy important in the industry. You guys are in the middle of this. What's your view on this? What's your take? What's your reaction? >>Yeah. As we, as a end ecosystem are moving to the cloud as more and more, we are developing cloud native applications. We relying on CACD. We are relying on orchestrations in containers. Security is becoming more and more important. And I would say more and more complex. I mean, we're reading every day in the news about attacks about data leaks and so on. There's rarely a day when there's nothing major happening and that we can see the press from this point of view. And definitely things are evolving. Things are changing in the cloud. In for example, Cisco just released a cloud native security and usage report a few days ago. And the mundane things that we found among our user base, for example, 60, 66% of containers are running as rude. So still many organizations adopting a relatively relaxed way to deploy their applications. Not because they like doing it, but because it tends to be, you know, easier and a little bit with a little bit less ration. >>We also found that that 27% of users unnecessary route access in the 73% of the cloud accounts, public has three buckets. This is all stuff that is all good, but can generate consequences when you make a mistake, like typically, you know, your data leaks, no, because of super sophisticated attacks, but because somebody in your organization forgets maybe some data on it on a public history bucket, or because some credentials that are not restrictive enough, maybe are leaked to another team member or, or, or a Gita, you know, repository or something like that. So is infrastructures and the software becomes a let's a more sophisticated and more automated. There's also at the same time, more risks and opportunities for misconfigurations that then tend to be, you know, very often the sewers of, of issues in the cloud. >>Yeah, those self-inflicted wounds definitely come up. We've seen people leaving S3 buckets open, you know, it's user error, but, you know, w w those are small little things that get taken care of pretty quickly. That's just hygiene. It's just discipline. You know, most of the sophisticated enterprises are moving way past that, but now they're adopting more cloud native, right. And as they get into the critical apps, securing them has been challenging. We've talked to many CEOs and CSOs, and they say that to us. Yeah. It's very challenging, but we're on it. I have to ask you, what should people worry about when secure in the cloud, because they know is challenging, then they'll have the opportunity on the other side, what are they worried about? What do you see people scared of or addressing, or what should I be worried about when securing the cloud? >>Yeah, definitely. Sometimes when I'm talking about the security, I like to compare, you know, the old data center in that the old monolithic applications to a castle, you know, in middle aged castle. So what, what did you do to protect your castle? You used to build very thick walls around it, and then a small entrance and be very careful about the entrance, you know, protect the entrance very well. So what we used to doing that, that data center was protect everything, you know, the, the whole perimeter in a very aggressive way with firewalls and making sure that there was only a very narrow entrance to our data center. And, you know, as much as possible, like active security there, like firewalls or this kind of stuff. Now we're in the cloud. Now, it's everything. Everything is much more diffused, right? Our users, our customers are coming from all over the planet, every country, every geography, every time, but also our internal team is coming from everywhere because they're all accessing a cloud environment. >>You know, they often from home for different offices, again, from every different geography, every different country. So in this configuration, the metaphor data that they like to use is an amusement park, right? You have a big area with many important things inside in the users and operators that are coming from different dangerous is that you cannot really block, you know, you need to let everything come in and in operate together in these kinds of environment, the traditional protection is not really effective. It's overwhelming. And it doesn't really serve the purpose that we need. We cannot build a giant water under our amusement park. We need people to come in. So what we're finding is that understanding, getting visibility and doing, if you Rheodyne is much more important. So it's more like we need to replace the big walls with a granular network of security cameras that allow us to see what's happening in the, in the different areas of our amusement park. And we need to be able to do that in a way that is real time and allows us to react in a smart way as things happen because in the modern world of cloud five minutes of delay in understanding that something is wrong, mean that you're ready being, you know, attacked and your data's already being >>Well. I also love the analogy of the amusement park. And of course, certain rides, you need to be a certain height to ride the rollercoaster that I guess, that's it credentials or security credentials, as we say, but in all seriousness, the perimeter is dead. We all know that also moats were relied upon as well in the old days, you know, you secure the firewall, nothing comes in, goes out, and then once you're in, you don't know what's going on. Now that's flipped. There's no walls, there's no moats everyone's in. And so you're saying this kind of security camera kind of model is key. So again, this topic here is securing real time. Yeah. How do you do that? Because it's happening so fast. It's moving. There's a lot of movement. It's not at rest there's data moving around fast. What's the secret sauce to making real identifying real-time threats in an enterprise. >>Yeah. And in, in our opinion, there are some key ingredients. One is a granularity, right? You cannot really understand the threats in your amusement park. If you're just watching these from, from a satellite picture. So you need to be there. You need to be granular. You need to be located in the, in the areas where stuff happens. This means, for example, in, in security for the clowning in runtime, security is important to whoever your sensors that are distributed, that are able to observe every single end point. Not only that, but you also need to look at the infrastructure, right? From this point of view, cloud providers like Amazon, for example, offer nice facilities. Like for example, there's CloudTrail in AWS that collects in a nice opinionated consistent way, the data that is coming from multiple cloud services. So it's important from one point of view, to go deep into, into the endpoint, into the processes, into what's executing, but also collect his information like the cultural information and being able to correlate it to there's no full security without covering all of the basics. >>So a security is a matter of both granularity and being able to go deep and understanding what every single item does, but also being able to go abroad and collect the right data, the right data sources and correlated. And then the real time is really critical. So decisions need to be taken as