 Welcome to this CUBE conversation. Kicking off 2022, I'm John Furrier, host of theCUBE. We're here at Loris DeGiovanni, Chief Technology Officer and Founder of SysDig, a company that's in the pioneering cloud-native and cloud-native security, open-source, big part of the CNCF, CUBECon coverage. Of course, we know them, that environment, as well as DockerCon, which we've covered many times. SysDig, very successful company. Loris, welcome to theCUBE, conversation. Thank you, and thanks for having me. Well, we know a lot about you, but a lot of folks are learning about you guys with your success. Congratulations on the funding and the validation of your product, which is not a surprise. We've been saying on theCUBE, open-source has been powering innovation for a minute sometime and getting stronger, faster, the predictions in the Linux Foundation about open-source contributions continue to be blown away by their projections and more and more is coming. A new generation is upon us, cloud-native, Edge, Kubernetes, all these things are powering a modern application environment, which is changing business. And under the covers, you guys are a big part of it. So take us through who SysDig is, what you guys do for the folks out there, and let's get into it. Obviously, open-source is a big part of it. Take us through who is SysDig and what do you guys do? Yeah, SysDig helps you run your software in the cloud in a way that is secure and confidently. We have a solution, a security solution that covers containers, cloud and Kubernetes. And we cover you in the life cycle of modern applications. So the SysDig security platform helps you secure application in a way that ranges from, like shift left and CSD and finding vulnerabilities in your CSD pipeline to runtime security that is very important in the cloud, in particular with orchestrated infrastructures like the ones that are determined by Kubernetes. And then of course, everything that has to do with forensics, threat hunting, and so on. And the world is changing, security is changing, and SysDig is one of the startups, one of the companies that is at the forefront of true modern cloud-native security. So I got to ask you, now were you sitting in your backyard one day thinking, hey, I'm going to start a company? How did this all come together? I mean, the originator story because we saw open source, we saw, even before CNCF was formed, you saw what cloud was doing. Again, you saw open stack and all these other things happening around technology. What was the driver behind the founding of SysDig? And then how did that progress? Because again, there's an open source component here I want to get into. Yeah, and it's interesting that you say backyard because actually SysDig was actually started in my backyard, you know, just outside here. So the backyard metaphor is very, very fitting here. And in a general way, let's say I come from a background in open source for a very long time, the SysDig is my second company. My first company was called Case Technologies. It was the company behind an open source network analyzer called Warshark, which is widely used by millions and millions of people around the world to do network troubleshooting and network analysis. And when we were doing network packets, we were using, you know, like the network devices to collect information. The data that is being transferred on the network has some very nice properties, it's rich, it's very deep. When you can see and decode what's happening on the network, you can understand what the applications are doing, what the users are doing. I used to say packets never lie, right? Because you could connect to the router and collect this data and have a very good picture without any two instrument libraries to link, to install your stuff and so on. And all of a sudden we're moving to the cloud and you know, the router that was like the vintage point for this beautiful way of doing security and visibility disappears, you know? And you're renting instances that are floating in the Amazon cloud, you know? And when the world changed its way from one point of view, I was sure that what we were doing before was useful and was powerful for the users. But I was also sure, okay, the world is going to change. The retrofitted all solutions are not going to work. We can take our product, but then we have the innovator, the dilemma, you know, we have a product that we cannot completely radically change. So I decided, let's start from scratch, let's start Sysdig and let's try to understand actually where this cloud is going, where containers are going. There's this new Kubernetes thing, you know, that everybody's talking about. What does it mean, you know, to offer deep reach but at the same time lightweight and easy to deploy security and visibility for this kind of new way of writing software. And that sounds Sysdig was born. So if I remember correctly, back on that timeframe, the company that you said you found that millions of people using that application, if I remember correctly, that was software network monitoring. Was that true? Was that open source at that time? Was that an open project or was that? Yeah, like one shark is a network analyzer and the software that we're doing was heavily open source oriented and was mostly software. There were also potential appliances because this was data center, more kind of stuff. That was before cloud even came here. So again, data center, software defined clouds happening. So again, good segue into kind of where security, you mentioned footprints, you can track people with packets. So to your point, is this the tie into security, what else, but where this all fits in with, how this fits in with open source and security with the software piece? Yeah, when something Sysdig essentially, the idea was, let's learn from our prior life. So, I always say that every new wave of technologies built on the shoulders of the previous one and you never reinvent anything. You just apply it and evolve it. And the same thing we did with Sysdig. So we learned what was working with our previous approaches that were based on observing the applications behavior by looking essentially in network traffic, but we adapted it to modern infrastructures. And open source was our mantra before with Warshark and became our mantra with Sysdig. Sysdig, the company name comes from the open source tool that we released was the first thing that we released in our company. Then, few years later with Falco, which now is the premier open source project that was created by Sysdig and is now part of the CNCF. It's an incubating project and it's essentially the runtime security tool for containers, Kubernetes and cloud. Take us through that Falco because I think this is an important distinction on your success trajectory because CNCF has a nice playbook where companies can contribute to the CNCF at the same time that creates an open environment for everyone, for all and then have a business model tied to it. This is kind of a new, not new but this is a successful way to be open source and have a commercial opportunity. Yeah, and very much, you know, substantial portion of our commercial product is and let's say an extension of Falco but let's say our approach was like let's first produce something that is truly useful for the community and fits in the proper way with the ecosystem with the rest of the ecosystem. Nowadays, in every field, security as well you don't build any more a single solution. You build something that needs to fit very well in the stack. Kubernetes, Prometheus, Network, Meshes and this and this kind of stuff. These