 Okay, welcome back everyone to theCUBE's coverage here. KubeCon, CloudNativeCon 2021 in person. theCUBE is here, I'm John Furrier, host of theCUBE with Dave Nicholson, my co-host and cloud analyst. Man, it's great to be back in person. We also have a hybrid event. We've got two great guests here. The founders of DeepFence, Shyam Krishnaswamy, co-founder and CTO and said deep-lying founder and CEO. Hey everyone. Hey everyone. Great to have you on. This is a super important topic as CloudNative is crossed over by everyone's talking about it, mainstream blah blah blah, but security is driving the agenda. You guys are in the middle of it, cutting edge approach and news. Sure. Absolutely, like we were talking about, John, we are operating at the intersection of the awesome desk, right? Open source, security and cloud. CloudNative essentially, absolutely. And today is a super exciting day for us. We're launching something called ThreatMapper, Apache V2 completely open source. Think of it as an X-ray or MRS scan for your cloud. Scan visualizes cloud at scale, all of the modalities. Essentially, we look at cloud as a continuum. It's not a single modality. It's containers, it's communities, it's VMs, it's serverless, all of them co-executing side by side. That's how we look at it. And ThreatMapper essentially allows you to visualize all of this in real time. Think of ThreatMapper as something that takes over the baton from the CI CD. When the shift left gets over, that's when the ThreatMapper comes in picture. So yeah, super excited. It's like really gives that developer and the teams, ops teams, visibility into kind of health statistics of the cloud, but also as you said, it's not just software mechanisms. The cloud is evolving, new services being turned on and off, no one even knows what's going on sometimes. This is a really hidden problem, right? Yep, absolutely. The basic problem is, I mean, I was just talking to, you know, a journalist earlier this morning, is 270 billion plus public cloud spent, John, 270 billion plus, even 300 billion they're saying, right? Projected revenue. And there is not even a single community tool to visualize all the clouds and all the cloud modalities at scale. Let's start there. That's what we sort of decided, you know what? Let's start visualizing everything out there and then look for known badness, which is the vulnerabilities, which still remains the biggest attack vector. Shem, tell us what's under the hood. How does this all work? Cloud scale, is it a cloud service, managed service? Is code, take us through product? Yeah, absolutely, go ahead, yeah. So, but before that, right, there's one small point that Sandeep mentioned and Richard, I'd like to elaborate here, right? He spoke about the whole cloud spent being such a large volume, right? If you look at the way people look at applications today, it's not just single cloud anymore. It's multi-cloud, multi-regions, across diverse clients, right? What is the solution to look at what mine percentage is going on? That is a missing piece here and that is what we're trying to tackle and that is where we are going as open source. Now coming back to your question, right, how does this whole thing work? So we have a completely on-prem model, right, where customers can download the code today, install it, we give binaries to, and shortly just as the exciting threat map announcement that came out today, you're going to see some more exciting announcements that's going to make a lot more easy for folks out there, out there. That's what I'm talking about. So how does this all fit into security as a microservice and your vision of that? Absolutely, absolutely, you know. I'll tell you, this has to do with one of the container conferences I was sort of, when I was trying to get an idea, trying to shape the whole vision really, right? Hey, what about security as a microservice? I would go and ask people, they would say, that sounds, that makes sense. Everything is becoming a microservice, really. So what you're saying, Sandeep, is you're going to deploy one more microservice, just like I deploy all of my other microservice and that's going to look after my microservices. That computes, that makes logical sense. Essentially that was the genesis of that terminology. So defense essentially is deployed as a microservice. You go to scale it, deploy it, operate it just like you do your microservices. So no code changes, no other tool change changes, it just is yet another microservice that's going to look after you. So that's about the, go ahead. So there's one point I would like to add here, which is something very interesting, right? The whole concept of microservice came from, if you remember the memo from Jeff Bezos that everybody's going to be a microservice will be fired. That gave rise to a very conventional, unconventional way of thinking about your applications. At DeepFence we believe that security should be now, you should bring the same unconventional way of thinking to security. Your security is all bottom up, no, it has to start top down. So your applications are microservice, your security should also be a microservice. So you need a microservice for a microservice, a security for the security. Exactly. You're starting to get into a paradigm shift where you start to see the API economy, the Bezos, and the Amazon, you know, the philosophy and their approach. Go mainstream. So but I got to ask you, because this is a trend we've been watching and reporting on. The actual application