the data comes in. So the streaming nature of security engines is becoming more and more important. So the step one of course, security, especially cost security, posture management was very much let's ball. Once in a while, let's, let's involve the API and see what's happening. This is still important. Of course, you know, you need to have the basics covered, but more and more, the paradigm needs to change to, okay, the data is coming in second by second, instead of asking for the data manually, once in a while, second by second, there's the moment it arrives. You need to be able to detect, correlate, take decisions. And so, you know, machine learning is very important. Automation is very important. The rules that are coming from the community on a daily basis are, are very important. >>Let me ask you a question, cause I love this topic because it's a data problem at the same time. There's some network action going on. I love this idea of no perimeter. You're going to be monitoring anything, but there's been trade offs in the past, overhead involved, whether you're monitoring or putting probes in the network or the different, there's all kinds of different approaches. How does the new technology with cloud and machine learning change the dynamics of the kinds of approaches? Because it's kind of not old tech, but you the same similar concepts to network management, other things, what what's going on now that's different and what makes this possible today? >>Yeah, I think from the friction point of view, which is one very important topic here. So this needs to be deployed efficiently and easily in this transparency, transparent as possible, everywhere, everywhere to avoid blind spots and making sure that everything is scheduled in front. His point of view, it's very important to integrate with the orchestration is very important to make use of all of the facilities that Amazon provides in the it's very important to have a system that is deployed automatically and not manually. That is in particular, the only to avoid blind spots because it's manual deployment is employed. Somebody would forget, you know, to deploy where somewhere where it's important. And then from the performance point of view, very much, for example, with Falco, you know, our open source front-end security engine, we really took key design decisions at the beginning to make sure that the engine would be able to support in Paris, millions of events per second, with minimal overhead. >>You know, they're barely measure measurable overhead. When you want to design something like that, you know, that you need to accept some kind of trade-offs. You need to know that you need to maybe limit a little bit this expressiveness, you know, or what can be done, but ease of deployment and performance were more important goals here. And you know, it's not uncommon for us is Dave to have users of Farco or commercial customers that they have tens of thousands, hundreds of thousands of machines. You know, I said two machines and sometimes millions of containers. And in these environments, lightweight is key. You want death, but you want overhead to be really meaningful and >>Okay, so a amusement park, a lot of diverse applications. So integration, I get that orchestration brings back the Kubernetes angle a little bit and Falco and per overhead and performance cloud scale. So all these things are working in favor. If I get that right, is that, am I getting that right? You get the cloud scale, you get the integration and open. >>Yeah, exactly. Any like ingredients over SEP, you know, and that, and with these ingredients, it's possible to bake a, a recipe to, to have a plate better, can be more usable, more effective and more efficient. That may be the place that we're doing in the previous direction. >>Oh, so I've got to ask you about Falco because it's come up a lot. We talked about it on our cube conversations already on the internet. Check that out. And a great conversation there. You guys have close to 40 million plus million downloads of, of this. You have also 80 was far gate integration, so six, some significant traction. What does this mean? I mean, what is it telling us? Why is this successful? What are people doing with Falco? I see this as a leading indicator, and I know you guys were sponsoring the project, so congratulations and propelled your business, but there's something going on here. What does this as a leading indicator of? >>Yeah. And for, for the audience, Falco is the runtime security tool of the cloud native generation such. And so when we, the Falco, we were inspired by previous generation, for example, network intrusion detection, system tools, and a post protection tools and so on. But we created essentially a unique tool that would really be designed for the modern paradigm of containers, cloud CIC, and salt and Falco essentially is able to collect a bunch of brainer information from your applications that are running in the cloud and is a religion that is based on policies that are driven by the community, essentially that allow you to detect misconfigurations attacks and normals conditions in your cloud, in your cloud applications. Recently, we announced that the extension of Falco to support a cloud infrastructure and time security by parsing cloud logs, like cloud trail and so on. So now Falba can be used at the same time to protect the workloads that are running in virtual machines or containers. >>And also the cloud infrastructure to give the audience a couple of examples, focused, able to detect if somebody is running a shelf in a radius container, or if somebody is downloading a sensitive by, from an S3 bucket, all of these in real time with Falco, we decided to go really with CR study. This is Degas was one of the team members that started it, but we decided to go to the community right away, because this is one other ingredient. We are talking about the ingredients before, and there's not a successful modern security tool without being able to leverage the community and empower the community to contribute to it, to use it, to validate and so on. And that's also why we contributed Falco to the cloud native computing foundation. So that Falco is a CNCF tool and is blessed by many organizations. We are also partnering with many companies, including Amazon. Last year, we released that far gate support for Falco. And that was done is a project that was done in cooperation with Amazon, so that we could have strong runtime security for the containers that are running in. >>Well, I've got to say, first of all, congratulations. And I think that's a bold move to donate or not donate contribute to the open source community because you're enabling a lot of people to do great things. And some people might be scared. They think they might be foreclosing and beneficial in the future, but in the reality, that is the new business model open source. So I think that's worth calling out and congratulations. This is the new commercial open source paradigm. And it kind of leads into my last question, which is why is security well-positioned to benefit from open source besides the fact that the new model of getting people enabled and getting scale and getting standards like you're doing, makes everybody win. And again, that's a community model. That's not a proprietary approach. So