 Live from San Diego, California, it's theCUBE. Covering KubeCon and CloudNativeCon, brought to you by Red Hat, the CloudNative Computing Foundation and its ecosystem partners. Welcome back, we're here at KubeCon CloudNativeCon 2019 in San Diego, I'm Stu Miniman. We've got over 12,000 in attendance here and we have a three guest lineup of KubeCon veterans here. To my right is Loris DeGerani, who's the CTO and founder of CISTIG. To his right, representing the Tiger, is Amit Gupta, who's vice president of business development and product management at Tigera. And also, Nox Anderson, who's director of product management. We know from the octopus on that, that also means that he's with CISTIG. So gentlemen, thank you all for joining. Octopus and Tiger. Glad to be here. Octopus and Tiger, bringing it all together on the tube. We have a menagerie as it was at work. So Loris, let's start, as I said, you know, all veterans, you've been here. You've almost been to every single one. Something about a child being born made you miss one. So why don't you bring us in kind of, what's so important about this ecosystem? Why it's growing so fast and in CISTIG's relationship with the community? Yeah, I mean, you can just look around, right? KubeCon is growing year after year. It's becoming bigger and bigger. And that's just a reflection of the community getting bigger and bigger every year, right? It really looks like we are, you know, here with this community, creating the next step, you know, for computing, for cloud computing. And really, you know, Kubernetes is becoming the operating system, powering, you know, the cloud and the old CNC ecosystem around it is really becoming essentially the ecosystem around it. And the beauty of it is it's completely open this time, right, for the first time in history. All right, so, since you are the founder, I need to ask, give me the why. So, you know, we've been saying on, you know, we started this program almost 10 years ago and the big challenge of our time is, you know, building software for distributed systems, clouds doing that, edges taking that even further, you know, bring us back to that moment of, you know, the birth of CISTIG and, you know, how that plays into all the open source and, you know, growth that you're talking about. Yeah, I mean, CISTIG was born, so first of all, a little bit of background to me. I've been working in open source and networking for my whole career. My previous company was the business behind Warshark, the network analyzer. So, a huge open source community and working with enterprises all around the world, essentially to bring visibility over their networks. And then I started realizing the stack was changing radically, right, with the advent of cloud computing, with the advent of containers and Docker, with the advent of Kubernetes. It, legacy ways of approaching the problem were just not working. We're not working at the technical level because you need to create something completely new for the new stack, but they were also not working at the approach level. Everybody, everything was proprietary. Everything was in silos, right? So the approach now is much more like inclusive and community first. And that's why I decided to start CISTIG. So, Amit, we know things are changing all the time. One thing that does not ever change is security, is paramount. I really say, I go back 10 or 15 years, they got a lot of lip service around security today. It's a board level discussion, money development, especially here in the cloud native space. It's really important. So, talk about Tigera, related to Gipassistic and very much focused on the Kubernetes ecosystem. Absolutely, so I couldn't agree more with you, Stu. And security is super critical. And more so now as folks are deploying more and more mission critical applications on a Kubernetes-based platform. So, I mean, CISTIG is a great partner for us. Tigera provides networking and network security aspect of that Kubernetes deployment. And if you think about, I mean, how modern applications are built today, you've taken a big, large monolith decomposed into hundreds of microservices. So those procedural calls that were happening inside the code are now API calls on the network. So you've got a much bigger network attack surface, highly distributed environment. So the traditional architectures where you manage the security, typically with a firewall or a gateway, it's not sufficient, it's important, it's needed. And that's really where as people design their architecture, they have to think about how do you design security across that entire infrastructure in a distributed fashion, all done in the early stages of your projects. Help us understand the relationship here, how it fits into CISTIG's product with Tigera. Yeah, so we're great partners with Tigera. Tigera lives at the network security level. CISTIG Secure and the product that we've built extends the instrumentation that Laura started off with our open source tool to provide security across the entire container lifecycle. So at build time, making sure your images are properly configured, free of vulnerabilities. At run time, looking at all the activity that's happening. And then the big challenge in the Kubernetes space is around incident response and audit. So if something happens in that pod, Kubernetes is going to kill it before anyone can investigate and CISTIG helps you with those workflows. Yeah, maybe it would help. We all throw around these terms cloud native a lot. And it's a term I've heard for a number of years, but the definition like cloud itself is one that, you know, matures over time and we get there. So maybe if we focus in a little bit on cloud native security, you know, what is it we're hearing from customers? What does it mean to really build, you know, cloud native security? What makes that different from, you know, the security we've been building in our data centers in clouds for years? Well, I thought cloud native was just a buzzword. Does it actually mean something? Well, hopefully it is more than just a buzzword and that's what I'm hoping you can explain. Yeah, so again, the way I see it is the real change that we are witnessing is how software has been written. And we're touching a little bit this point. Software that tended to be architected as big monoliths now is being split into smaller components. And this is just a reflection of software development teams in a general way being much more efficient when you can essentially break the problem into sub-problems and break the responsibilities into sub-responsibilities. This is per se something that is extremely beneficial, essentially in terms of productivity, but also sort of revolutions the way you write software, you run software, you maintain software, CICD, you know, continuous development, continuous integration pipelines, the reliance on Git and source code repository for, you know, to store everything. And this also means that securing, monitoring, troubleshooting infrastructures becomes much different. And one of the things that we're seeing is legacy tools don't work anymore and the new approaches like Calico Networking or like Falco in