Virtualization Technology News and Information
KubeCon 2021 Q&A: Deepfence Showcases How to Secure Applications across Kubernetes, Clouds, Serverless, and More


KubeCon + CloudNativeCon 2021.  Will you be in attendance?  If so, VMblog invites you to swing by and check out the Deepfence booth in the sponsor showcase.

Read this exclusive KubeCon pre-show interview between VMblog and Sandeep Lahane, Founder and CEO of Deepfence.  Today's DevSecOps teams need comprehensive visibility into their dynamic applications and infrastructure.  Deepfence ThreatMapper auto-discovers your production infrastructure.  It identifies and interrogates cloud instances, Kubernetes nodes, and serverless resources, discovering the applications and containers and mapping their topology in real time.

Deepfence Logo

VMblog: As a KubeCon 2021 sponsor, how excited is your company to be back at an in-person trade show event? And is your team prepared for what's to come? Do you anticipate any challenges?

Sandeep Lahane:  Super excited! In fact, this is our first major in-person event this year, and it's great to be able to meet friends, colleagues and members of the community face-to-face at last. Some of the Deepfence team will be at KubeCon, some can't make it as there are still travel restrictions and we have a global team. We'll lean on the ‘virtual meeting' services that the KubeCon team are offering, hoping that they will scale and remain secure, and I expect that a lot of events over the next 12 months are going to be mostly virtual.

VMblog: How can people find you at the show this year? Can you give VMblog readers a sneak peek as to what you will be showing off at your booth? What should attendees expect to see and hear at your booth?

Lahane:  Come and find us at booth S56, close to some of the foot and rest areas, and we'll be happy to share with you what we are announcing. 

Deepfence monitors the security of applications running in production and we will be sharing exciting news around our products on Wednesday at the show. Shift-Left initiatives do a great job of securing build artifacts before they go into production, but once they are running, that's when Shift-Left tooling hands off the baton to Deepfence. We'll show attendees how to visualize their apps in production, check running workloads for vulnerabilities, rank these by ‘risk of exploit' based on the runtime context and tell you what you need to fix first.

VMblog: Attendees always enjoy a good trade show tchotchke. Are you giving away any prizes at your booth or participating in any prize giveaways?

Lahane:  Yes! we're offering our Beats by Dre Giveaway. Every KubeCon + CloudNativeCon North America 2021 attendee who visits the Deepfence booth virtually or in person (booth S56) will be entered into the drawing for a chance to win Beats Studio Buds. We'll be giving away not one, but THREE, Beats Studio Buds in our giveaway. So be sure to meet us at the event, virtually or in person, for your chance to win.

VMblog: Have you sponsored KubeCon in the past? If so, what is it about this show that keeps you coming back as a sponsor?

Lahane:  We're coming very much as a startup to KubeCon, although the technology we're showcasing is proven and running in production with a number of customers and community deployments. Announcing the next evolution of our offerings has brought us here to KubeCon.

VMblog: What do you attribute to the success and growth of this industry and the KubeCon event itself?

Lahane:  The CNCF is taking a strong leadership role to guide the industry in how to adopt and use some frankly complicated and fragile technology. The ecosystem around Kubernetes is huge, and necessarily so, and KubeCon is a great event for users, the community, and for vendors to get together and share best practices and tales from the coal face.

The KubeCon team tread a fine line between the vendors who sponsor the event and users who are looking for predominantly open-source solutions, always leaning on the side of "what is right for the community." This has kept KubeCon to be an open, non-partisan event each year, and that's what ensures its long-term success.

VMblog: What are you most interested in hearing about at this year's KubeCon event?

Lahane:  At Deepfence, we have an interest in learning what is happening in the community around security, from the dual perspectives of developers who are charged with delivering secure code and artifacts, and operators who are charged with managing the ongoing security of their runtime platforms. We want to learn what is happening in the community, and how we can support those initiatives with our runtime security observability platform.

VMblog: What are some of the reasons why you believe a KubeCon attendee should add you to their MUST SEE list?

Lahane:  Security is of course top-of-mind for developers and operators. There's lots of innovation in shift-left developer-focused solutions, and there's lots of good things happening to help people monitor and secure their platforms, with compliance tooling and infrastructure-as-code initiatives. However, there's no good solution that focuses on run-time security of the workloads. What currently exists is either too low-level, needing a lot of expertise to operate it effectively, or limited to very specific techniques.

We address this need. Deepfence operates a set of techniques that we feel are essential for any runtime platform to monitor the security of workloads against emerging threats and monitor the behavior of users to identify emerging attacks. We do all of this without any changes to the platform or the application. If you're intrigued, come and visit us to find out more.

VMblog: How does your company or product fit within the container, cloud, Kubernetes ecosystem?

Lahane:  See above. Essentially, we look at cloud as a continuum where different cloud native modalities exist side by side. For example, we very often see a mix of kubernetes and virtual machine or serverless based workloads side by side, Deepfence provides security observability across the entire continuum of cloud native modalities.

Deepfence offerings are easy to install into an existing Kubernetes or Docker runtime environment, and we support multi-cloud deployments with ease. You can also, with a small amount of additional work, observe and secure AWS Fargate and bare metal or VM environments too.

VMblog: Can you give readers a few examples of how your offerings are unique? What are your differentiators?

Lahane:  There are a couple of things that we do that we believe are genuinely unique in the industry.

We take the good processes and practices that developers use during shift-left to scan build artifacts for known vulnerabilities, and we apply those to production. We scan running, stopped and in-registry containers, hosts and applications for known vulnerabilities, picking up where Shift Left stops. This is vital because not every production workload goes through a shift-left process, and vulnerabilities can be discovered and published once an application is built, but while it's running in production.

While scanning runtime artifacts, we observe network traffic packages and dependencies which are loaded in memory at runtime, and deduce potential attack paths, this is not possible in CI/CD process as the runtime context is not available at that time. With this runtime context, we can then let the admin know which are the most exploitable vulnerabilities, and what is the potential exploit path. This ‘threat map' is key to how users benefit from our product.

The second thing we do is to gather runtime signals and telemetry to deduce what is happening in your applications, and to seek out anomalies that might indicate that something unusual is happening. There are a number of projects that gather on-host and in-container telemetry using eBPF and file monitoring to identify possible ‘indicators of compromise' on the application. These "indicators-of-compromise" on their own are generally too late, and often collected post facto. Uniquely, we sample network traffic, at layer 7 and decrypting TLS, so that we capture network transactions. We then match these transactions against threat feeds, and by doing so, we can see ongoing recon traffic, successful exploits, command and control, and exfiltration events. These are "indicators of attack," and they are both precursors to an attack and provide essential context to help administrators understand security events and attacks as they unfold.

VMblog: If an attendee likes what they see and hear at your booth, what message about your product can you send them back with to sell their boss on your technology?

Lahane:  We've invested in "shift left" and seen huge security benefits there, but we can't afford to forget about production. Shift left stops once the app is in production. Deepfence picks up where Shift Left finishes, and scans for threats in production, and it does so with minimal impact on our production platform. We need to talk to the Deepfence team to learn how to take advantage of it!


Published Monday, October 11, 2021 7:40 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2021>