again, source again, big part of this. Why was security benefit from opensource? >>I am a strong believer. I mean, we are in a better, we could say we are in a war, right? The good guys versus the bad guys. The internet is full of bad guys. And these bad guys are coordinated, are motivated, are sometimes we'll find it. And we'll equip. We win only if we fight this war as a community. So the old paradigm of vendors building their own Eva towers, you know, their own self-contained ecosystems and that the us as users as, as, as customers, every many different, you know, environments that don't communicate with each other, just doesn't take advantage of our capabilities. Our strength is as a community. So we are much stronger against the big guys and we have a much better chance doing when this war, if we adopt a paradigm that allows us to work together. Think only about for example, I don't know, companies any to train, you know, the workforce on the security best practices on the security tools. >>It's much better to standardize on something, build the stack that is accepted by everybody and tell it can focus on learning the stack and becoming a master of the steak rounded rather than every single organization naming the different tool. And, and then B it's very hard to attract talent and to have the right, you know, people that can help you with, with your issues in, in, in, in, in, with your goals. So the future of security is going to be open source. I'm a strong believer in that, and we'll see more and more examples like Falco of initiatives that really start with, with the community and for the community. >>Like we always say an open, open winds, always turn the lights on, put the code out there. And I think, I think the community model is winning. Congratulations, Loris Dajani CTO and founder of SIS dig congratulatory success. And thank you for coming on the cube for the ADB startup showcase open cloud innovations. Thanks for coming on. Okay. Is the cube stay with us all day long every day with the cube, check us out the cube.net. I'm John furrier. Thanks for watching.

(upbeat music) >> Hello, and welcome to this Cube Conversation kicking off 2022, I'm John Furrier, your host of theCUBE. We're with Loris Degioanni, Chief Technology Officer and founder of Sysdig. A company that's in the pioneering cloud native and cloud native security, open source, big part of the CNCF, CUBECon coverage. Of course, we know them as of that environment as well as DockerCon which we've covered many times. Sysdig is a very successful company. Loris, welcome to theCUBE Conversation. >> Thank you and thanks for having me. >> Well, we know a lot about you, but a lot of folks are learning about you guys with your success. Congratulations on the funding and the validation of your product, which is not a surprise. We've been saying on theCUBE open source has been powering innovation for some time and getting stronger, faster. The predictions in the Linux Foundation about this open source contributions continue to be blown away by their projections and more and more is coming. A new generation is upon us. Cloud Native, Edge, Kubernetes. All of these things are powering a modern application environment which is changing business. And under the covers, you guys are a big part of it. So take us through who Sysdig is, what you guys do for the folks out there and let's get into it. Obviously open source is a big part of it. Take us through who is Sysdig and what do you guys do. >> Yeah, Sysdig helps you run your software in the cloud in a way that is secure and confidently. We have a security solution that covers containers, cloud and Kubernetes. And we cover you in the life cycle of modern application. So the Sysdig security platform helps you secure application in a way that ranges from like shift left in CSD and finding vulnerabilities in your CSD pipeline to run time security that is very important in the cloud in particular with orchestrated infrastructures like the ones that are run by Kubernetes. And then of course, everything that has to do with the forensics, threat-hunting and so on. And the world is changing, security is changing, and Sysdig is one of the startups, one of the companies that is at the forefront of true modern cloud native security. >> So I got to ask you. Were you sitting in your backyard one day thinking, hey, I'm going to start a company? How did this all come together? I mean, the originator story, because we saw open source, we saw even more before CNCF was formed, you saw what cloud was doing. Again, we saw OpenStack and all these other things happening around technology. What was the driver behind the founding of Sysdig, and then how did that progress? Because again, there's an open source component here I want to get into. >> Yeah, and it's interesting that you say backyard because actually Sysdig was actually started in my backyard. Just outside of here. So the backyard metaphor is very, very fitting here. And in a general way, let's say I come from a background in open source for a very long time. Sysdig is my second company. My first company was called Case Technologies. It was the company behind an open source network analyzer called Wireshark, which is widely used by millions and millions of people around the world to do network troubleshooting and network analysis. And when we were doing network packets, we were using like the network devices to collect information. The data that is being transferred on the network has some very nice properties, it's rich. It's very deep. When you can see and decode what's happening on the network, you can understand what applications are doing, what the users are doing. I used to say, packets never lie, right? Because you could connect to the router and collect this data and they have a very good picture without any two instrument libraries to link, to install stuff and so on. And all of a sudden, we're moving to the cloud and the router that was like the vintage point for this beautiful way of doing security and visibility disappears. And you're renting instances that are floating in the Amazon cloud. And when the world changed that way from one point of view, I was sure that what we're doing before was useful and was powerful for the users. But I was also sure, okay, the world is going to change. The retrofitted solutions are not going to work. We can take our product, but then we have the innovator dilemma. We have a product that we cannot completely radically change. So I decided let's start from scratch. Let's start Sysdig. Let's try to understand actually what this cloud is going, where containers are going. There's this new Kubernetes thing that everybody's talking about. What does it mean to offer deep, rich, but at the same time lightweight and easy to deploy security and visibility for this kind of new way of writing software and that's how Sysdig was born. >> So if I remember correctly back in that timeframe, that couple you said you found a millions people using that application. If I remember correctly, that was software network monitoring. Is that true? Is that open source at that time? Was that an open project or was that? >> Yeah, like Wireshark is a network analyzer and the software that we're doing was heavily open source oriented and was mostly software and there were also