 Live from London, England, it's theCUBE covering .NEXT Conference Europe 2018. Brought to you by Nutanix. Welcome back to theCUBE's coverage of Nutanix.NEXT 2018 here in London, London, England. I'm Stu Minim. My co-op is you, Piskar, 3,500 here in attendance. Actually in the closing keynote, we just listened to Dr. Jane Goodall talk about her life's work, her next, where she's going. Really powerful content here to help round out what we're doing. We're actually really thrilled to have as our penultimate guest to the program, Chathen Kanaki, who is the founder and CTO of ShiftLeft.io, a customer of Nutanix, based out in San Francisco. Thanks so much for joining us. Thank you very much for having me, Stu, and you. Pleasure. So Chathen, ShiftLeft.io, tell us a little bit about that. We'd love to hear from the founder as, what was the why? What did you see out there? What were you looking to do? And we'll get into it from there. Absolutely. We founded ShiftLeft back in 2016, December, 2016. ShiftLeft is a venture backed application security company. I co-founded ShiftLeft with the Chief Products Officer of FireEye and one of the core architects at Google. So our reason and emphasis to build out the security company was to essentially make security relevant to what they call as cloud native applications. So ShiftLeft, by virtue of the word meaning shift security to the left, is bringing securities awareness to the early stages of the software development lifecycle. As engineers write code, we have built a system that in a matter of minutes converts code to a graph. Graph akin to a social network, almost like a social network graph, except that it's connecting all the functions and variables in your code that represent the application. Now using that graph, we extract vulnerabilities that might exist in the code. Now as we know, engineers are focused on velocity, developing software and servicing their customers, so often security gets left behind. Which is why we've built this autonomous agent that takes the data that we extracted during coding and protect the application in one time from imminent threats. Okay, we could spend an hour talking about this security, this one of the hottest spaces, one of the biggest challenges in kind of modernizing this multi-cloud era, cloud native, absolutely. Maybe you'll be at the KubeCon show in a couple of weeks, we can talk even more about that, because oh boy, so much to go there. But your startup and what brings you to Nutanix is I guess the question, come on, cloud native, you should be born in the cloud, you're venture backed, they probably don't want you spending lots of money on infrastructure, so maybe connect the dots with us how you ended up with Nutanix. Absolutely, the core ethos of Shift Left is observing, observing threats in real time and observing vulnerabilities that might exist in code. Observing means we have to make sure that our own infrastructure is protected from threats and at the same time we provide a high SLA to our customers, which means that we have to observe our own infrastructure, which is why we subscribed early on to a Nutanix product called a Zepod, because the core essence of EPOC is to provide observability to infrastructure. Our infrastructure is very complex, because every time engineers write code and commit code into GitHub or any other source code management system, we react to that. And at the same time, if any threats are applied, when they deploy that code in production, we react to that as well. So it is important for us to maintain our uptime, which is why we use EPOC to continuously observe our system for faults or any threats applied upon our own system. And EPOC provides us that service, that service because our infrastructure is very complex. It is comprised of at least about 80 to 100 microservices deployed in a cloud native infrastructure. Now all these microservices are working in concert with each other every time it receives an event, an event of a code check-in from our customer's ecosystem or any threats applied to our customer's infrastructure deployed in their private data centers or their cloud infrastructures. So let me get this right. You're a Nutanix customer, but I'm guessing you're not the typical customer, right? You are not running their appliance in a data center, but you're using different products. So I hear you mention EPOC, which is observability, so that gives you insight into the system that you are running. So to clarify, you're not running Nutanix in your data center? Absolutely. We are running, we are a cloud native company. Our infrastructure entirely runs on mesos and Kubernetes, which is deployed on AWS, Azure and GCP. So we are a multi-hybrid cloud ecosystem and Nutanix EPOC's product is agnostic of the surface because it's a software-defined product that enables us to place hooks in the appropriate places of our software-defined or a software stack and then provide us the necessary observability, observability from the perspective of latency, throughput, or essentially any impact induced upon our infrastructure. So you are using it to monitor the set of applications you're running in microservices. So this is not even about infrastructure monitoring. This is about your application, its uptime, error rates, threshold, stuff like that. Absolutely, because our system is comprised of a dense microservice mesh, which means that if one microservice is down, it impacts a set of other microservices which in turn impacts the customer as well. So what we do is try to identify cause and effect, correlate events, and understand this dense and complex infrastructure. Nutanix EPOC has this cloud map feature that enables us to dynamically plot the entire map of our infrastructure. This is almost akin to Google Maps because you can plot a from and to destination, but upon that you might have traffic contention, accidents, tolls, and everything else that you can think of. So this is a similar situation with very dense and complex infrastructure as well. Meaning if one service is down, it has a ripple side effect on other services as well. Yeah, I'm actually glad we got to interview you towards the end of our coverage here cause one of the things we've been looking at is Nutanix gone from basically