 Hi, everyone. Nice to meet you today. My name is Fei Huang. I came from a social security team. So today, my topic is about Kubernetes is a perfect platform for enforcing zero-trust security. Let's get started. So let's use the famous Lock4J vulnerability as an example. I think everybody knows that. First, the Lock4J CVE was discovered on November 2021. Only one week after that, there's a real word exploit attempt was reported. And then, of course, the patch was released a few weeks later. In the next few weeks and months, we keep seeing new patches published. But at the same time, new related CVE are also reported. So for the companies, I mean, we have a lot of clients, customers, they have to keep patching their applications, keep waiting for the new patches. So this whole process takes a few weeks, or months, or even more. I think yesterday, Brian mentioned there's a CVE not being patched after 15 years. That's kind of crazy. So obviously, we all understand this is a chasing game. We call this reactive security model. So we have to scan, monitor, detect, respond based on the real incidents. We have to keep waiting for the new patches. This is working, but I don't think it's efficient. I don't think it's enough. So how about the CVE without a fix? How about can we prevent Lock4J like critical security issues even before it's being discovered? The answer is yes. Please think about this. How about we can detect, attack at the network entry point even before it hits a real application? How about we can block the command control links at a real time? And we can block any suspicious process or false access. No, because this is a never seen process before. It could be a remote code execution. It could be a crypto miner. And the idea is we should minimize attacking surface at runtime, and we should lock down the behavior of every running pod. So we call all those good functions proactive security model, or zero trust security controls. So why Kubernetes is the perfect platform for this new security model? Let's use a real workflow. Think about that. See a developer could define the security manifest into a YAML file. He can even define the application runtime forward policy into the YAML file as well. Because developers is the only person to know how this container going to talk, going to communicate in a runtime. So those information can be checked into the Git repository, same as their source code. And then the build pipeline going to carry it over all the way to the running clusters. So the new vector like solutions will be able to pick up those security manifestors, also the policies directly from Kubernetes at runtime, then federated the policy out, enforce it right away. The beauty is this whole process can be fully automated. I mean, you can see that Kubernetes does make a security solution much smoother, much stronger, and much better. That's why. So I would like to use two real customer profiles to emphasize runtime zero trust and security control is very important. A customer which is a Fortune 200 in the price, another one is a fully SAS based financial service online bank. Interestingly, they all run their containers in multiple complicated cloud environment. They have hybrid cloud, multiple cloud, on-prem, or even on-air gap environment. So that does require security to be managed scaled the same way. So the multi-cluster federation and also the security management needs to be supported. Another strong requirement is those applications in production are mission critical. Basically, that's companies most important assets. It does require they have a strong runtime protection in place. So they use zero trust runtime protection with security automation in place to make sure it's not slowing down the DevOps process. And there's also compliance requirements in the play for those mission critical workloads. There are all kinds of compliance requirements in different countries, different industries. So to satisfy that, they use the Layer 7 container firewall with WAF and DRP enabled, which does help them to pass auditing from, for example, SOC2, PCI DSS, or HIPAA. So due to the time limitation today, I can only highlight a few things about zero trust for Kubernetes. For more details, please feel free to stop by our booth at the solution showcase. We also have a free ebook from this QR code you can download. So that's my presentation today, and thanks everyone. Thank you. Thank you.