potentially appliances because this was data center more kind of stuff. >> That was before cloud even came here. So again, defined data center software and defined clouds happening. So again, good segue into kind of where security, you mentioned footprints, you can track people with packets. So to your point, is this the tie into security, tell us how this fits in with open source and security with the software piece? >> Yeah, what Sysdig did essentially, the idea was let's learn from our prior life. I always say that every new wave of technology is built on the shoulders of the previous one. And you'd never reinvent anything. You just apply it and evolve it. And the same thing we did with Sysdig. So we learned what was working with our previous approaches that were based on observing the applications behavior by looking essentially at network traffic, but we adapted it to modern infrastructures. And open source was our mantra before with Wireshark and became our mantra with Sysdig. Sysdig, the company name comes from the open source tool that we released was the first thing that we released in our company. And then few years later with Falco, which now is the premier open source project that was created by Sysdig and is now part of the CNCF, it's an incubating project. And it's essentially the runtime security tool for containers, Kubernetes, and cloud. >> Take us through that Falco, because I think this is an important distinction on your success trajectory because CNCF has a nice playbook where companies can contribute to the CNCF at the same time, that creates an open environment for all, and then have a business model tied to it. This is kind of a new, not new, but this is a successful way to be open source and have a commercial opportunity. >> Yeah, and very much a substantial portion of our commercial product is let's say an extension of Falco. But let's say our approach was like, let's first produce something that is truly useful for the community and fits in the proper way with the ecosystem, with the rest of the ecosystem. Nowadays in every field security as well, you don't build any more a single solution. You build something that needs to fit very well in the stack. Kubernetes, Prometers, network meshes and DCO and this kind of stuff, these all fit together. So Falco, which is the runtime security component needs to fit as well. So initially our focus was like, okay, we need to fill the gap of runtime security for containers, for Kubernetes, and also for cloud. But we need to do that in a way that is community first and data really helps, but also engages and takes advantage of the users, of the broader community. At that point, going to the CNCF and telling the CNCF, hey, look, we developed these, are you interested in partnering with us and being essentially the organization behind this project, was very natural. And that's what we did in 2016, sorry, 2018. 2016 is when Falco started, 2018. And at that point, you know, it's a great partnership because the CNCF is really a great home for all of these projects and really makes it possible for the users to trust a project in a way that they know that even if the commercial banker, even if the original creators, even if the team rotates and changes and evolves, the end users can still use this project, trust this project and know that it's community driven. And it's been a great journey for us. >> How would you describe what Falco is and what are the key use cases? >> Yeah, Falco is, I compare it to the security camera for your containers, your house and your cloud infrastructure. So the same way that the security camera allows you to observe maybe what's happening in your home, even if you have a lock, is still useful to have a security camera, right? To understand when something breaks in what they're doing, when they do it, get an alarm when something better happens. Similarly, in software infrastructures, you can still have your lock, your firewall and so on, but then you use a security camera like Falco that is able to observe every single container, every single process, every single machine, every single network connection and so on. Keep an eye on it and then it has sort of a points-based system that includes a bunch of policies that come essentially pre-packaged that allow the users to detect when something dangerous or suspicious happens in the infrastructure. For example, I don't know somebody is spawning or sharing their radius container. Or somebody is logging in AWS without multi-factor authentication. Falco keeps a constant eye and lets you know, it gives you an alert when something like that happens. >> You know what I love about what you guys do and kind of highlights what we've been saying on theCUBE for many, many years is that the networking concepts of the older generations have been moving up the stack with cloud because you got rule engines, policy automation, all these things are now part of connected systems. So if you have the cloud, which is essentially a distributed computing, you have more networks, more connections. And so the networking paradigms of packets can be moved over to software, well, software maintenance, if you will, or anything, any middleware, whatever you want to call it. I mean, this is kind of a new paradigm. So, what's your reaction to that? I want to get your take on this because this is kind of really happening. >> Yeah, and you are absolutely right. And what us as a Falco community or as Sysdig as a company is exactly that. We're taking the concepts that were maybe at the base of the previous generation of the data center in terms of policies, in terms of one clause and we're sort of elevating them to what modern cloud is. To give you an example, I don't know if you remember, but a Falco was inspired by a tool called Snort and the company also was Sourcefire. Snort used to listen on the network, constantly observe the network traffic and the deploy policies to tell you, okay, somebody uploaded a file from China and this file contains a malware. Now we do this, but we're able to see inside containers. We have cloud context. We understand the regions. We understand Kubernetes namespace and all these kinds of stuff. So we're able to put so much more context and be so much closer to the user, but the concepts are the same. We're just, as I was saying, sitting on the shoulders of people before us that invented this and we're modernizing them. >> Well, this is what refactoring is all about. This is the benefit of the cloud. I think, this is why a lot of the cloud native success is happening because companies are realizing that they can actually not just re platform in the cloud, but actually refactor their business, completely different. Using other paradigms and not necessarily rip and replace or just cut and paste. They can take concepts and codify them in their workloads, not necessarily general purpose. So again, key cloud concept and only going to get stronger with the edge developing. So again, more and more complexity, connected complexity. >> Yeah, complexity that more and more you manage through automation, right? Which is another key concept in the cloud. So we are able as a market, as a community to have and manage more and more complex infrastructures because we have tools that are able to automate, to take care of stuff for