development processes change from the old school, you know, just life cycle, self-defined life cycle to now you've got machine learning and bots, you have AI now, you have, people are building apps differently. And the speed of which they want to code is high and then other teams are slowing them down. So I've heard security teams are screwing people over couple of days. Oh my God, I got five days. No, it used to be five weeks. Now it's five days. They think that's progress. They want five minutes. The developer's in real time. So this is a real deal. Absolutely, you know what? Shift left was a good thing. It's still a good thing. It helps you sort of figure out the issues early on in the development life cycle essentially, right? And so you start moving in security early on and it stays with you. The problem is we are iterating so frequently, you end up with a few hundred vulnerabilities every time you scan, often times few thousand. And then you go to runtime and you can't really fix all these thousand vulnerabilities, you know? So this is where, so there is a little bit of a gap there. If you say, if you look at the CI-CD cycle, the infinite circle that they show you, right? You've got the far left, which is where you have the SAS tool, the snake and all of that. And then you've got the center which is where you hand off this to ops. And then on the right side you've got sec ops. Defense essentially starts in the middle. It says, look, I know you've got thousand vulnerabilities, okay? But at runtime, I see only one of those packages is loaded in memory and only that is getting traffic. You go and fix that one because that's going to hurt you. You know what I'm saying? So that gap is what we're doing. So you start with the left, we come in in the middle and stay with you throughout, you know, tell the whole CI-CD, yeah. Well that touches on a subject. What are the changes that we're seeing? What are the new threats that are associated with containerization? And kind of coupled with that, look back on traditional security methods and how our traditional security methods failing us with those new requirements that come out of the microservices and containerized world. So having been at FireEye, I'll tell you, I've worked on their Windows products. And Juniper. And Juniper. And very deeply involved in OS 10. Yeah, yeah, yeah. That's true, that's true. You know what, earlier at the company, we even sold our product to Palo Alto. So having been around the space really, I think it's a foregone conclusion to say that attackers have become more sophisticated. Of course they have. It's not a single attack vector which gets you down anymore. It's not a script kiddie somewhere sitting who's just sending one malicious HTTP request and exploiting you. No, these are multi-vector, multi-stage attacks. They evolve over time and space, you know? And now what happens is attackers are evolving over time and space. Vulnerability is a piling up, right? And on the other side, you've got the infrastructure which is getting fragmented. What I mean by fragmented is it's not one data center where everything will look and feel and smell similar. It's containers and Kubernetes and serverless and all of that stuff is hackable, right? So you've got that big shift happening there. You've got attackers. How do you build visibility? So in fact, initially we used to, we would go on, you know, speak with the left-hand practitioner and say, hey, what is the coalition? Is it that you don't have enough scanners to scan? Is it that at runtime, what is the main problem? It's lack of visibility, lack of observability throughout the life cycle, as well as throughout this heterogeneous modality, is that what you're talking about? And the fact that the attackers know that too, they're exploited in the fact that they can't see. They're blind. It's like, you know, we're trying to land a plane that flew yesterday and you think it's landing tomorrow. It's all like lagging, right? So I got to ask you, because this comes up a lot because remember we were in our 11th season with theCUBE and I remember conversations going back to 2010, the cloud's not secure, you know. This is before everyone realized, shit, the cloud's better than on-premises, if you have it right. So a trend has emerged. I want to get your thoughts on this. What percentage of the hacks are because the attackers are lazier than the more sophisticated ones? Because you see two buckets. I'm going to work hard to get this or I'm going to go for the easy low-hanging fruit. And most people have just a setup that's just low-hanging fruit for the hackers versus some sort of complex or thought through programmatic cloud system. Because now cloud's actually better if you do it right. So the more sophisticated the environment, the harder it is for the hackers, AKA Bob Weier, whatever you want to call it, what level do we cross over? When does it go from the script kids to the nation states? Yeah, script kids is kind of like, okay, I'm going to go get the S3 bucket or, you know, whatever, it's like levels of laziness. Okay, I'm in. Versus I'm really going to orchestrate spearfish, social engineer, the more sophisticated economy driven ones. Yeah, I think, you know what? This attackers, the hacks aren't being conducted the way they were conducted five years ago. You see what I'm saying? They're being outsourced. There are sophisticated teams who are building exploits, isn't there? This is the whole industry up there. It's an economy. Yeah, exactly, the