runtime security or like Cyznik Secure for the life cycle and security of containers are starting bubbling up as alternatives to the old way of doing things. I mean, I would add to that, I agree with you. I would add that like if you're defining a cloud native security, the cloud native means it's a distributed architecture. So your security architecture got to be distributed as well, absolutely got a plan for that. And then to your point, you have to automate the security as part of various aspects of your life cycle. Security cannot be an afterthought. You have to design for that right from the beginning. And then one last thing I would add is just like your applications are being deployed in an automated fashion, your security has to be done in that fashion. So policy as code, infrastructure as code, and the security is just baked in as part of that process. It's critical you design that way to get the best outcomes. Yeah, and I'd say the asset landscape has completely changed before you needed a surface finding against a host or an IP. Now you need a surface vulnerabilities and findings against clusters, namespaces, deployments, pods, services. And that huge explosion of assets is making it much harder for teams to triage events, vulnerabilities. And it's really changing the process and how the sock works. And the fact that the landscape of the asset is changing also is reflected on the fact that the persona landscape is changing. So the separation between devs and operation people is becoming thinner and thinner. And more and more security becomes the responsibility of the operation team, which is the team in charge of essentially owning the infrastructure and taking care of it not only from the operational point of view but also from the security. Well, yeah, I think, Amit, I've heard the point that you've made many times. Security can't be a bolt on or an afterthought. It's really something fundamental if you talk about DevOps is it needs to be just baked into the process. It's, as I've heard, chanted at some conferences, security is everyone's responsibility. Make sure you step up. We're talking a lot about open source here. There's a couple of projects you mentioned, Falco and Calico. You're partners with Red Hat. I remember going to the Red Hat show years ago and they'd run these studies and be like, people were worried that open source and security couldn't go side by side but no, no, you could actually, open source is secure but taking the next step and talking about building security products with open source, give us where that stands today and how customers are embracing that and how we can actually keep up with the ever expanding threat surfaces and attacks that are coming out. First of all, as we know, open source is actually more secure and we're getting proof of that pretty much on a daily basis, including the fact that tools like Kubernetes are regularly scrutinized by the security ecosystem and vulnerabilities are found early on and disclosed. In particular, Sysdig is the original creator of Falco which is an open source CNCF-based anomaly detection system that is based on collecting high granular data from a running Kubernetes environment, for example, through the capture of system calls and understanding the activity of the containers and being able to alert about anomalous behavior. For example, somebody being able to break into your container, exfiltrating data or modifying binaries or perpetrating an attack or stuff like that. We decided to go with an approach that is open source first because first of all, of course, we believe into participating with the community and giving something as an innocent player to the community. But also we believe that you really achieve better security by being integrated in the stack, right? It's very hard, for example, to have, I don't know, security in AWS that is really deeply integrated with the cloud stack of Amazon, right? Because it's proprietary. While with Kubernetes, solutions like Falco or even like Calico, we can really work with the rest of the community to have them really tightly coupled and so much more effective than we could do in the past. Yeah, I mean, I would make one additional point to your question. It's not only that users are adopting open source security, it's actually very critical that security solutions are available as an open source because, I mean, look around us here, this is a community of open source people. They're building a distributed infrastructure platform that is all open source. So we're doing this service if we don't offer a good set of security tools to them, not an open source. So that's really our fundamental model. That's why Calico provides two key problems, networking and network security for our users. You deploy your clusters, your infrastructure and you have all the bells and whistles you need to be able to run a highly secure, highly performing cluster in your environment. And I believe that's very critical for this community. Yeah, and I'd say in now with open source, prevention has moved into the platform. So with network policy and things like Calico or in our 3.0 launch, we incorporated the ability to automate tests and apply pod security policies and those types of prevention mechanisms weren't available in your platforms before. Okay, I often find if you've got any customer examples, talk about how they're running this production, kind of the key when they use your solutions, the benefits that they're having. Yeah, I'll take a few examples. I mean, today it is probably fair to say Calico, I mean from the partial phone home, there were data we get, 100,000 plus clusters across the globe. Some of the, I can't take the example like the actual names of the customers, but some of the largest banks are using Calico for their enterprise networking scenarios and essentially doing policies, the segmentation inside their clusters to be able to manage the security for those workloads inside their environments. So that's how I would say. Yeah, and since we have an open core base with Falco and then we offer a commercial product called CISDIC Secure, in particular this last week, we released version 3.0 of our commercial product, which is another interesting dynamic because we can offer the open core essentially to the community, but then offer additional features with our commercial product. And Falco is installed in many, many thousands, essentially of clusters and CISDIC Secure secures and offers visibility to the biggest enterprises in the world. We have deployments that are at a huge scale with the biggest banks, insurance companies, media companies, and we tend to cover the full life cycle of applications because as the applications and as the software moves in the CISDIC pipeline, so security needs to essentially accompany the application through the different stages. All right, well, thank you all three of you for providing the update. Really appreciate you joining us the program and have a great rest of the week. Thank you very much. Thank you very much. We'll be back with more coverage here from KubeCon, CloudNativeCon, I'm Stu Miniman and thanks for watching theCUBE.