us, to potentially remediate, which is another big theme in modern security for us and so on. And of course, again, companies like Sysdig, try to really read these in the plight, in a proper way that can be the most possible useful. >> And hackers love complexity, right? And love chaos. And so unless you tame that with really good software, this is the key challenge. >> You need to manage chaos and you need good software to help you manage chaos. >> All right, final question for you. How is Sysdig and the Falco community working with AWS? >> Yeah, in a number of ways. One of the beauties, as I was telling before of essentially being built on an open source project like Falco is that you can really work together with cloud providers like AWS with mutual advantage. For example, AWS and team members at Amazon have done many contributions to Falco and the Sysdig system and integrations and so on. We partnered as Falco community and Sysdig with AWS to offer proper support for Falco versus the products on Fargate, which is, managed containers are the future, are very powerful. Everybody wants to go there, but then you need to make sure that you are covered, you have security from the point of view of severability and so on. Sysdig and AWS work together on doing a P trace based implementation, this is a technical thing, but essentially it means that a tool like Falco can give you invitations, can be the security camera for Fargate as well. And in general way, Amazon is a great partner for us on a daily basis as a community and as a company. >> Loris, you've got a great company there. And again, it was great to see you guys grow from the beginning and the wave is here. As they say, in California, you guys are riding the right wave. And I think it's just the beginning. I think you're going to see more and more security be programmable, built in, automated, under the covers, invisible, but working. And I think the same is going to be true for data and other things. So a lot more to do. And again, it's distributed computing. We've seen this movie before, but not in this environment. So new tools are coming and you guys are a big part of it. Thank you so much for coming on theCUBE and sharing what you guys are doing and the technology behind Sysdig. Thanks for coming on. >> Thank you very much and thank you for the great conversation. >> Okay, this is theCUBE I'm John Furrier your host for Cube conversations with Sysdig's Loris Degioanni, CTO of Sysdig. Thanks for watching. (gentle music)

(upbeat music) [Reporter] - Live from San Diego, California it's theCUBE covering Goodcloud and Cloud- Native cloud. Brought to you by Red Hat the Cloud-Native computing foundation. and its ecosystem partners. >> Welcome back, we're here at Kubecon Cloud-Native con 2019 in San Diego, I'm Stu Miniman. We've got over 12,000 in attendance here and we have a three guest lineup of Kubecon veterans here. To my right is Loris Degioanni who's the CTO and founder of Sysdig. To his right, representing the Tiger is Amit Gupta who's vice president of business development and Product Management at Tigera, and also Knox Anderson who's Director of Product Management. We know from the Octopus, Amit, that also means that he's with Sysdig. So gentlemen, thank you all for joining. [Loris]- Octopus and Tiger >> Octopus and Tiger, bringing it all together on the tube. We have a menagerie as it were. So Loris, let's start as they said, you know all veterans, you've been here, you've almost been to every single one, something about a you know, a child being born made you miss one. [Loris] - The very first one. >> So, why don't you bring us in kind of what's so important about this ecosystem, why it's growing so fast and Sysdig's relationship with the community? >> Yeah, I mean, you can just look around, right? Kubecon is growing year after year, it's becoming bigger and bigger and this just a reflection of the community getting bigger and bigger every year, right? It's really looks like we are, you know, here with this community creating the next step, you know? For computing, for cloud computing, and really, you know, Kubernetes is becoming the operating system powering, you know, the cloud and the old CNC ecosystem around it is really becoming, essentially the ecosystem around it. And the beauty of it is it's completely open this time, right? For the first time in history. >> All right, so since you are the founder, I need to ask, give me the why? So we've been saying you know, we've been starting this program almost 10 years ago and the big challenge of our time is you know building software for distributed systems. Cloud's doing that, Edge is taking that even further. Bring us back to that moment of the birth of Sysdig and how that plays into all the open source and that growth you're talking about. >> Yeah, I mean, Sysdig was born, so first of all, a little bit of background of me. I've been working in open source and networking for my whole career. My previous company was the business behind washer, then it took on a live service, so, a huge open source community and working with enterprises all around the world, essentially to bring visibility over their neighbors. And then I started realizing the stack was changing radically, right? With the event of cloud computing. With the event of containers and Docker. With the event of Kubernetes. It, legacy ways of approaching the problem were just not working. Were not working the technical level because, you need to create something completely new for the new stack but they were also not working at the approach level. Every thing was proprietary. Every thing was in silos, right? So the approach now is much more, like inclusive and community first, and that's why I decided to start Sysdig. >> All right. so Amit, we know things are changing all the time. One thing that does not ever change is security is paramount. I really say, I go back 10 or 15 years you know, they've got a lot of lip service around security. Today, it's a board level discussion. Money, development, especially here in the Cloud-Native space it's really important so, talk about Tigera relationship with Sysdig and very much focused on the Kubernetes ecosystems. >> Absolutely. So I couldn't agree with you more, Stu. I mean, security is super critical and more so now as folks are deploying more and more mission critical applications on the Kubernetes based platform. So, Sysdig is a great partner for us. Tigera provides networking and network security aspects of that Kubernetes deployment. And if you think about it how modern applications are built today, you've taken a big large model and decomposed into hundreds of micro services so there's procedural cause that were happening inside the code and now API calls on the network so you've got a much bigger network with that service a highly distributed environment. So the traditional architectures where you manage the security typically with the firewall or a gateway, it's not sufficient. It's important, it's needed and that's really where, as people design their architecture, they have to think about how do you design security across that entire infrastructure in a distributed fashion or done in the early stages of your projects. >> Knox, help us understand the relationship here, how it fits into Sysdig's product with Tigera. >> Yeah, so