Virtualization Technology News and Information
#KubeCon 2018 Q&A: Sysdig Will Showcase Unified Container Security, Performance Monitoring, and Forensics at Booth P14


Are you attending KubeCon 2018 in Seattle?  If so, I invite you to add Sysdig to your MUST SEE list of vendors.

KubeCon 2018 is shaping up to be a fantastic event!  And the number of sponsoring vendors at this year's show is impressive.  One of the companies on VMblog's MUST SEE list this year is Sysdig.  Sysdig is built on open source cloud-native technologies, including Falco, the runtime security project; sysdig, the open source container forensics tool; and Prometheus, the Kubernetes monitoring and alerting toolkit.

Read this exclusive pre-show interview between VMblog and Apurva Davé, the Chief Marketing Officer at Sysdig, to learn what they have planned at KubeCon North America 2018 and why you need to visit their booth.


VMblog:  As a KubeCon 2018 sponsor, where can we find your booth?

Apurva Davé:  You can find us at #P14, right by the coffee bar - we'll be the ones hyped up on a cup of joe!

VMblog:  What sponsorship level are you? 

Davé:  We are Platinum-level sponsors, the coffee bar sponsor and we are Silver-level sponsors at Mesosphere's Ice Cube-Con.

VMblog:  Are there other activities Sysdig is participating in?

Davé:  Yes, besides trying our hand at coffee art (we kid, we'll only be consuming), we have two speaking events we would love to invite everyone to join. Both are on Falco, our open source runtime security project that was recently included as a CNCF Sandbox project. You'll also find us on Tuesday night at Ice Cube-Con.

VMblog:  Tell us about your speaking sessions.


Intro: Falco

Speaker: Loris Degioanni, CTO and Founder of Sysdig

When: Tuesday, 12/11 - 3:40pm to 4:15pm

Where: Room 615-617

What we will be talking about: Host intrusion detection (HID) has been around for some time. What if we rethought the problems HID solves in the context of Cloud Native platforms? What if we can detect abnormal behavior in the application, container runtime, & cluster environment as well? In this session, Sysdig CTO and founder Loris Degioanni will present Falco, a CNCF Sandbox project for runtime security. Degioanni will demonstrate how Falco taps Linux system calls & the Kubernetes API to provide low level insight into application behavior & how to write Falco rules to detect abnormal behavior and present how to collect & aggregate alerts using an EFK stack (Elasticsearch, Fluentd, Kibana). Finally, Degioanni will explain how Falco can trigger functions to stop abnormal behavior & isolate the compromised Pod or Node for forensics. Attendees will leave with a better understanding of what problems runtime security solves & how Falco can provide runtime security & incident response.

Deep Dive: Falco 

Speaker: Mark Stemm, Senior Software Engineer at Sysdig

When: Thursday, 12/13 - 3:40pm to 4:15pm

Where: Room 615-617

What we will be talking about: In any Cloud Native architecture, there's a seemingly endless stream of events that happen at each layer. These events can be used to detect abnormal activity and possible security incidents, as well as providing an audit trail of activity. We will share how we extended Falco to ingest events beyond just host system calls, such as Kubernetes audit events or even application level events. We will also walk the audience through how to create Falco rules to detect behaviors in these new event streams, and how we implemented Kubernetes audit events in Falco, and how to configure the event stream. Finally, we will share how to create additional event streams leveraging the generic implementation Falco provides. Attendees will gain a deep understanding of Falco's architecture and how to customize Falco for additional events sources.

VMblog:  As a KubeCon sponsor, it is reasonable to assume your company and product fits within the container or cloud ecosystem. Can you explain how?

Davé:  Sysdig is designed to protect the cloud. We launched in 2013 with sysdig, the open source container forensics tool. From there, the Sysdig Cloud-Native Intelligence Platform was built out to combine Sysdig Secure, Sysdig Monitor and our open source projects - Sysdig Inspect, sysdig and Falco - in one easily managed offering.