nation. It's an economy really, right? So the known badness of the known attacks, I think we have had tools. We have had the old tools, signature based tools, which would look for certain payloads and say this is bad, I know it, right? The stuff really starts sort of getting out of control when you have so many sort of different modalities running side by side. So much, so much moving attack surface. It's never evolving. You never know that you've stand enough because you never have, because you just push the code. You know what I'm saying? So we've been covering IronNet, retired general Keith Alexander's company. They had this Iron Dome concept where there's more collective sharing. How do you see that trend? So I can almost imagine that the open source community is going to love what you guys got. They're going to probably feed on it like it's nobody's business. But then you start thinking, okay, we're going to be open and you have a platform approach, not so much a tool-based approach. Because it's too many tools. We all know that. When does it cross over to the nirvana of like real security, sharing real-time telemetry data? Well, absolutely. And I want to answer this in two parts, John. The first part is really a lot of this wisdom is already in the community. It's tribal knowledge. It's there in form of feeds, in form of GitHub tickets, in form of, you know, a lot of these things. What we're really doing with ThreadBap is we are consolidating that and giving it out as a sort of platform that you can use. I like to call it a- For free, for free. For free. This is Apache V2. We're never going to monetize this and we are certain about this. That's awesome. What we're monetizing instead is you have, like I said, the X3 or MRA scan of the cloud which tells you what the pain points are. This is for free. This is public collective good. This is Apache V2. It's shocking that it took this long to get to that point, by the way. Surprised in this discussion. This is right now, the timing's down. Yeah, yeah. This is, security is collective good, right? And if you're doing open source, community based, you know, programs like this, this is for the collective good. What we do is, look, this whole of the ThreadMapper is going to be open source. We're going to make it a platform and our commercial version, which is called FedStriker, which is where we have our core IP which is basically, think about this way, right? You've figured out all the pain points and using ThreadMapper. This is for free. And now you want the remedy for that pain. We need to target a defense. We targeted quarantining of those standard workloads and all of that stuff. And that's where our IP is. What we really do there is, we said, look, you figured out the attack surface using ThreadMapper. Now I'm going to use ThreadStriker to protect their attack surface. So is that free, not free too, or is that going to be for pay? Oh, that's for pay. Okay, so that's your business model. That's our business model. So you bring the goodness to the party. Share that collective, see where that goes. And the striker on top is how you guys monetize. And that's where we do some uniquely novel things. I would want to talk about that if probably for 30 seconds or so. Unique things we do in industry, which is basically being able to monitor what comes in, what goes out, and what changes across time and space. Because look, most of the modern attacks evolve over time and space, right? So you're going to be able to see things like this. Hey, here is Apache Strux which has a vulnerability. ThreadSmapper told you that. ThreadStriker, what it does is it tells you, Apache Strux has a vulnerability, I know that. Somebody is sending you malicious HTTP request, which has a malicious payload. And you know, tomorrow there's a file system change and there is an outbound connection going to some funny place. That is the part that we monetize. You give away the tool to identify the threats and sell the hammer. Exactly. Be unconventional about giving you protection. Awesome, I love you guys. Love this product. Love how you're doing it. I got to ask you to define, what is security as a microservice? So security as a microservice is a deployment modality for us. So defense, what defense has is one console. So defense is currently self-hosted by the customer within their infrastructure. Going forward, we'll also be launching a SaaS version, a cloud version of it. But what happens as part of this deployment is you're running the management console, which is the GUI, and then a tiny sensor, which is collecting telemetry, that is deployed as a microservice. You know what I'm saying? So you've got 10 containers running, defense is the 11th container. That's it on the microservice. And it utilizes EVPF for tracing and all of that stuff, yeah. Awesome. Well, I think this is the beginning of a shift in the industry. You're starting to see DevOps and cloud native technologies become the operating model. Not just Dev, DevOps are now in play in infrastructure as code, which is the ethos of cloud generation. That's true. Is security as code. That's what you guys are doing. Thanks for coming on. I really appreciate it. Thank you so much. Thank you. Thank you. Breaking news here in the CUBE, obviously great stuff. Open source continues to grow and win in the new model collaboration. This is the CUBE, bringing you all the coverage. Day one of three days. I'm John Furrier, your host with Dave Nicholson. Thanks for watching. Thank you so much.