we're great partners with Tigera. Tigera lives at the network security level. Sysdig's secure in that the product we built extends the instrumentation that Loris started off with our open source tool, to provide security across the entire container lifecycle. So at build time, making sure your images are properly configured, free of vulnerabilities at run time, looking at all the activity that's happening and then the big challenge in the Kubernetes space is around incident response and audit. So if something happens in that pod, Kubernetes is going to kill it before anyone can investigate and Sysdig helps you with those work flows. >> Maybe it would help, we all throw around those terms, Cloud-Native a lot and it's a term I've heard for a number of years. But the definition like cloud itself is one that you know matures over time and when we get there so, maybe if we focus in a little bit on Cloud-Native security. You know, what is it we're hearing from customers, what does it mean to really build Cloud-Native Security. What makes that different from the security we've been building in our data centers, in clouds for years? >> Well I thought Cloud-Native was just a buzzword. Does it actually mean something? (laughs) >> Well hopefully it's more than just a buzzword and that's what I'm hoping you could explain. >> Yeah, so again, the way I see it is the real change that you are witnessing is how software is being written. And we're touching a little bit on it at this point. Software intended to be architected as big monoliths now is being splayed into smaller components. And this is just a reflection of software development teams in a general way being much more efficient when you can essentially, break the problem into sub-problems and break the responsibilities into sub-responsibilities. This is perhaps something that is extremely beneficial especially in terms of productivity. But also, sort of revolutionizes the way you write software, you run software, you maintain software, CICD, you know continues development, continues integration, pipelines, the reliance on GIT and suppository to store everything. And this also means that, securing, monitoring, troubleshooting infrastructures becomes much different. And one of things we are seeing is legacy two's don't work anymore and the new approaches like Calico Networking or like Falco and runtime security or like Sysdig secure, for the lifecycle and security of containers are something bubbling up as alternatives to the old way of doing things. >> I would add to that I agree with you. I would add that if you're defining a Cloud-Native security the Cloud-Native means it's a distributed architecture. So your security architecture has got to be distributed as well, absolutely got a plan for that. And then to your point, you have to automate the security as part of the various aspects of your lifecycle. Security can not be an afterthought you have to design for that right from the beginning and then one last thing I would add is just like your applications are being deployed in an automated fashion your security has to be done in that fashion so, policy is good, infrastructure is good and the security is just baked in as part of that process. It's critical you design that way to get the best outcomes. >> Yeah, and I'd say the asset landscape has completely changed. Before you needed to surface finding against a host or an IP. Now you need to surface vulnerabilities and findings against clusters, name spaces, deployments, pods, services and that huge explosion of assets is making it much harder for teams to triage events, vulnerabilities and it's really changing the process in how the sock works. >> And I think that the landscape of the essence is changing also is reflected on the fact that the persona landscape is changing. So, the separation between attempts and operation people is becoming thinner and thinner and more and more security becomes a responsibility of the operation team, which is the team in charge of essentially owning the infrastructure and taking care of it, not only for the operational point of view but also from the security. >> Yeah, I think I've heard the point that you've made a many times. Security can't be a bolt on or an afterthought. It's really something fundamental, we talk about DevOps is, it needs to be just baked into the process, >> Yeah. >> It's, as I've heard chanted at some conferences, you know, security is everyone's responsibility, >> Correct. >> make sure you step up. We're talking a lot about open source here. There's a couple of projects you mentioned, Falco and Calico, you're partners with Red hat. I remember going to the Red Hat show years ago and they'd run these studies and be like, people are worried that open source and security couldn't go side by side, but no, no you could actually, you know open source is secure but taking the next step and talking about building security products with open source give us, where that stands today and how customers are you know embracing that? And how can it actually keep up with the ever expanding threat surfaces and attacks that are coming out? >> Yeah. First of all as we know open source is actually more secure and we're getting proof of that you know, pretty much on a daily basis including you know, the fact that tools like Kubernetes are regularly scrutinized by the security ecosystem and the vulnerabilities are found early on and disclosed. In particular, Sysdig is the original creator of Falco which is an open source, CNCF phased anomaly detection system that is based on collecting high granular data from a running Kubernetes environment. For example, through the capture of the system calls and understanding the activity of the containers and being able to alert about the anomalous behavior. For example, somebody being able to break into your container, extricating data or modifying binaries, or you know perpetrating an attack or stuff like that. We decided to go with an approach that is open source first because, first of all, of course, we believe into participating with the community and giving something as an inclusive player to the community. But also we believe that you really achieve better security by being integrated in the stack, right? It's very hard , for example, to have, I don't know, security in AWS that is deeply integrated with the cloud stack upon us, alright? Because this it's propietary. Why would Kubernetes solutions like Falco or even like Calico, we can really work with the rest of the community to have them really tightly coupled and so much more effective than we could do in the past. >> You know, I mean I would make one additional point to your question. It's not only that users are adopting open source security. It's actually very critical that security solutions are available as an open source, because, I mean, look around us here this is a community of open source people, they're building and distributing infrastructure platform from that is all open source so we're doing this service if we don't offer a good set of security tools to them, not an open source. So that's really our fundamental model that's why Calico provides two key problems networking and network security for our users, you deploy your clusters, your infrastructures, and you have all the bells and whistles