KubeCon
+ CloudNativeCon 2021. Will you be in attendance? If so, VMblog
invites you to swing by and check out the Deepfence booth in the sponsor
showcase.
Read this exclusive KubeCon pre-show interview
between VMblog and Sandeep Lahane, Founder and CEO of Deepfence. Today's DevSecOps teams need comprehensive visibility into their dynamic applications and infrastructure. Deepfence ThreatMapper auto-discovers your production infrastructure. It identifies and interrogates cloud instances, Kubernetes nodes, and serverless resources, discovering the applications and containers and mapping their topology in real time.
VMblog:
As a KubeCon 2021 sponsor, how excited is your company to be back at an
in-person trade show event? And is your team prepared for what's to come? Do
you anticipate any challenges?
Sandeep Lahane: Super excited! In
fact, this is our first major in-person event this year, and it's great to be
able to meet friends, colleagues and members of the community face-to-face at
last. Some of the Deepfence team will be at KubeCon, some can't make it as
there are still travel restrictions and we have a global team. We'll lean on
the ‘virtual meeting' services that the KubeCon team are offering, hoping that
they will scale and remain secure, and I expect that a lot of events over the
next 12 months are going to be mostly virtual.
VMblog:
How can people find you at the show this year? Can you give VMblog readers a
sneak peek as to what you will be showing off at your booth? What should
attendees expect to see and hear at your booth?
Lahane: Come and find us at booth S56, close to some
of the foot and rest areas, and we'll be happy to share with you what we are
announcing.
Deepfence monitors the security of
applications running in production and we will be sharing exciting news around our
products on Wednesday at the show. Shift-Left initiatives do a great job of
securing build artifacts before they go into production, but once they are
running, that's when Shift-Left tooling hands off the baton to Deepfence. We'll
show attendees how to visualize their apps in production, check running
workloads for vulnerabilities, rank these by ‘risk of exploit' based on the
runtime context and tell you what you need to fix first.
VMblog:
Attendees always enjoy a good trade show tchotchke. Are you giving away any
prizes at your booth or participating in any prize giveaways?
Lahane: Yes! we're offering
our Beats by Dre Giveaway. Every KubeCon + CloudNativeCon North America 2021
attendee who visits the Deepfence booth virtually or in person (booth S56) will
be entered into the drawing for a chance to win Beats Studio Buds. We'll be
giving away not one, but THREE, Beats Studio Buds in our giveaway. So be sure
to meet us at the event, virtually or in person, for your chance to win.
VMblog:
Have you sponsored KubeCon in the past? If so, what is it about this show that
keeps you coming back as a sponsor?
Lahane: We're coming very much as a startup to
KubeCon, although the technology we're showcasing is proven and running in
production with a number of customers and community deployments. Announcing the
next evolution of our offerings has brought us here to KubeCon.
VMblog:
What do you attribute to the success and growth of this industry and the
KubeCon event itself?
Lahane: The CNCF is taking a strong leadership role to
guide the industry in how to adopt and use some frankly complicated and fragile
technology. The ecosystem around Kubernetes is huge, and necessarily so, and
KubeCon is a great event for users, the community, and for vendors to get
together and share best practices and tales from the coal face.
The KubeCon team tread a fine line between the
vendors who sponsor the event and users who are looking for predominantly
open-source solutions, always leaning on the side of "what is right for the
community." This has kept KubeCon to be an open, non-partisan event each year,
and that's what ensures its long-term success.
VMblog:
What are you most interested in hearing about at this year's KubeCon event?
Lahane: At Deepfence, we have an interest in learning
what is happening in the community around security, from the dual perspectives
of developers who are charged with delivering secure code and artifacts, and
operators who are charged with managing the ongoing security of their runtime
platforms. We want to learn what is happening in the community, and how we can
support those initiatives with our runtime security observability platform.
VMblog:
What are some of the reasons why you believe a KubeCon attendee should add you
to their MUST SEE list?
Lahane: Security is of course top-of-mind for
developers and operators. There's lots of innovation in shift-left
developer-focused solutions, and there's lots of good things happening to help
people monitor and secure their platforms, with compliance tooling and
infrastructure-as-code initiatives. However, there's no good solution that
focuses on run-time security of the workloads. What currently exists is either
too low-level, needing a lot of expertise to operate it effectively, or limited
to very specific techniques.
We address this need. Deepfence operates a set
of techniques that we feel are essential for any runtime platform to monitor
the security of workloads against emerging threats and monitor the behavior of
users to identify emerging attacks. We do all of this without any changes to
the platform or the application. If you're intrigued, come and visit us to find
out more.
VMblog:
How does your company or product fit within the container, cloud, Kubernetes
ecosystem?
Lahane: See above. Essentially, we look at cloud as a
continuum where different cloud native modalities exist side by side. For
example, we very often see a mix of kubernetes and virtual machine or
serverless based workloads side by side, Deepfence provides security observability
across the entire continuum of cloud native modalities.
Deepfence offerings are easy to install into an existing Kubernetes or Docker
runtime environment, and we support multi-cloud deployments with ease. You can
also, with a small amount of additional work, observe and secure AWS Fargate
and bare metal or VM environments too.
VMblog: Can you give readers a few examples of
how your offerings are unique? What are your differentiators?
Lahane: There are a couple of things that we do that
we believe are genuinely unique in the industry.
We take the good processes and practices that
developers use during shift-left to scan build artifacts for known
vulnerabilities, and we apply those to production. We scan running, stopped and
in-registry containers, hosts and applications for known vulnerabilities,
picking up where Shift Left stops. This is vital because not every production
workload goes through a shift-left process, and vulnerabilities can be
discovered and published once an application is built, but while it's running
in production.
While scanning runtime artifacts, we observe
network traffic packages and dependencies which are loaded in memory at
runtime, and deduce potential attack paths, this is not possible in CI/CD
process as the runtime context is not available at that time. With this runtime
context, we can then let the admin know which are the most exploitable
vulnerabilities, and what is the potential exploit path. This ‘threat map' is
key to how users benefit from our product.
The second thing we do is to gather runtime
signals and telemetry to deduce what is happening in your applications, and to
seek out anomalies that might indicate that something unusual is happening. There
are a number of projects that gather on-host and in-container telemetry using
eBPF and file monitoring to identify possible ‘indicators of compromise' on the
application. These "indicators-of-compromise" on their own are generally too
late, and often collected post facto. Uniquely, we sample network traffic, at
layer 7 and decrypting TLS, so that we capture network transactions. We then
match these transactions against threat feeds, and by doing so, we can see
ongoing recon traffic, successful exploits, command and control, and
exfiltration events. These are "indicators of attack," and they are both
precursors to an attack and provide essential context to help administrators
understand security events and attacks as they unfold.
VMblog:
If an attendee likes what they see and hear at your booth, what message about
your product can you send them back with to sell their boss on your technology?
Lahane: We've invested in "shift left" and seen huge
security benefits there, but we can't afford to forget about production. Shift
left stops once the app is in production. Deepfence picks up where Shift Left
finishes, and scans for threats in production, and it does so with minimal
impact on our production platform. We need to talk to the Deepfence team to
learn how to take advantage of it!
##