 I were rolling with starting a little bit late due to some technical difficulties. I'm told it was a problem with the flux capacitors were not aligned correctly with the dilatium crystals. So now that we've got that all taken care of, we're going to get started on Michael. Wait, this is the Openship Commons briefings operator hours. And today we are 10 minutes behind due to technical difficulties, but we are going to talk about compliance with containers and cloud. And we have Eric Carter from Cystig, Eric's the director of product marketing, and we have a very own Dave Muir from Red Hat, who's the global solutions architect for security software vendors dialing in, videoing in from Florida. Where are you coming from Eric? Yeah, I am in the San Francisco Bay Area kind of extreme East Bay and it's not as shining today. Yeah, is it windy? I thought you were in Conker. Is that is Conker California somewhere around there in that area? Exactly. Yeah, and it has been windy over the past couple days. I don't know how you knew that, but you go out a little further as we're all the windmill farms and everything. All right. You know how I know that it's windy there because I got it well before COVID I used to travel at least twice a year to San Francisco and it's just always windy. You know, I mean, you don't have to be a mind reader to say, oh, it's windy today, huh? But I like that town. So you're joining us here from Cystig. How long have you been there? Yeah, I've been with Cystig now for over 3 years, which in startup land is pretty long time, I suppose. We were talking just before, you know, before that I was at the little startup head big and what was interesting about that is that was kind of founded by the guy who created an open source Cassandra while he was at Facebook. So that was kind of my ability to get into this whole world of like, you know, open source and painters and so on and what's even Cystig now uses Cassandra. It's like all over the place. So that was good experience and yep. And now we're here and pretty heavily focused on adding value to what you guys are doing at Red Hat. Cool. So Cystig, what do they do? We provide kind of what we would call secure DevOps tooling or the secure DevOps platform. Think about it as a couple of things, right? It's trying to give you visibility into all of these containers and these clusters that are spun up on across all these different clouds. Visibility that helps you with a security, right? You can't secure what you can't see and be like performance and health, right? And when you combine those two things, you kind of got a really good grip on what's really happening in my modern application environment. And so it's our job to provide those solutions and to give you a keen insight into those things. Well, that's, that's, that's fair enough. I know Cystig is a household word in our team. I mean, my team specifically we work with third party software vendors to get their apps tested and certified on the Red Hat portfolio, whether it's open stack or open shift or Ansible or Red Hat Linux or what have you. You folks have a operator for open shift. Is that right? Yes, we do. So in that sort of framework, you know, matured and we were invited to do so, we have that so that you can spin up. Basically it helps to spin up and maintain our, the agent side of what we do, which is that piece that's going to kind of sit on your open shift and Kubernetes nodes and discover what's going on out there. Sure. Okay. Well, what do we, what are we here to talk about today? Security containers in the cloud, Dave Muir, what's your, what's your take on, on these folks from Cystig? Are they, are they legit? No, absolutely. Yeah. Part of my role is managing and working with these great partners like Cystig. Cystig is one of our top, top tier partners. And I've been working with them for a while now. I actually had some history with Cystig as well before Red Hat. I was at a company called Black Duck and Synopsis and I was a partner of Cystig as well. So they're definitely legit, definitely legit. That's why we're having them on here on the show. And by the way, Mike, as you know, I just want to pop this up for everybody. Excited when I get up in the morning. Eric, tell me about that. Why is compliance something that's important for customers? You're making me laugh because I've done several sessions on the topic. And while I kind of agree with you that in there, I would always throw this kind of slide to lighten things up. This is resistance is futile, right? These things are honest. We have to, we have to do them. And it's for good reason, right? I mean, obviously security and compliance tied together. You're going to achieve compliance by making sure you have security. But it's like, you don't just have to be like a financial services to be subject to it, right? You've got other companies like our joint customer Ford. They've regulated industry. You've got to maintain sort of, and you want to get recognized for it, right? Because it's going to give you your customers the confidence that you're protecting me as a user. You're protecting my data. You're helping make sure that I don't fall subject to fraud. So, you know, it can be very dry, but it's also, you know, there's so many different standards. And when we think about the boogeyman that can come to bear if I'm a credit card provider or some payment processor, right? It's like, oh, a lot of bad stuff can happen if I don't cover my basis. And part of what we want to talk about today is like, well, how is that? How is that for containers and open shift, right? Is it different or the things that I need to know or what are the best practices? And so we thought we would get into that at some point. Yeah. And I would say, Michael, if, if you can automate your ethics training, wouldn't you be excited about that? Yeah, exactly. Yeah. I literally sit there and have it on mute and I just go tab, tab, tab, tab, tab, then you get to the very end and you take, and you take the, take the test and, you know, hopefully you get 10 out of 10, right? But sometimes hopefully the questions aren't too tricky, right? I would, I would love to have a way to automate my compliance training. How does this take help with compliance automation? There you go. Yeah, there's, there are a number of things that we do and we kind of break down kind of the different stages into, you know, what am I, what do I do to try and make sure I'm compliant while I'm building stuff? What do I do to try and make sure I'm compliant when I'm running stuff? And then when the bad stuff happens, what do I do to help uncover what was it that happened and provide proof, right? That, okay, we figured it out. We know what it is. We're blocking it going forward. So we, we have a little bit in each one of those sections, I think, that we can talk about and, you know, everything from vulnerability scanning on the front end, through your ZICD pipelines to checking