you need to be able to run a highly secure, highly performing cluster in your environment and I believe that's very critical for this community. >> Yeah, and I'd say that and now with open source, prevention has moved into the platform. So, with network policy and things like Calico or in our 3.0 launch we incorporated the ability to automate tests and apply pod security policies. And those types of prevention mechanisms weren't available on your platforms before. >> Okay, I often find if you've got any customer examples, talk about, you know, how they're running this production kind of the key, when they use your solutions you know, the benefits that they're having? >> Yeah, I'll take a few examples. I mean, today it is probably fair to say Calico from the partial phone home data we get a 100,000 plus customers across the globe, some of the, I can't take the actual names of the customers but, so the largest banks are using Calico for their enterprise networking scenarios and essentially, the policies, the segmentation inside the clusters should be able to manage the security for those workloads inside their environments. So that's how I would say. >> Yeah, and Sysdig, we, have an open core base with Falco, and then we offer a commercial product called Sysdig secure, in particular, last week we release version 3.0 of our commercial product which is another interesting dynamic because if we can offer the open core essentially to the community but then offer additional features with our commercial product. And Falco is installed in many, many thousands extension of platforms. and Sysdig secure you know secures, and offers visibility to the biggest enterprises in the world. We have deployments that are at a huge scale with the biggest banks, insurance companies, media companies, and we tend to fall to cover the full life cycle of applications because as the application and as the software moves in the CICD pipeline so security needs to essentially accompany the application through the different stages. >> All right, well thank you all three of you for providing the update. Really appreciate you joining us in the program and have a great rest of the week >> Thank you very much. >> Thank you. >> Thank you. >> We'll be back with more coverage here from Kubecon, Cloud-Nativecon. I'm Stu Miniman and thanks for watching theCUBE. (upbeat music)

(dramatic orchestral music) >> Hey, welcome back everybody. Jeff Frick, here, at theCUBE. We're at the Palo Alto studios taking a very short break in the middle of the crazy fall conference season. We'll be back on the road again next week. But we're excited to take an opportunity to take a breath. Again, meet new companies, have CUBE conversations here in the studio, and we're really excited to have our next guest. He's Apurva Dave, the CMO of Sysdig. Apurva, great to see you. >> Thanks, Jeff, thanks for having me here. >> Yea, welcome, happy Friday. >> Appreciate it, happy Friday, always worth it. >> So give us kind of the 101 on Sysdig. >> Yep, Sysdig is a really cool story. It is founded by a gentleman named Loris Degioanni. And, I think the geeks in your audience will probably know Loris in a heartbeat because he was one of the co-creators of a really famous open source project called Wireshark. It's at 20 million users worldwide, for network forensics, network visibility, troubleshooting, all that great stuff. And, way back when, in 2012, Loris realized what cloud and containers were doing to the market and how people build applications. And he stepped back and said, "We're going to need "a totally new way to monitor "and secure these applications." So he left all that Wireshark success behind, and he started another open source project, which eventually became Sysdig. >> Okay. >> Fast-forward to today. Millions of people are using the open source Sysdig and the sister project Sysdig Falco to monitor and secure these containerized applications. >> So what did Sysdig the company delineate itself from Sysdig the open source project? >> Well, you know, that's part of the challenge with open source, it's like part of your identity, right. Open source is who you are. And, what we've done is, we've taken Loris's vision and made it a reality, which is, using this open source technology and instrumentation, we can then build these enterprise class products on top for security monitoring and forensics at scales that the biggest banks in the world can use, governments can use, pharma, healthcare, insurance, all these large companies that need enterprise class products. All based on that same, original open source technology that Loris conceived so many years ago. >> So would you say, so the one that we see all the time and kind of use a base for the open source model, you kind of, Hortonworks, it's really pure, open source Hadoop. Then you have, kind of, Mapbar, you know, it's kind of proprietary on top of Hadoop. And then you have Cloudera. It's kind of open core with a wrapper. I mean, how does the open piece fit within the other pieces that you guys provide? >> That's really a really insightful question because Loris has always had a different model to open source, which is, you create these powerful open source projects that, on their own, will solve a particular problem or use case. For example, the initial Sysdig open source project is really good at forensics and troubleshooting. Sysdig Falco is really good at runtime container security. Those are useful in and of themselves. But then for enterprise class companies, you operate that at massive scale and simplicity. So we add powerful user interfaces, enterprise class management, auditing, security. We bundle that all on top. And that becomes this Cloud-Native intelligence platform that we sell to enterprise. >> And how do they buy that? >> You can, as subscription model. You can use it either as software as a service, where we operate it for you, or you can use it as on-premise software, where we deliver the bits to you and you deploy it behind your firewall. Both of those products are exactly the same functionally, and that's kind of the benefit we had as a younger company coming to market. We knew when we started, we'd need to deliver our software in both forms. >> Okay and then how does that map to, you know, Docker, probably the most broadly known container application, which rose and really disturbed everything a couple years ago. And then that's been disturbed by the next great thing, which is Kubernetes. So how do you guys fit in within those two really well-known pieces of the puzzle? >> Yeah, well you know, like we were talking about earlier, there's so much magic and stardust around Kubernetes and Docker and you just say it to an IT person anywhere and either they're working on Kubernetes, they're thinking about working on Kubernetes, or they're wondering when they can get to working on Kubernetes. The challenge becomes that, once the stardust wears off, and you realize that yeah, this thing is valuable, but there's a lot of work to actually implementing it and operationalizing it, that's when your customers realize that their entire life is going to be upended when they implement these new technologies and implement this new platform. So that's where Sysdig and other products come in. We want to help those customers actually operationalize that