all fit together, you know, so Falco, which is the runtime security component needs to fit as well. So initially with our focus was like, okay, we need to fill the gap of runtime security for containers, for Kubernetes and also for cloud but we need to do that in a way that is community first and that really helps but also engages and takes advantage of the users of the broader community. And at the point going to the CNCF and telling the CNCFA, look, we developed this. Are you interested in partnering with us and being essentially the organization behind this project was very natural. And that's what we did in 2016, right? Sorry, in 2018, 2016 is when Falco started in 2018. And at the point, you know, it's a great partnership because the CNCF is really a great home for all of these projects and really makes it possible for the users to trust a project in a way that they know that even if the commercial baker, even if the original creators, even if the team, you know, rotates and changes and devolves, the user, then users can still use this project, trust this project and know that it's community driven, you know, and it's been a great journey for us. How would you describe what Falco is and what are the key use cases? Yeah, Falco is, I compare it to the security camera for your containers, your hosts and your cloud infrastructure. So the same way that the security camera allows you to observe maybe what's happening in your home. Even if you have a lock, it's still useful to have a security camera, right? To understand when something breaks in, what they're doing, when they do it, get an alarm, you know, when something bethets. Similarly, you know, in software infrastructures, you can still have your lock, your firewall and so on. But then you use a security camera like Falco that is able to observe every single container, every single process, every single machine, every single network connection and so on. Keep an eye on it. And then it has sort of a policy-based system that includes a bunch of policies that come essentially prepackaged that allow the users to detect when something dangerous or suspicious happens in the infrastructure. For example, I don't know, somebody is spawning a share in a Redis container or somebody is logging in AWS without multi-effect authentication. Falco keeps it constant tight and lets you know it gives you an alert when something like that happens. You know what I love about what you guys do and kind of highlights what we've been seeing on theCUBE for many, many years is that the networking concepts of the older generations have been moving up the stack with cloud because you got rule engines, policy, automation, all these things are now part of connected systems. So if you have the cloud, which is essentially distributed computing, you have more networks, more connections. And so the networking paradigms of packets can be moved over to software, just well, software maintenance if you will, or anything, any middleware, whatever you want to call it. I mean, this is kind of a new paradigm. So what's your reaction to that? I want to get your take on this because this is kind of really happening. Yeah, and you are absolutely right. And what us as a Falco community or as a company is exactly that, you know, we're taking the concepts that were maybe at the base of the previous generation of the data center in terms of policies, in terms of workloads, and we're sort of elevating them to what modern cloud is. To give an example, I don't know if you remember, but Falco was inspired by a tool called Snort and the company called SourceFire. Snort used to listen on the network, constantly observed the network traffic and the right policies to tell you, okay, somebody has applauded the file from China and this file contains malware. Now we do this, but we were able to see inside containers, we have cloud context, we understand the regions, we understand Kubernetes namespaces, all this kind of stuff. So we're able to put so much more context and be so much closer to the user. But the concepts are the same. We're just, as I was saying, sitting on the shoulders of people before us that invented this and we're modernizing them. Well, this is what refactoring is all about. This is the benefit of the cloud. I think that's why a lot of the cloud-needed success is happening because companies are realizing that they can actually not just replatform in the cloud, but actually refactor their business. Completely different using other paradigms and not necessarily rip and replace or just, you know, cut and paste. They can take concepts and codify them in their workloads, not necessarily general purpose. So again, key cloud concept and only going to get stronger with the edge developing. So again, more and more complexity connected complexity. Yeah, complexity that more and more you manage through automation, right? Which is another key concept in the cloud. So we are able as a market, as a community to have and manage more and more complex infrastructures because we have tools that are able to automate to take care of stuff for us, to potentially remediate, which is another big thing, you know, in modern security for us and so on. And of course, again, companies like Sysdig try to really read this and apply it in a proper way that can be the most possible use. Hackers love complexity, right? So and love, love chaos. And so unless you tame that with really good software, this is the key, key challenge, right? You need to manage chaos and you need software, good software to help you manage chaos. Our final question for you. How is Sysdig and the Falco community working with AWS? Yeah, in a number of ways. One of the beauties as I was telling before of essentially being built on an open source project like Falco is that you can really work together with cloud providers like AWS with mutual advantage. For example, AWS and team members at Amazon have done many contributions to Falco and the build system and the integrations and so on. We partnered as Falco community and the Sysdig with AWS to offer proper support for Falco and for Sysdig products on Fargate, which is managed containers are the future are very powerful. Everybody wants to go there, but then you need to make sure that you are covered from the point of view of security, from the point of view of observability and so on. So Sysdig and AWS work together on doing a Ptrace-based implementation. This is a technical thing, but essentially it means that a tool like Falco can give you its detections, can be the security camera for Fargate as well. And in general, Amazon is a great partner for us on a daily basis, as a community and as a company. Lars, you got a great company there. And again, it's great to see you guys grow from the beginning and how the wave is here, as I say in California, you guys are riding the right wave. And I think it's just the beginning. I think you're going to see more and more security be programmable, built in, automated, under the covers, invisible, but working. And I think the same is going to be true for data and other things. So a lot more to do. And again, it's distributed computing. It's, we've seen this movie before, but not in this environment. So new tools are coming and you guys are a big part of it. Thank you so much for coming on theCUBE and sharing what you guys are doing and the technology behind Sysdig. Thanks for coming on. Thank you very much and thank you for the great conversation. Okay, this is theCUBE. I'm John Furrier, your host for CUBE Conversation with Sysdigs. There is Digivani, CTO of Sysdig. Thanks for watching.