for things in runtime and, and then having forensics records, right, for containers. Dave, don't, don't you kind of have a slide that positions us sort of in the stack. You want to show that so that we kind of get that context. I don't know that it might make sense at this point. Yeah, good segue. And if you're looking at the monthly topics or monthly topics on the right you see there, they actually map to a framework that we've built. Now, this is a bit of an eye chart might be tough to read, but this gives our joint customers and our partners and even internal Red Haters a better understanding of number one, the security categories and where number two, where they fit into a DevOps pipeline. And so it's a great tool to take to a customer, for example, and say, Hey, are you thinking about compliance audit? Not not only at the running cluster, but during build automation, like you just said, Aaron. The old shift left right there. That's right. That's right. And then we could take this a next level. And as you mentioned, produce a solution, a joint solution with cystic here in Red Hat where we can say, Okay, now you've got these items covered. And this can be the starter conversation of ensuring that you have everything where you need it at certain points in the pipeline. So this this can absolutely help you get started, because it is an overwhelming, you know, situation right you've got all these services that you have to secure. And where do you get started. Yeah, this can look a little complex on it's on its own, but but I think the key you threw in earlier was automation rate. We take this and multiply it by the number of containers and clusters and clouds and trying to do this in a more manual fashion with X number of tools can be pretty, pretty challenging. Yeah, this is a, this is an interesting visual because it you've got even more phases than I than I mentioned, but I think this, this tells the story in fine detail. And if you look at like, you know, there's different things about audit audits a big word obviously in the compliance world controls. I kind of break down. But in my mind, the things you need to do for compliance into kind of three buckets, there may be more but this is the world according to arrogant one is that we have implemented controls, right. Now, standards that are out there NIST PCI sock to they, there are certain, you know, they're obviously saying protect access protect your data and so on but they're not saying you, you're going to do this to actually achieve it, or you're going to use these tools actually to achieve you. So one put in controls to validate and test those controls like we went through this statistic, trying to get sock to compliant the first one is like sock to type one, right where you, you've outlined your controls that you put in place for all these protections of user data access who's doing what, and you're proving it, you're validating and testing it and improving it at one point in time to get sock to type to you're proving that this is repeatable over and over and over again. Those controls it's validation and testing and then I always call the third thing in my mind as the proof. There's always someone that wants to see the document. There's when you're actually trying to get that stamp that that's an auditor of some third party type. And then other times it's your internal compliance teams or security teams and so if you can get controls in place you can make sure it is easily testable and hopefully automated like you pointed out and then you have some trail through that. You know that's great stuff. And I think we're in a unique position at cystic. Just because of the way that we have implemented, you know, we, as we were prepping for this call we were talking about, what's the background on on cystic where the heck do you guys come from what's the name all about right. Obviously if you take the two of our your digging systems but our founder Loris. He was one of the wire shark co creators right and if most people light up when you say wire shark because they're using it in their career in fact I was doing some Google searches for something completely unrelated yesterday for my home. And something came up that said, Oh, here I've discovered this thing with wire shark it happened to be some router I was trying to figure out. The wire shark was all about capturing deep level information storing it so that you could go through it. And this is more about network. Laura said containers are coming. There's a challenge with understanding what's happening in the container what can we do to get that low level information and then capture it, because containers come and go. And so we do that that's one of the unique things that we do is kind of observe your systems at a system call level, and then be able to have the deep information. And a lot of times it's like, well, do I need that information you need it when you need it, especially from a compliance perspective. So that's kind of a little bit about where we came from and and people that use our tool and go, Oh yeah, I see that wire shark heritage when I'm in there, doing X, Y or Z, right. So, cool people. Yeah, let me ask you a question. So if you were a database vendor. I understand how databases work. I mean, I mean, I don't understand the internal workings of but I but I get it that there's you know, you install a database you allocate storage to it you allocate resources and you build your tables and then people access it and run their little reports and so forth and whether it's in the cloud or you like a distributed database, you know, in Kubernetes or you know something more traditional that's like on premise. What is what is a cystic deployment look like, like, how do I, how do I get my hands around what it is and what it looks like. Sure. I, you could think about cystic is having two parts. One, we talked about earlier in the in context of operator, where you're deploying this. You can call it an agent, you can call it whatever you want. Now, typically in an open shift environment, you're spinning, you just set that up as a Damon set so that any new node that gets put up based on workload or, you know, scaling. One of these is going to appear there. Right. And that's the part that's detecting observing the system calls tapping into cube API other data sources. Again, getting the getting the insights right and we can talk a little bit more about what those are in just a second, but then that data gets relayed back to a back end. I mean, now, by and large, the majority of our customers are now using our sass back in so that means we have a cloud based place where your data goes you have your account it's secure. And you log in there to see, here's the behavior. Here's what's happening. Here's what I needed to watch out for you log in there to set up your policies and so on. So those are the two pieces. And what's one of the things that I hear from customers like, yeah, we