software. For us, that's solving the huge gaps around monitoring, security, network visibility, forensics, and so on. And, part of my goal in marketing, is to help the customers realize that they're going to need all these capabilities as they start moving to Kubernetes. >> Right, certainly, it's the hot topic. I mean, we were just at VMworld, we've been covering VMworld forever, and both Pat and Sanjay had Kubernetes as parts of their keynotes on day one and day two. So they're all in, as well, all time for Amazon, and it goes without saying with Google. >> Yeah, so it's funny is, we released initial support for Kubernetes, get this, back in 2015. And, this was the point where, basically the world hadn't yet really, they didn't really know what Kubernetes was. >> Unless they watched theCUBE. >> Unless they watched-- >> They had Craig Mcklecky-- >> Okay, alright. >> On Google cloud platform next 2014. I looked it up. >> Awesome. Very nice-- >> Told us, even the story of the ship wheel and everything. But you're right, I don't think that many people were there. It was at Mission Bay Conference Center, which is not where you would think a Google conference would be. It's a 400 person conference facility. >> Exactly, and I think this year, CubeCon is probably going to be 7,000 people. Shows you a little bit of the growth of this industry. But, even back in 2015, we kind of recognized that it wasn't just about containers, but it was about the microservices that you build on top on containers and how you control those containers. That's really going to change the way enterprises build software. And that's been a guiding principle for us, as we've built out the company and the products. >> Well, way to get ahead of the curve, I love it. So, I see it of more of a philosophical question on an open source company. It's such an important piece of the modern software world, and you guys are foundationally built on that, but I always think about when you're managing your own resources. You know, how much time do you enable the engineers to spend on the open source piece of the open source project, and how much, which is great, and they get a lot of kudos in the ecosystem, and they're great contributors, and they get to speak at conferences, and it's good, it's important. Versus how much time they need to spend on the company stuff, and managing those two resource allocations, 'cause they're very different, they're both very important, and in a company, like Sysdig, they're so intimately tied together. >> Yeah, that last point to me is the biggest driver. I think some companies deal with open source as a side project that gives engineers an outlet to do some fun, interesting things they wouldn't otherwise do. For a company like Sysdig, open source is core to what we do. We think of these two communities that we serve, the open source community and the enterprise community. But it's all based on the same technology. And our job in this mix is to facilitate the activity going on in both of these communities in a way that's appropriate for how those communities want to operate. I think most people understand how an enterprise, you know, a commercial enterprise community wants to operate. They want Sysdig to have a roadmap and deliver on that roadmap, and that's all well and good. That open source element is really kind of new and challenging. Our model has always been that the core open source technology fuels our enterprise business, and what we need to do is put as much energy as we can into the open source, such that the community is inspired to interact with us, experiment, and give back. And if we do it right, two things happen. We see massive contribution from the community, the community might even take over our open source projects. We see that happening with Sysdig Falco right now. For us, our job then is to sit back, understand how that community is innovating, and how we can add value on top of it. So coming back all the way to your question around engineers and what they should be doing, step one, always contribute to the open source. Make our open source better, so that the community is inspired to interact with us. And then from there, we'll leverage all that goodness in a way that's right for our enterprise community. >> So really getting in almost like a flywheel effect. Just investing in that core flywheel and then spin off all kinds of great stuff. >> You got it, you know, my motto's always been like, if the open source is this thing off to the side, that you're wondering, oh, should our engineers be working on it, or shouldn't they, it's going to be a tough model to sustain long-term. There has to be an integrated value to your overall organization and you have to recognize that. And then, resource it appropriately. >> Right, so let's kind of come up to the present. You guys just had a big round of funding, congratulations. >> Yep, thank you. >> So you got some new cash in the bank. So what's next for Sysdig? Now you got this new powder, if you will, so what's on the horizon, where are you guys going next? Where are you taking the company forward? >> Great question, so, we just raised a $68.5 million Series D round, led by Inside Ventures and follow-on investors from our previous investors, Accel and Bane. 68.5 doesn't happen overnight. It's certainly been a set of wins since Loris first introduced those open source projects to releasing our monitoring product, adding our security product. In fact, earlier this year, we brought on a very experienced CEO, Suresh Vasudevan, who was the previous CEO of Nimble Storage, as a partner to Loris, so that they could grow the business together. Come this summer, we're having massive success. It feels like we've hit a hockey stick late last year, where we signed up some of the largest investment banks in the world, large government organizations, Fortune 500s, all the magic is happening that you hope for, and all of a sudden, we found these investors knocking at our door, we weren't actually even out looking for funds, and we ended up with an over-subscribed round. >> Right. >> So our next goal, like what are you going to do with all that money, is first of all, we're moving to a phase where, it's not just about the product, but it's about the overall experience with Sysdig the company. We're really building that out, so that every enterprise has an incredible experience with our product and the company itself, so that they're just, you know, amazed with what Sysdig did to help make Cloud-Native a reality. >> That's great and you got to bring in an extra investor, like in a crunch phase, you guys haven't had that many investors in the company, relatively a small number of participants. >> It's been very tightly held, and we like it that way. We want to keep out community small and tight. >> Well, Apurva, exciting times, and I'm sure you're excited to have some of that money to spend on marketing going forward. >> Well, we'll do our part. >> Well, thanks for sharing your story, and have a great weekend. I'm happy it's Friday, I'm sure you are, too. >> Thanks so much, have a great weekend. Thanks for having me. >> He's Apurva, I'm Jeff, you're watching theCUBE. It's theCUBE conversation in Palo Alto, we'll be back on the road next week, so keep on watching. See you next time. (dramatic orchestral music)