two products to now they have a much broader portfolio. Some of those have been organically and some have been through acquisition. So EPOC, which I believe is now under the Zai family, so Zai EPOC, I interviewed back at New Orleans, it was NETZL back then. So NETZL came in through the acquisition. So believe you've been using it since it was NETZL. What have you seen? I love kind of your outside viewpoint as to what's that meant to the product? I mean, besides being renamed, what's the same, what's different? And how do you see that impacting EPOC going forward? Absolutely, great question. For the most part, the core product hasn't changed as much. The vision has always been carried on from what it used to be to what it is today. But the product has improved significantly. The user experience has improved significantly. And now what they have is the foundation of Nutanix, which is critical. Because there are various other product lines in Nutanix that can serve us better as well along with EPOC. And we are looking forward to understanding what BEAM is, what XRA is, and there are various other product lines along with what we are already using at this point. Great, so I'm curious your experience here at the show. What brought you to the show? What conversations have you been having with your peers? We talked to Nutanix about what they're doing with the developers and about the cloud native space. How are they doing? You live in that space. How's Nutanix positioned themselves? Absolutely, I've been tracking Dheeraj and his crew for quite some time. I think they're doing a phenomenal job moving up the stack. Because eventually being cloud native is critical at this point. Given that majority of the new SMBs and SMEs are deploying in the cloud. So if Nutanix joins that bandwagon, it makes it relatively easy for enterprise customers who have deployed in their own private data centers to cloud burst into Nutanix Enterprise Cloud. So over the past two days, the energy has been amazing. I presented with the EPOC crew and we got an amazing response, got to listen to customers, their curiosity to adopting EPOC given that they have been using Nutanix and also bursting into cloud native ecosystems as well, which is why they want to understand and observe how their workloads are performing in the cloud. So very excited and looking forward to the future for the most part. So looking at your product, you deliver it as a SaaS service. You have software developers that develop that software. And based on the announcements Nutanix has made in the last couple of days, with carbon and being able to develop cloud native apps, will that impact how you develop software or how you look at Nutanix as a partner for your company? We are growing at a very steady state and given that our core focus is security, some of our customers are on Wall Street, which means that they have to ensure that they're deploying or subscribing to a service that has guarantees of its uptime and also their data is effectively protected. So we have commenced our journey as a cloud native company, but that shouldn't impede us from moving into a private data center as well because our software fabric can be deployed both in a cloud native ecosystem and also in a private DC as well. So we're looking forward to working with Nutanix as a partner in the future as well if the opportunity permits. Yeah, so with the little time we have left, I want to get your viewpoint, talk to us about the security environments today. I'm an infrastructure guy by background, I lived through when you talked about virtualization, been watching the containerization space, IoT, greatly increasing the surface area of everything. I know serverless is a whole can of worms as to how that fits in. So as we've looked at 2019 going forward, what excites you and what worries you about the security space? What excites me is that the surface is essentially getting abstracted back to almost two decades ago, we were dealing with deploying in physical data centers on physical hosts that transcended to VMs and then moved to Docker, Unicornals and now we are speaking serverless. So it's in relatively maybe in a click of a button or a single script, someone can deploy an application and that application can be scaled in matter of minutes or seconds. So that's very exciting. But what worries me is also that with the velocity and complexity, the risk is also getting amplified. Which means that applications are the target desgeur. Applications were always the target desgeur and they will continue to be as well. Because the engineers code even more faster, they will essentially always leave security behind. So it is important to understand the attack surface of the application because if we examine most of the recent attacks like struts with Equifax, the application was compromised and then the attacker actually moved from host to host till they acquired or hit that asset, which is the data. So it is important to write secure software from the get go and at the same time it is important to observe how a threat imposed by an adversarial entity correlates to a vulnerability. Which means that we have to be upfront and always observe for security from the very beginning of the software development life cycle. So it equally excites me and worries me, which is why we decided to found Shift Left. All right, well really appreciate getting to hear about Shift Left in your journey and what you're doing with it, Paxa. Thanks so much for joining us. Absolutely, pleasure. All right, and thank you for joining us. We'll be back with more coverage here from Nutanix.NEXT 2018 in London, England. Thanks for watching theCUBE. Thank you. Hi, I'm John Walls. I've been with theCUBE for a couple of years, serving as a host here on our broadcast, our flagship broadcast on SiliconANGLE TV. I like to think about the how's and the why's and the what's of technology. How's it work? Why does it matter? What is it doing for end users? When I think about what theCUBE does and what it means, to me it's an off the chart benefit. The value is just immense because when theCUBE shows up it puts a stamp of approval on your event. It says, man, you've arrived. Well, I know you can't be everywhere. You'd like to be, but what theCUBE