just spin up that agent and you start discovering stuff. And that means that a container that starts talking and maybe talking to other containers, we see that. And we can draw you a map of that. We know that that containers might you were talking about databases. That's my sequel. And it's talking to a WordPress front end. Right. We can we can show you that if anything odd starts to happen or performance breaks down or someone's a process other than this is one of the cool things to a process other than my sequel starts running in that container. That's probably a problem. You know, Bitcoin mining is one of the classic examples. We can detect that and and so a lot of what I'm describing here by the way, Mike is the architecture of the commercial side what we do is to secure effectively as a product. I think it's important to mention the open source projects as well. Right. Because I know that's, we share that in terms of DNA of embracing and wanting open source to be a part of who we are. Cystig what I lovingly call lowercase Cystig was was our first was the open source project that or Cystig as a company. It was all about troubleshooting Linux and containers. And then the depth of information we saw and the kind of things that we were able to discover lent itself as well to more of the security lens. And that started the open source project Falco. I know Dave's heard of Falco Mike I don't know how familiar you are. Falco has subsequently been donated to the CNCF so it's not Cystig anymore in that sense, but it was started and created for us and now or by us and now it's like a Kubernetes runtime security tool. Falco is all about set up these rules to detect the bad things are the things you don't want happening on your systems. Relay that back and let's be able to take some action at that point. So those are the things on top of which we built what I was describing with the agent and the SAS back in and so on. And those are key parts parts to understand. In my great terms, there's an agent that sits on all the various different nodes they phone home to the mother ship. What about what about for customers who have certain, you know, strict requirements on where their data can sit. I mean, there's like, I'm thinking three letter agencies. I'm thinking government. I'm thinking, you know, other companies or, or, or, you know, deployments like that. How does that? How do they? How do they use Cystig? Yeah, by increasingly, well, first of all, we are starting to put more. That's back ends in region where let's say a company in Germany who has that requirement. It's in Frankfurt. It's wholly owned there. Having said that, let's take a step back. You guys have a lot of customers that are falling into that. Right. They want they're looking for iron clad solution. That's what openshift provides, right? They're looking. And so for a lot of our joint customers in the past, it's all been on-prem or self-hosted, which we support as well. And I've started to ship off of the on-prem term more to the self-hosted because sometimes now that's my private instance in Google, for instance. Where the customer owns everything, it's not really, it's not the public service yet in the cloud, but we can do it in a customer's data center as well. So that's a demand for many of those customers, 3-letter agencies you mentioned. And we can meet that need. They just have more to manage at that point, right? I would like to just take a moment and remind you that we're live on YouTube, Twitch, Facebook and others. If you're watching Eric and Dave here and you're on one of those other sites and you have a question, drop it in the chat window down at the bottom. And then our magic will make that automatically appear over here on our interface. I'd like to, today's challenge is stump the speakers. So, apparently Eric is unstoppable. So if you have any questions for Eric or Dave, please drop them in chat and we'll address them. Back to you, Dave. I might be unstoppable on music trivia, but let's see what happens. Well, I can see, I can see your drum kit in the background. So hopefully you're going to be giving this. Hopefully at the end, he'll be breaking out the Eric Cystig band. There you go. Well, I've got a question and this is going to be a softball, but because we're talking about deployment Eric, let's say a customer has multiple clusters. Not all open shift. Maybe Kubernetes on prem and see you're smiling. Yeah, my brain was already going there before you asked the question and I was like, okay, how do I deal with this topic? Right. How would they deploy system gauging on that entire fleet? Yeah. I'm a bad actor. No, it's great. Let's talk about it. So, so first of all, and this is important because organizations can get overwhelmed by the number of, you know, their business grows or there. And then suddenly they're, they've got open shift and they've got GK and EKS and other. Yeah. So how, how do I, how do I deal with that environment just from a sheer management standpoint and how do I deal with that environment obviously then from a compliance standpoint. And I will say the perfect segue is that is that one of the things that we have done together. What you and me together, Dave, frankly, is the fact that you guys have a tool called advanced cluster management. Let's make sure I get that right. Yeah. Sometimes we lovingly say rack them for the red hat advanced cluster management. The goal of that is obviously to help you do exactly what you were leading toward, which is manage diverse container Kubernetes deployments, whatever they might be. And beyond management, I know there's a deep focus on risk governance or governance risk and compliance so that we can say GRC. And yeah, so what that has let us do together is to ensure that any cluster that's there that's under management that you want to make sure that the tooling, whether that's open source. It's about go or whether that's commercial cystic that the tooling is properly deployed and that those protections are in place. Right. And that's the thing. It's engine because because we call that a policy basically there's a rack and policy that says make sure every node has this agent spun up and you're green or you're not green and if you're not green you might be at risk. Right. And so that's an important consideration and the good news is that and this is one reason why people choose to stick is that you don't have to have multiple cystic back ends in order to deal with that environment. Right. You can still have one. And we will consolidate and let you visualize and or let you drill into one or the other, which we can get into if I have time to show the demo. So anyway, I'll pause and maybe you can say a little bit more about rack them from your perspective. Well, I said very well, there are a couple of things that rack them provides. As you mentioned, the policy. Engine, which is not compliance policy per se, although it does have some compliance