 Hello, welcome back to theCUBE's main stage coverage of DockerCon 2022. I'm John Furrier, host of theCUBE. We're here with Knox Anderson, Vice President of Product Management, Sysdig. Knox, welcome to theCUBE. Thanks for having me, glad to be back. So obviously containers is going crazy, madness in terms of adoption, standard, even mainstream enterprise, IT and cloud are all containerized, it's only getting better. And it increases the complications when you start thinking about scale and supportability. This is a huge discussion and it ranges from how do you support, how do you run operations, how do you secure in the supply chain, all this is happening and with the growth of cloud and server electricity and Kubernetes at the center of everything. So I got to ask you, how has Kubernetes changed how you secure cloud infrastructure? Yeah, so Kubernetes is really the modern operating system for the cloud and with that you get a lot of facilities. So you get things like Kubernetes network policies, you can use things like admission controllers and with that you're securing multiple layers whether it's the control plane, individual workloads. And so there's a nice mixture of built-in tools and part of the Kubernetes platform that then you can leverage to do prevention, auditing and things like that. But it really requires an entire rethink of your stack and the tools you bring in alongside your people and processes. And so it's an exciting time because it gives you an opportunity to be more secure but really have to rethink your approach there. And I want to get into the whole observability trend here because you start thinking about the mobility how containers enables and getting all the data is everything and then also that feeds into kind of having a good sense of what is going on. And when you hear about shift left and data as code developers don't want to get stopped coding, right? And then have to come back and go dig into things that they thought they had taken care of. So you kind of got this kind of flywheel going in the wrong direction. So that's causing teams to be disrupted. So how do teams keep up with the changes to the containerized applications or what to prioritize around that? Because if I shift left, am I done or what? And these are the things that come up all the time. Yeah, you have to shift left but also watch the right. Like shifting left is a little bit harder from a people and process perspective. Like you put a tool in place then it's a gating factor for getting in. And so that runtime context on the right is equally as important and it's often easier to roll out a runtime tool just because you're not going in and introducing new processes. And that runtime visibility can also make shift left much better. If you're scanning a container image you might get a thousand different vulnerabilities that you need to address but only three of those are in packages that are actually executed at runtime. And so we recently released a feature called risk spotlight which does that exact feedback loop. I mean, that's something that's important whether you're addressing vulnerabilities, misconfigurations or responding to events. What's on the right? What's on the left? And then tie those together. Yeah, it's like left, left, right. It's like driving training here in the United States. You got to stop sign. You want to be moving, always be moving. I got to ask you what are some of the side effects of the infrastructure automation and the resulting code artifacts? Yeah, it's really like Kubernetes is nice because it's a declarative system but it doesn't always work out that way. Like someone might have a Helm chart and then someone else changes it in production. So understanding what is drift is really important in these environments. And then it also has enabled real remediation workflows. I think previously you might patch something a week later there's a new deploy that patch gets written over. And so because Kubernetes and the rise of IAC, it's now easier to see a misconfiguration and production, open a pull request and then fix that at source which provides that full kind of visibility across those different environments and it allows you to actually fix issues versus constantly being in that kind of whack-a-mole of patching things and moving on. Yeah, I mean, this is all about cloud native development. And you look at some of the things going on and you're starting to see best practices develop. What do you guys see as a best practice of getting started with designing and securing cloud native applications? What are some of the tools that people should look at for the beginners and for the entry level position? And then as they get traction, what does that turn into? Yeah, so the pattern we've often seen is like someone gets started on the open source side whether you're using open policy agent or Falco, which Loris, who've you met with before created. And so really when you're starting, choose kind of the open source option, learn from that. And then often what we've seen with customers is at scale, there's some companies, like if you're an Uber, a Snapchat and Apple, you can maybe build something around open source but a lot of other people start to really consolidate platforms that are built on top of those open source technologies and trying to get that really single view into what's happening in their environment. What are those events? And the thing that I would say process-wise is most important is build that container center of excellence, that cloud center of excellence, whatever you call it, that brings together people from your ops team, your infrastructure team, your dev team, your security team. Everyone's got to have a seat at the table to have containers be successful. It's a big shift. And if you do it right, it really takes off but each team really needs to be included there. Yeah, there's a lot of operational discussions going on around the devs and the devs are being pulled to the front lines. We've been saying this for a decade. But now when you got edge computing, you got cloud native operations on premises, you start to see that they're getting pulled even further to the front line. So what are you guys up to at Sysdig? They got a lot of developers here at DockerCon. What's in it for them? Why Sysdig? Why should they care? What's the, what would you say to all the developers that are watching? What's in it for them? Yeah, we really make it easier for you to prioritize what to fix and what to address in your environment. I know I've built something before and like my test suite or my scanner just lights up like a Christmas tree and you just want to move to another task because it's just too much to deal with at that time. And so we really help you focus on what matters and get the most bang for your buck. Everyone has way too much time or too many things going on and not enough time. And so being able to understand effective risk, your different vulnerabilities, what to fix is really key to delivering secure software. I mean, it's like a doctor needs to know what to work on with the patient, if you will. Went to what's important and then the dependencies and you got a systems mindset you got to know what the consequences. So it sounds easy just knock down a list of things but isn't that easy? You got to want to hit things that you know that will have an impact right away. That seems to be the big aha moment here. Yeah, definitely. So we're going to be a KubeCon in Europe. You guys going to have a booth there? What's the quick plug for the company? Give a shout out to what's happening at Cystig and Cloud Native World. Yeah, really excited to be in Valencia. We have a ton of people at, sorry, at DockerCon with giving a couple of different talks here. So the first is master your container security model and then suffer supply chain security and standards. On the supply chain one, we're getting deep into S-bombs. So if that's a topic that's important to you, please join that one. Awesome. And then that's a big topic, supply chain. We've got a minute and a half left. What's the most important thing people should pay attention to as open source continues to grow in prominence, not just from a code standpoint, but as a social environment, as people are doing ventures and venture capitals are mining the area, what should they pay attention to as supply chain becomes important? What's the big thing? There's a lot of companies, I think, going around the S-bomb space and kind of trying to certify, like where did this come from and have that provenance across the entire supply chain. We under the hood use those S-bombs to understand kind of what have you built, what packages are used and then tie that with that runtime data. So a lot of the things that we talked around before with RISC Spotlight is based on that deep S-bomb knowledge. And that's something that, I think the standards are still getting kind of worked out where there's Cycline DX, S-BX. And so people really are saying, hey, I need to generate S-bombs and we're generating them, but there's gonna be more and more applications on, okay, what do you do with that? How does it integrate with other tools? So it's kind of, I think, in the little bit of the early data lake phases where it's like, I've taken all my data, I've put it here, now I need to do more with it. So that's where I think we'll start to see some pretty exciting things over the next year or two. It's super exciting. On one hand, you got the attackers and that's a zero trust environment and you get the builders and developers where trust is everything. You got to know it's in the code. It's really interesting time and super important to scale. So Knox, thanks for coming on theCUBE and Sharon. This is the update. Appreciate it, thanks for coming on. Now back to you at the DockerCon main stage. This is theCUBE. I'm John Furrier, host. Thanks for watching.