KubeCon + CloudNativeCon 2020 goes digital. Will you be in attendance? If the event were
physical, we would have looked forward to visiting with Capsule8. So we
reached out to them digitally instead.
Read this exclusive pre-show interview
between VMblog and Kelly Shortridge, VP of Product Management and Product Strategy at Capsule8, a pioneer behind production-ready infrastructure security for Linux systems. Designed to avoid costly downtime, overloaded hosts, or stability snafus unlike traditional security tools, organizations depend on Capsule8 to efficiently protect their Linux workloads with detection, investigations, and protection in any environment.
VMblog: Do you have any speaking sessions during the
event? If so, can you give us the
details?
Kelly Shortridge: I'll be presenting a session during the co-located Cloud
Native Security Day on November 17th at 12:25 on the topic of
replacing security theater with security chaos engineering. Information
security too often fulfills the stereotype of the surly gatekeeper, pursuing
security theatrics -- the term encompassing primarily performative (and often
punitive) measures that don't support superior security outcomes. What I
propose the industry adopt instead is a security chaos engineering approach,
one which embraces the importance of convenience, alignment with organizational
goals, and the wisdom derived from failure.
This talk covers only a sliver of security chaos engineering
as a practice, so I recommend viewers also download the recently released "Security Chaos Engineering" O'Reilly publication
I wrote with my co-author Aaron Rhinehart. It's available for the lovely price
of free, and is the first publication to dive into how organizations can
pragmatically adopt a security chaos engineering approach.
VMblog: How does your company or product fit within
the container, cloud, Kubernetes ecosystem?
Shortridge: Capsule8 provides monitoring and detection for production
infrastructure, which basically means that we enable teams to keep all their
Linux-based systems operational. The reality for most organizations is that
production isn't exclusively running on containers, Kubernetes, or a single
cloud provider, and we understand that. Our customers receive the same
capabilities across all their infrastructure types, which helps them protect
system operations consistently across their current mix of environments and
wherever they plan to migrate in the future.
VMblog: Can you give us the high-level rundown of
your company's technology offerings?
Explain to readers who you are, what you do, what problems you solve,
etc.
Shortridge: The modern non-negotiable in I.T. is hitting your uptime and
availability requirements -- that's the top priority for most organizations
when it comes to delivering services to customers. But, the reality of complex
systems is that there is a lot outside of operators' control that can
jeopardize that uptime, whether deliberately malicious activity by attackers,
accidental or careless activity by developers, or the general issue of systems
deviating from expected behavior. Capsule8 is built to monitor production
infrastructure and immediately detect those issues so organizations can restore
service as quickly as possible and recover from failure gracefully.
VMblog: And while talking about your products, can
you give readers a few examples of how your offerings are unique? What are your differentiators?
Shortridge: Linux environments were traditionally ignored by
security vendors and the importance of uptime and operational performance in
production is still completely overlooked by most security vendors. Capsule8,
however, understands what matters to both security and ops teams in keeping
infrastructure safe, and we can execute on that understanding with decades of
experience remotely administrating Linux systems. We treat production
infrastructure as the highest priority asset that it is, rather than copy
pasting Windows malware detection techniques that are not only irrelevant on
Linux, but entirely miss how attacks are actually conducted on Linux and the
types of accidental behavior by developers that can lead to production
incidents.
Our
architecture also reflects this understanding of the criticality of production
uptime as a revenue engine for modern businesses. We don't use a kernel module
(a mix of kprobes, perf, and BPF instead), we enable resource limitation
(memory, CPU, and event rate), and we perform local analysis rather than
hoovering up data and sending it across already busy production networks. This
is why we're often seen as one of the few security tools Ops teams feel
comfortable deploying in production.
VMblog: At what stage do you feel we are at with
regard to containers? Is there anything
still holding it back? Or keeping it
from a wider distribution?
Shortridge: It's safe to say that containers are here to stay. But,
people are realizing that it isn't a panacea for their multiplicitous software
delivery and operational challenges. I think it's a healthy place to be -- the
hype is now tempered, allowing for more thoughtful and honest assessment of
when and how containers are optimally deployed.
VMblog: There will be plenty of interesting topics
covered during the KubeCon keynotes. But
can you take this opportunity to share your own thoughts about any big changes
or directions you see for this industry?
Shortridge: I'm obviously hopeful that the O'Reilly publication on Security Chaos Engineering
I wrote with Aaron will stimulate conversation about harnessing failure as a
learning opportunity to fuel continuous improvement in both speed and stability
within software delivery. A big change I'd love to see industry-wide, drawing
on the report, is more organizations embracing the practice of engineering
teams adopting accountability for security changes and issues. A solid cluster
of large tech companies have already adopted a Security Champions model (which
we highlight in the report), but it would be inspiring to see more movement
across a broader set of organizations towards unifying responsibility and
accountability in security. The traditional model of security as a gatekeeper
in a silo just doesn't cut it anymore in a world of speedy, distributed systems
operating at scale -- and, as evidenced by the lack of progress over the past
two decades in infosec, arguably never cut it before, either.
##