in it, but it's it's ensuring that applications like you mentioned are are installed and properly configured in the in the fleet that you want to manage. Another big use case for rack them is basically think about as a developer I think about crud right create read update delete and rack them helps you to create delete update any cluster anywhere, you know that you want to manage and visualize that as well. And then there's another or three legged stool another leg of rack them that provides application monitoring and analysis from like a get ops perspective, so you can see how apps flow through your through your clusters. So yeah, that's that is rack them or advanced cluster manager. And, and yeah, since it was the first integration that we've built that you guys built for that policy deployment integration so we're pretty excited about it. And by the way, I think all that stuff's out on GitHub. It is open open open source. Yeah, you can. It's, and you can probably comment on this. It wasn't a very big lift to create that integration. I mean, there's no, no real code changes that that a partner would need to do or that someone needs to do to create a policy. It's all yaml based. Yeah. Yeah, drop in the amel and it starts happening right and then it shows up you get your, get your insights and the rack them UI. Yeah, yeah, cool. I think one of the things that I, I just wanted to drive towards we're thinking about compliance for containers and cloud, because I think this will allow both of us to kind of showcase a little bit of how we, we do it is kind of the is that the things to think about right. One of the first ones and I mentioned it's like yeah we want to protect users and data and so on and even at SysTik we had to prove who's got access to what one of the first ones is all about access control right is like make sure that this is all buttoned up and tighten down and I think that that's a big part of what the platform of open ship. It does in its own right to help with that. Yeah, absolutely so open shift. If you compare open shift and just upstream vanilla Kubernetes there are a lot of services that involve security that we add on top of open shift. And you think about things like just identity providers. You get a default set of identity providers out of the box from open shift that you can choose from you can obviously bring in your own open ship red hats all about customer choice and being open about that. So, which is why we love our partners in our ecosystem because red hat can't do everything right red hat can't secure everything. And we can't secure the platform and then we rely on folks like SysTik to, to help a shift left help secure the pipeline and to provide that deep, you know, forensics type information that you all do but you also think about things like our back right. Our back is the authorization of access control allowing users to be part of the namespace or project or allowing a pod to actually run in a certain certain project so our back by default is is on an open shift. Whereas in vanilla Kubernetes you have to, you have to start it with a flag when you start up the cluster and so those are the type of things that open shift. Open shift has done to secure the platform and then you know obviously SysTik helps to ensure that we're compliant right. So we built this we can talk about this as well earlier this year. The open shift team created a document called the open shift for hardening guidelines which was based on the CIS benchmarks. I know SysTik was very helpful in that process as well as we share those with you early on before we published it. So it's a huge document right it's a spreadsheet with six different tabs and I think it's now in a PDF format it's 50 some pager maybe even more a couple hundred pages and it is a bear to just go through that and say well am I compliant with this benchmark do I have to run this command. Open shift usually open shift does have a lot of those things turned on by default but still you need to you need the documentation you need the report the audit to ensure that and of course right Eric that's what that's what SysTik would do for you. Yeah, and try to make it a little bit easier to see again greens and reds and here's some remediation tips and so on so. Yeah, yeah. So, I think that. Yeah, on the front end, you want to be able to check that at your environment against those best practices that again includes that authentication more and more people are driving toward least the principle of lease privilege Eric Carter the marketing guy should not be able to modify our running production sass solution in any way shape or form will make sure I don't have that access right I don't have the root password or whatever it might be right so that's important. And I think the other thing is understanding what you have out there and is it configured correctly right and that's a lot of what you were highlighting. You try to do that by default but you know, are you sure are you checking it on a regular basis there's a whole concept of drift whether it's with your environment or container and it was okay yesterday but now it's different. You really want to know what's running at any given time you want to know, is it configured the right way and is it configured the way that we said we would when we achieve PCI compliance as an example. Right, because if it's not, then we're at risk if those auditors show up and we were talking about, you know, whether that's once a year or more frequently. Right. And so you want to manage that risk. You want to flag this configurations as best you can. You want to run the benchmarks. And so now we know our platform hopefully is in the best shape that it can be. And so part of this is all about compliance of the. Platform and part of it and then we'll shift into is are my workloads themselves set up. Correctly right and I think we both have a hand in this whole idea of checking things before we even decide to. Have them orchestrated or have them spun up in our open shift environment. Yeah, so you mentioned shift left earlier and we think about compliance and all those frameworks and talked about PCI. Others as well. Is the build. Adding, adding those checks assist to help you with, you know, making sure your images are compliant your applications compliant. How much of those. Benchmarks are handled. You know, and properly document or whatever if if you do shift left. Yeah, it does. I think a lot, right? Because 1 of the things you can do 1 of the challenge. Well, I got 1 of the challenges is it's so easy in the world of containers to just go get something. Whether it's off of your red hat catalog or whatever it's being called these days or Docker hub or whatever. I get this and I got this container. And now I can basically start using it, but I should probably check for a few things. 