Sysdig Secure is the most powerful container security and forensics solution for microservices. Sysdig Secure, a runtime security, comes out-of-the-box with the ability to secure the end-to-end container lifecycle and offers vulnerability management, more than 200 compliance checks and security analytics for cloud-native applications or on-premises software offerings.

Sysdig Monitor is the most powerful container-native monitoring and troubleshooting solution. It is crafted to provide enterprise-class Prometheus support and extend Prometheus to meet enterprise requirements. It comes out-of-the-box with unmatched container visibility and deep orchestrator integrations, including Kubernetes, Docker, AWS ECS, and Mesos.

VMblog:  Thinking about your company, give readers a few reasons why your product or service is considered unique.

Davé:  Good question! We've taken a different approach to cloud-native operations than other software providers. We are the only ones who have developed the technology to deliver unified container security, performance monitoring, and forensics in a way that's designed for Kubernetes and modern microservice environments. That means we can give our users more capabilities (like performance monitoring, infrastructure monitoring, run-time security, compliance, alerting forensics) with less complexity, less stuff to manage, and fewer UIs to learn. At a time when DevSecOps and the convergence of security and DevOps, we have a platform that actually enables these teams to more easily work together with a common language.

We also use a single one point of instrumentation, which puts less strain on an environment and gives users access to far more data than they would get with other approaches - whether that's from a monitoring or a security context. This unique data source enables Sysdig to be the most powerful way to understand the data at the heart of applications.

No one else has unified security, monitoring and forensics platform for cloud-native apps like we have while also providing the level of data we can deliver.  

VMblog:  Can you give VMblog readers a sneak peek as to what you will be showing off at your booth?  What should attendees expect to see and hear at your booth?

Davé:  We are making two announcements at KubeCon, including a secure product announcement and the new IBM Cloud Monitoring with Sysdig. The new IBM partnered monitoring service provides application visibility, alerting, and troubleshooting for enterprise DevOps and IT teams building and running business-critical applications. We are very excited about this new partnership that extends Sysdig monitoring to the IBM Cloud while also consolidating platform management for users.

As for the booth itself, we are excited to be demoing the Sysdig Cloud-Native Intelligence Platform, which includes Sysdig Monitor and Sysdig Secure. This will be one of the first times we are demoing Sysdig Monitor 3.0 - which launched at the end of September - and includes enterprise Prometheus monitoring. What does that mean exactly? Early-phase Kubernetes projects often use open source Prometheus to research the performance of their applications, but as they transition to full-scale production, there are additional requirements they need. With Sysdig Monitor 3.0, we bridge that gap, letting enterprises who are familiar with Prometheus still use the Prometheus project that they love, but we give them the enterprise-scale they end up needing. Of course, we have some other new features we can't wait to share as well!

VMblog:  If an attendee likes what they see and hear at your booth... what message about your product can you send them back with to sell their boss on your technology?

Davé:  We are on the verge of Cloud 2.0 and it is no longer a question of if Kubernetes, but it is a question of when, so as you make the transition, either going full in on the cloud or perhaps a multi-cloud environment, there really isn't another choice for monitoring and security for Kubernetes-based applications.

Unlike traditional approaches, the Sysdig Cloud-Native Intelligence Platform was built with an understanding of the modern DevSecOps workflow across Kubernetes, Docker and both private and public clouds. Not only that, but by combining security and monitoring through a single point of instrumentation, enterprises will put less of a strain on their environment while shifting security and DevOps teams closer together, communication that will only strengthen an infrastructure.