1st. And again, part of those configuration checks might be. Is this container set to run as root? That's 1 of my favorite ones, right? Which is like, it may, it probably doesn't need to be. And you should modify that before you decide to run it. You should check also that this thing that was uploaded a month ago doesn't have a bunch of known vulnerabilities in it. Right. And these are all part and parcel to do diligence for compliance understanding what's there fixing it. So we do help with that. Right. And we can help you even outside of the context of the repository of the registry, implementing this with things like Jenkins. Tecton other CICD tooling so that we can have the developer understand right within the tool they know and love. Oh. This thing. This is package needs to be fixed. This third party library has a vulnerability. This thing has a password file in it that probably shouldn't be there. This container is configured wrong. Right. And so those all will help with the whole equation. Again, that's a control. And inside cystic, we've pre built policies for PCI for NIST. And for other things that I'll show you in a minute, but that will help you get your best leg forward and have that. That's a control that you can prove is in place. Right. And so do you see. Do you see a lot of companies breaking builds and or doing things like admission controls. So, for example, if you fail a certain compliance check. Your image won't be allowed in this cluster type thing. You see a lot of that and how does this take up. I see a lot of folks that don't like that. Yeah, because it stops progress. But we are seeing more and more be folks using admission controllers like making sure that it's set up. Hey, this didn't pass that scan. It's not going into the cluster. Right. And we have some tooling within cystic to help with that Kubernetes admission controllers. You know, control that and, and yeah, more and more that's being adopted. It's irritating because you thought you were good and you were going to go live in the next 30 minutes and then it's not admitted. So you got to go figure out what it is, you know, and fix it. That's the right thing to do. Because the last thing you want is to get in a rush and have that exposed, whatever might be out in production and someone take advantage of that. And, you know, it's like reminds me that human error is one of the biggest issues here. It's like getting into much of a hurry. Gartner said something like it. I got a quote here. I'm going to read it 99% of cloud security failures through 2023 will be the customers fall like meaning the user, the human. Eric, I wanted to ask you so it certainly sounds like you have a lot of opinions. Are they just the world according to Eric, or let's talk about like, like the customers for a second and like aha moments and kind of like what you just said, right? Like, you know, whatever the percentage was, it's like pilot error, you know, user error. What, what have you, you've been there for quite some time. I'm sure you get pulled into customer conversations all the time. What are some of the top, like aha moments that a customer will be like, like Don's on Rocky head. Can you share any of those with us? Like, well, we're going to do this all ourselves. We're going to, we're going to roll. And actually, let me, let me, let me give you a 20 year back up to this question. So I was a solutions architect when I started at Red Hat in 2002. And, you know, I had a couple reps that I was supporting. And, you know, we're out there selling to Goldman or, you know, more or trying to we're trying to sell Linux and we're trying to sell, you know, people wanted us to sell them on open source first. And we were trying to sell everything except for our own products because, you know, and then we were competing against internal it teams who were like threatened by Red Hat because we were going to take away their crown of like the Linux King. And they're, you know, they're like, well, we can do this ourselves. And if we pay Red Hat for that, then what am I going to do? And like, do you see any of that from the security compliance space? The customers feel other IT teams that are saying like, we got this, we can handle this. We, you know, we're good enough. And yeah, it is, it is a definite challenge a lot of, especially because a lot of the fun of cloud native stuff sort of starts. It's not as, it's not a huge, hasn't been as huge as like our traditional environment with VMware or something like that. And so these teams do feel like they've got a nail. It's funny because we're talking about chip image scanning people get sort of seem to get that probably because we're used to virus scanning all that stuff. But sometimes now we're the, the, the, this team that got so excited and actually has done great work is now we're going to run something that's important to the business and production and guess who shows up. It's the security and compliance team that wasn't invited to the party and it stops. Right. And part of that stoppage, you know, say, Hey, but we scanned our images and they're like, yeah, that's fine. But have you done these other things that we are, we've often, you know, we've always had in place in our traditional environments and sometimes the answers. No, sometimes he has to know because it was just too complicated if it slowed them down. Runtime security is one of those things, right. It's like, Oh, I didn't even know. So, I can't we just use what we were using and it's like, no, I didn't know that containers would be different. I didn't know that the fact that a container might live five minutes or less, or something would be a challenge, but it is and so there's that. Aha moment now we are seeing companies get it. I use and I can use this publicly because they're our joint and we rewarded them last year for right for it I feel like, even though they're 100 year old automobile manufacturer they did it right. They, they knew they wanted to get into this world number one and there was a small team, but then they almost held their own mini conference inside of Ford and brought in all those stakeholders you rattled off a bunch of them a second ago Mike and it's like the compliance team, the developers. Yes, us the dev ops team security teams and they said, What do you think you're going to need. What is important to you in this environment. What are you worried about, and then they define what they wanted to achieve each one of those groups what they wanted to achieve. Then they started searching for solutions, right and clearly the secure platform. Open shift in space right and then they put you know they put system through through the ringer but they liked the again the fact that we were able to help across the different phases right because the developers were like okay make it easy for me to know there's a vulnerability. The dev ops team make sure that there's no surprises when something's running and I don't notice that someone has put a bit mining Bitcoin mining thing out there for and it's been running for 30, you know, make sure I can see that and then obviously you've got incident response teams you know security operations. How do you help me if a container isn't running anymore so those are all. Those are all things and then again, not everyone does it that way. Sometimes our invitation into an account is because there's an oh crap moment. Is it always do you guys are you what percentage of the time you brought in because because of a fire drill, as opposed to people who are just like, let's plan this out the right way was it. 5050 20. Yeah, it's probably I would say this if you go back. You've been here 3 years if you go back 3 years. The time we were burning brought in was when they didn't realize that this is going to be a different world. And then it was probably more 60% of people were reacting 40% for being proactive. That's probably flipped it at this point. People are getting more and more educated. They're starting to build this stuff in before they get too big and and so on. So that's, that's a blessing for us. We would much rather be bacon earlier. The partnership with you guys helps with that too because they see that slide that they were showing earlier. You get that in front of someone and they start going, oh, I didn't even think about that. Let me do this before I even get too far in this project for again, perfect example. But again, we're sometimes when we can come in and be the hero, though, that feels good too. Right. It's like, oh, you're having a hard time seeing that. Spin up this agent and it's like, okay, click here and then see now you're able to see what's going on. And that, you know, that makes fans for cystic as well. I got another question. I know we have we have plenty of time here, but you know, I work with lots of software vendors. You know, it seems like everybody's a security vendor. Everybody's an APM vendor and, you know, like there's there's endpoint security. There's there's secret security. There's, you know, compliance and, you know, whatever. Is there one company that provides a fully secure environment or the customers have to go buy from something from cyber arc and something from synopsis and something from, you know, you folks and something from. You know, fail security or like, how does that all work? Yeah, it's a great question and it's important. In the sense that, yeah, there's no 1 solution that you put you write your check and now I'm PCI or NIST compliant or socket compliant. First of all. Now, is it helpful. To try and find a solution that fights off more so that you have more visibility without having to hop around between tools. Absolutely. And so. Yeah, the point, the point there is that security compliance, it's never done by 1 tool. You know, you've got someone doing firewall stuff. You've got, you know. And not all of us can do all the things we try and do more and more with every kind of release that we do. But we're not going to do the things that are inherent to the OpenShift platform, right? Because those things are covered. You got SE Linux, you've got, you know, you've got all so many things that go into making it secure from day 0. But, you know, recently we launched cloud security. So you've met, you've got a bunch of vendor like cloud security posture management was really more about public cloud stuff. With something that we didn't do, but everyone kept asking, right, you're securing my workload. Can you help me secure the surrounding environment even better? Like if I'm running OpenShift on AWS or Azure, which is perfectly viable, we have customers like customers doing that. Can you, at the same time you're showing me an issue with containers and Kubernetes, can you show me that part of why that issue happened was because my authentication or something was breached in the AWS side that then let them in that let this chain of things happen. So we have now paired and pundits of the world, see they believed, believe that these 2 things are starting or need to come together, right? Visibility that shows the environment as well as the workload. And so our goal is to continue to expand that to add more value from the same tool, but we're not a firewall company as an example. So yeah, you'll still need to work with a few, hopefully fewer than you did before. Yeah, and Michael, I'd add to that. You know, I think red hats in such a unique position to help solve that puzzle, right? There isn't one security vendor, as Eric mentioned. There never has been. We have seen some consolidation over the last couple of years. I think we'll see some more. But there's still going to be vendors that are very deep in terms of their expertise in technology and one security method than the other. And so that's why that's why we created that framework and why we're able to map now and see all the different partners and where they fit where they might overlap, which features you want to look at to to make that a little bit more consumable. Because like Eric has been saying, containers, Kubernetes, it's a new world, right? New world of understanding DevOps, all these new and different terminologies, just learning DevOps itself is difficult. But then when you add security and all these different security methods and trying to secure your entire pipeline, it's very hard unless you have that framework or that knowledge of what pieces fit where. And, you know, I'm in a great position at Red Hat because I can see all of our partners and the expertise and what they do. And it's like a puzzle, right? Trying to figure out where Cystic fits properly in that pipeline, where you mentioned synopsis and they do application analysis things very well, static analysis, interactive analysis. So there's a lot of complementary technologies out there and it's just a matter of putting the right pieces together. I think the good and the bad too, by the way, just real quick is that there's always some innovator, right? And so there's open source stuff that comes along. And that's why we try to build on top of open source so that we capture some of that innovation. I think of OPPA, but I mean, as far as ourselves, we're, you know, we're built on obviously our own stuff, plus we have the metis that we leverage and now we're leveraging cloud because there's all these different things that happen. And so, just when you think you're done, there's something better and easier and going to solve that problem. And so. Hey, we got a question here from Mikey. How do you compare Cystic with Calico Enterprise slash cloud platform? I, you know, I'll be honest, I, I'm not familiar with Calico Enterprise in the sense that I don't consider. Are you guys Dave? Yeah, that's not one of our primary like container Kubernetes monitoring our security kind of players. Right. It's, it's more complimentary to a runtime analysis. So Tigera is the folks that create Calico. They're another part of OpenShift. And yeah, they're more on the networking, CNI type of functionality method, security