Sysdig ContainerVision, a technology within Sysdig Secure and Sysdig Monitor, utilizes the single point of instrumentation to also save time and company resources by delivering monitoring, security, troubleshooting, and forensics from a single, low-resource agent. This unique technology unlocks a completely new source of machine data, enabling Sysdig to provide the deepest visibility into containers and microservices. Users gain more capabilities (like performance monitoring, infrastructure monitoring, run-time security, compliance, alerting forensics) with less complexity, less things to manage, and fewer UIs to learn. Sysdig ServiceVision, another technology within Sysdig Secure and Sysdig Monitor, uses Kubernetes context to implement security at the microservice level - in addition to the container, host, and network levels - which is a big step up from typical security approaches.

VMblog:  What do you think we need to do collectively as an ecosystem to strengthen the industry?

Davé:  We believe security and monitoring are converging as they should be.

There is a separation of components in microservice architectures and supporting platforms that gives developers and service teams the ability to launch functionality sooner and more frequently, but it also means there is a vast increase in the number of moving parts, and a monumental increase in the attack surface of these applications. It can be a nightmare for security professionals, but it doesn't have to be if security is introduced sooner in the development timeline.

We have seen far too many companies get too far into their development process before introducing security, which frankly is a mistake that is an attacker's dream. We understand how it is happening: development today is more rapid, with pressure to build and adapt to change as quickly as possible, but it ends up costing time, money and pain that could have easily been avoided if security was introduced sooner. This is why DevSecOps is rising in importance. It's  a concept we believe will continue to evolve and take off as companies start to introduce security into other DevOps functions, such as monitoring and troubleshooting.

Container environments actually provide opportunities to build-in automated security scans at multiple points in the development cycle, which should mean the containers in the end will be much more robust, in a security sense, than even VMs.  It is just a matter of getting the right tools,implementing them at the right time, and getting your teams to buy in.  

VMblog:  What do you hope to come away with from exhibiting at KubeCon?  What is your focus?

Davé:  Enterprises are adopting cloud-native technology for its speed of development, multi-cloud scaling capabilities, and lower total cost of ownership, but, they are hitting roadblocks with old school security and monitoring products. To be successful and to avoid common pains, enterprises need to understand how to properly secure the ephemeral nature of modern architectures and the new set of tools that can help.

With firms such as 451 Research predicting the cloud-enabling technology market growing to $39.6B through 2020, and containers to be the fastest growing segment of that market at 40%, the need to understand how to protect these environments is even more important.

Sysdig has emerged as the only solution that delivers enterprises the complete set of capabilities needed to protect an environment, ensure that it is running smoothly and meet compliance requirements. Sysdig delivers it all, both in the cloud and on-premises, in order to grow with companies as they undertake this journey.

Our main goal is to educate enterprises on making the transition and how they should be thinking about security, monitoring and troubleshooting. At this point, we have helped enough enterprises make the transition - including many of the world's largest financial institutions, media companies, cable companies, technology companies and government agencies - and we are excited to meet new people interested in making the jump.

VMblog:  Lastly, attendees always enjoy a good trade show tchotchke.  Are you guys giving away anything special or interesting this year?

Davé:  Yes, we have all the things - Sysdig tote bags, Falco stickers and tattoos, along with shirts and even three Oculus Go headsets to giveaway each day in our raffle. We also have Sysdig Falco and Sysdig Monitor trial cards for anyone interesting in a trial.


About Apurva Davé and Sysdig

Apurva Davé is the Chief Marketing Officer at Sysdig. For the past three years, Apurva has been instrumental in helping Sysdig, the cloud-native intelligence company, bring awareness to the tools and changes enterprises need to make when starting the cloud-native journey. Sysdig, the cloud-native intelligence company, has created the only unified platform to deliver container security, monitoring, and forensics in a microservices-friendly architecture. The Sysdig Cloud-Native Intelligence Platform monitors and secures millions of containers across hundreds of enterprises, including Fortune 500 companies and web-scale properties. The Sysdig open source technologies have attracted a community of over a million developers, administrators and other IT professionals looking for deep visibility into applications and containers.  Learn more at

Published Monday, December 10, 2018 6:12 PM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2018>