methods. There might be a little bit overlap, but, but they really focus on the network layer security versus what Cystic does is runtime container security, things like that. Yeah. And we're not controlling any network. We can give you visibility into what's happening on a network. So that's, that would be one of the things that I would call out as a difference. We did recently enable the fact that something to help you simplify using what Kubernetes has for controlling networks. Kubernetes network security policies. And so we can help you visualize that and decide like, okay, do not allow that connection. And then you. We talked about YAML file earlier. Here's your YAML file to implement that. Go load it in and you're good to go. So, yeah. Thanks for the assist there Dave. Sure. I know we can run over to Eastern. I wonder if it's a good time now to try to do a demo. Yeah, let's, let's jump in. If you guys don't mind and we can just continue. I'm going to go to Chrome. Let me know if you're seeing what I have. Yeah. All right. So you see up here, it's up cystic platform, secure and monitor. We're not going to deal with it monitor part right now, but because we're talking about compliance. So what are we looking at? Well, this is actually new. Remember, a second ago, I was like, oh, we're, we are able to show you both your workload, which would be more thinking Kubernetes and containers and the surrounding cloud that you might be running this on, right? And so I can go in and see things like cloud activity and understand what might be wrong that AWS is reporting back to me more from the services and the things there, including like somebody's logged in AWS and they're not using multi-factor authentication that goes down to the compliance standard of basically saying control who has access and how, right? Or you can do this thing where we're, we're able to overlay what we'll call composite. Compat with like the Kubernetes activity with the cloud activity and then even drill down into a specific, you know, part of that or in a specific namespace and to see, oh look, detect crypto miners, right? And so you can get an idea of the chain of things that might be happening. One of my favorite new views in this whole ball of wax is this idea of users, because sometimes it's the best of intentions that I'm doing something for my business, but I'm not knowing that I'm violating an important policy for NIST, right? And so I can go in and see something like, okay, Eric Lugo who's got a big red is, oh, he keeps logging in without the right kind of authentication. If we get audited, we're going to be in trouble. So now I can go have a conversation with Eric, right? And make sure that this is all properly set up. And so this is the idea of being able to kind of have multiple levels of views. And I noticed, again, this is new, I'm getting a hang of it, but I noticed that I can do things like, here I'm going to go back to, let's go to the, I can even do things like, okay, if I can type in NIST, and it shows me the things that are happening that are contrary to a NIST best practice or, you know, PCI, right? Now this is kind of your bird's eye level view and you can start to do things like click into it and so on. So our goal is to give you a memory, I said earlier, guys, visibility, right? So this is one level of visibility. If we draw it back into the build phase, I just want to show this because I know we don't have a lot of time, but you'll look that out of the box because we're thinking about compliance. One of the things that we have just sort of added for you, and I was talking to one of our customers this morning, he's like, yeah, we just use what you've provided. This is an image scanning policy, like for NIST. And what it does is it tells you, hey, according to the policy, right, you need to be checking for these things. And this is like exposed ports. This has been since you've actually done a check against this. Do you have, you know, user setup as root? And so you can get, then you can, when these images are being spun up, before you push it into production, you can understand how am I doing? How is it, do I need to fix anything, right? So again, visibility, visibility and build. And then we also talked about the CIS benchmarks that you want to be able to check. This isn't our intellectual property, right, Dave? It's the Center for Internet Security, but there are things that can, for instance, known in the industry as a best practice. And then to give you information on how, you know, oh yeah, you're not doing that great benchmark that we were chatting about. You broke up a little bit there, Eric, but I think you're still close. It's a better now. Yeah. Yeah, this is all about the visibility into CIS benchmarks, everything from AWS to Kubernetes to open chip and so on. We talked about runtime, right? Runtime is that I'm now running my container. These are things that I can't find with image scanning. Because it's often human based. This is somebody's doing something suspicious. I love, I love scrolling through here because like suspicious file system changes, right? Private credentials, suspicious network tool unexpected, right? So these are those kind of things that we're able, this is built on top of that open source file code. And again, you see in here some of the compliance controls HIPAA, FIM stands for file integrity monitoring. And so we can help you understand as an example, by looking by applying these rules, observing the environment, if it's violated to trigger an alert, and even take some action. Like if it's violated, I can kill the container that it's happening in. And then open chip will spin up another one typically, you know, wherever that has some capacity to do so. And now we can go jump into action running shells in a container or our favorite demo, right? So, again, we've tried to tool in things that are going to help you. And if you look at, let me see if I can go in here at some of these policies. I'm going to go into the library, right? We have tagged my screen the way it's, but I'll just show it from here. We have tagged these different rules that you're going to apply with different standard tags, right? So if I need to do NIST 853, I know that I probably need to be checking for crypto mining, outbound connections and so on. So, again, helping you customize even. And this is, this is all in the name of detecting that bad behavior. And then if something triggers, you know, maybe you've got a security operations team watching, right? Oh, somebody is running its shell in a container. Where is that happening? Oh, man. Talk to our auditors are showing up tomorrow. I better get a handle on this, right? And then we give you the ability to respond. Key to it, again, key to compliance is proof. We give you a couple of ways to do that. You can do an activity audit. And Dave, you'll recognize this, that what we're showing you here is the ability to pull in and understand what commands were being issued in the environment, network activity, what was going on from a cubic exact standpoint and what files were being manipulated. So this is like tracing. And if I see the word shred, probably not good, right? This actual command is all about trying to shred that I was doing something. And good luck. You didn't get very far because we captured it. And our next level of detail would be like getting into our capture files, which we don't have to spend a lot of time on here. But capture files are effectively a dump. Now we now we're in the wire shark land, right? A dump of all of the system calls that were happening before, during and after an incident. So now we're in the respond phase and we're able to kind of filter through and see who was doing what, right? And we give you an interface as a jumping off point. So people that were familiar with our founders kind of heritage around wire shark will start to recognize this piece, right? So our, again, our goal is to give you visibility into the Kubernetes containers, open shift, open shift running private open shift running in the public cloud, give you insights into what's happening and to give you out of the box things that going to give you a leg up. On being PCI, NIST, talk to HIPAA compliant. It's not a magic bullet or magic wand, but it gets you further farther open shift plus cystic gets you pretty, pretty close to having the controls, the validation, the automation and the proof, right? I think you're in much better shape. I was even going to say, I think it, I think it can automate Michael's ethics course, right? Yeah. Yeah, we can script anything, man. We'll put it in a GitHub repository and the rest. Yeah, it's great. Yeah, I like the new feature here. I don't think I've seen it. Yeah, but it's a new way of visualizing of drilling and for correlating cloud and Kubernetes and container activity. Nice. You should jump in. I think you'll notice it still says beta here. We had a launch. Eric, we got a question that came in from YouTube. Sure. How does cystic stand next to compliance operator? The compliance operator. Is that an open shift? Operator. Yeah, from Red Hat. It is. I'm going to have Dave answer that question because I'm not an expert on compliance operator itself. Yeah, and I don't, I'm not a big expert on the compliance operator. I know it does monitor some aspects of compliance. But it's, it's not as enhanced. Or, and I would say cystic extends the compliance operator. I don't think there's an integration point at this time. I can say it. Yeah, I don't believe so. No. But when there, when there is, you know, cystic will obviously be the first ones we, we work with to get their information, you know, published in an open shift and in that manner. But right now, your compliance operator is nice. If you're starting out, but I would say for enterprises and for folks who really need to comply with PCI and in those frameworks, you're going to want to look at cystic. And we do have the ability to sort of forward. What we discover the information that we have out, right? Yeah. So if there's a tool. I'm thinking about rack and again is one of those things where, you know, future I think in the next stages that can we not only set our policies there or get things set up but can I also forward back. So that I like once again in the name of simplifying seeing from one pane of glass, even if the data is coming from different sources. That's a good point with compliance operator. It's limited to one cluster. Right. You know, if you have multiple clusters, you won't have that single pane of glass. Good question. Well, I think we're getting up to our hour. Right, Michael. I don't know if I have any more questions for Eric. Do you do Michael have any other questions? Oh, it's just like Mikey had one of the one that our cystic policies editable and do you offer a service navigator. So, on the first part policies. Yes, some of those you noticed have just like a slider. Oh, turn on turn off. Inside of that, it's all based on Falco. You can modify those to fit your own needs. You can just modify what we feel. You can pull in memory. There was the little color Easter egg bubbles. You can pull those in and create a multiple multifaceted policy. The rules contribute to the policy which then gets, you know, starts monitoring environment. So that's good. A service navigator. I'm not sure what that means other than I do. We do give you the ability to kind of we capture a lot of metadata context information so that you can drill. You can see your views from cluster level. And this may this may not be in the right place, but cluster. See what the name space looks like all the way down to pot go to a down to container and all the way down to understand what process is running inside that container. And so between the monitor part that we do and the secure part you have, we build you those views because we capture the context and that's one of the challenges of cloud and container or cloud native environments is it's. I don't care so much about post with IP address acts what I care about is an aggregate my service running maybe across 20 nodes in total. How is that doing? How's the name space doing? How's the deployment doing? So we do give you that visibility. That may or may not be what service navigator meant, but that's what it connotes in my mind. Yeah, I wonder if Mikey, if you meant something like a service mesh. And how maybe system works with that. But for you to post a clarifying question if you if you'd like that, you know, things, things like Istio and whatnot, right? Yeah, they do a lot of awesome discovery and we can capture. We don't have to kind of duplicate that we can grab the information from an Istio. Let me just as an example and sort of join hands as Istio is doing its magic again, to give you visibility into what is happening around the Istio part. Well, we are, we are over time and my manager has been chatting on Google chat for the past 11 minutes, like, where are you so I need to bounce. Eric Carter, Dave Muir from Red Hat, thanks so much. For those who are either watching today or will be watching the reposted video, if anyone wants to get in contact with Dave or Eric and you don't have their contact information, Dave Muir's home phone number. Please. No. I just got rid of that phone, by the way. Yeah. Yeah. But send me an email address. My email address is wait, W-A-I-T-E at redhat.com. And I will get you connected with anyone at Sysdig or anyone on Dave Muir's team or anyone that you want to, from the OpenShift product team or what more. Eric and Dave, any parting words? Just, yeah. Thanks for having me. Yeah. Mike Dave and Chris behind the scenes. It's good. I mean, this is a big broad topic. We just scratched the surface, but it's great to be on. Yeah. It was a pleasure to have Sysdig on and looking forward to our partnership together and the great things we're gonna do. Alrighty. It's a wrap.