►
Description
Containers and cloud disrupt the way enterprises implement compliance controls. Modern application environments that can change every few minutes present a new set of potential threats. A secure DevOps approach with Sysdig and Red Hat OpenShift helps enterprises implement continuous compliance for containers, Kubernetes, and cloud to meet standards like PCI, NIST, and SOC2.
Join Eric Carter from Sysdig as we discuss how cloud security teams can improve cloud security posture management and implement controls to detect misconfigurations and compliance violations.
A
B
A
B
A
You
know
how
I
know
that
it's
windy
there,
because
I
go
to
well
before
coving.
I
used
to
travel
at
least
twice
a
year
to
san
francisco
and
it's
just
always
windy.
You
know
I
mean
you
know
you
don't
have
to
be
a
mind
reader
to
say.
Oh
it's
windy
today,
but
yeah.
I
like
that
town,
so
you
so
you're
you're
joining
us
here
from
systig.
How
long
have
you
been
there.
B
Do
we
provide
kind
of
what
we
would
call
secure,
devops,
tooling,
or
the
secure
devops
platform?
Think
about
it
as
a
couple
things
right?
It's
trying
to
give
you
visibility
into
all
of
these
containers
and
these
clusters
and
spun
up
on
across
all
these
different
clouds,
visibility
that
helps
you
with
a
security
right.
You
can't
secure
what
you
can't
see
and
b
like
performance
and
health
right
and
when
you
combine
those
two
things,
you
kind
of
got
a
really
good
grip
on,
what's
really
happening
in
my
modern
application,
environment
and.
A
A
Well,
that's,
that's!
That's
fair
enough!
I
know.
Sysdig
is
a
household
word
in
our
team
I
mean
my
team.
Specifically,
we
work
with
third-party
software
vendors
to
get
their
their
apps
tested
and
certified
on
the
red
hat
portfolio,
whether
it's
openstack
or
openshift,
or
ansible,
or
red
hat
linux
or
or
what
have
you
you
folks
have
a
operator
for
openshift.
Is
that
right.
B
Yes,
we
do
so
when
that
sort
of
framework
you
know
matured
and
you
were
invited
to
do
so.
We
have
that
so
that
you
can
spin
up.
Basically,
it
helps
to
spin
up
and
maintain
our
the
agent
side
of
what
we
do,
which
is
that
piece.
That's
gonna
kind
of
sit
on
your
openshift
and
kubernetes
nodes
and
discover,
what's
going
on
out
there
sure,
okay.
A
C
They're,
not
legit
yeah,
absolutely
yeah.
Part
of
my
role
is
managing
and
working
with
these
great
partners
like
systig
systems,
one
of
our
top
top
tier
partners
and
I've
been
working
with
them
for
a
while.
Now
I
actually
have
some
history
with
cystic
as
well
before
red
hat.
I
was
at
a
company
called
black
duck
and
synopsis,
and-
and
I
was
a
partner
of
cystic
as
well
so
they're-
definitely
legit-
definitely
legit.
A
B
You're
making
me
laugh
because
I've
done
several
sessions
on
the
topic
and
well,
I
kind
of
agree
with
you
that
in
there
I
would
always
throw
this
kind
of
slide
to
lighten
things.
Up
that
says,
resistance
is
futile
right.
These
things
are
honest.
We
have
to.
We
have
to
do
them
and
it's
for
good
reason.
Right,
I
mean
obviously
security
and
compliance
is
tied
together,
you're
going
to
achieve
compliance
by
making
sure
you
have
have
security,
but
it's
like
you,
don't
just
have
to
be
like
a
financial
services
to
be
subject
to
it.
B
You
know
make
sure
that
I
don't
fall
subject
to
fraud,
and
so
you
know
it
can
be
very
dry,
but
it's
also,
you
know,
there's
so
many
different
standards
and
when
we
think
about
the
boogeyman
that
can
come
to
bear
if
I'm
a
credit
card
provider
or
some
payment
processor
right,
it's
like
oh
a
lot
of
bad
stuff
can
happen.
If
I
don't
cover
my
bases
and
part
of
what
we
want
to
talk
about
today
is
like
well.
How
is
that?
How
is
that
for
containers
in
openshift
right?
Is
it
different?
A
A
B
Yeah
there's
there
are
a
number
of
things
that
we
do
and,
and
we
kind
of
break
down
one
of
the
different
stages
into
you
know.
What
am
I,
what
do
I
do
to
try
and
make
sure
I'm
compliant
while
I'm
building
stuff?
What
do
I
do
to
try
and
make
sure
I'm
compliant
when
I'm
running
stuff
and
then,
when
the
bad
stuff
happens?
What
do
I
do
to
help
uncover?
What
was
it
that
happened
and
provide
proof
right
that?
Okay,
we
figured
it
out.
B
We
know
what
it
is,
we're
blocking
it
going
forward,
so
we
we
have
a
little
bit
in
each
one
of
those
sections.
I
think
that
we
can
talk
about,
and
you
know
everything
from
vulnerability
scanning
on
the
front
end
through
your
ci
cd
pipelines,
to
checking
for
things
in
runtime
and
and
then
having
forensics
records
right
for
containers.
B
C
This
bit
of
an
eye
chart
might
be
tough
to
read,
but
this
gives
our
joint
customers
and
our
partners
and
even
internal
red
hatters,
a
better
understanding
of
number
one,
the
security
categories
and
where
the
number
two
where
they
fit
into
a
devops
pipeline,
and
so
it's
a
great
tool
to
take
to
a
customer,
for
example
and
say:
hey:
are
you
thinking
about
compliance
audit
not
not
only
at
the
running
cluster
but
during
build
automation?
Like
you
just
said,
eric.
C
That's
right,
that's
right,
and
then
we
could
take
this.
The
next
level
and,
as
you
mentioned,
produce
a
solution,
a
joint
solution
with
cystic
here
in
red
hat,
where
we
can
say:
okay,
now
you've
got
these
items
covered.
This
can
be
the
starter
conversation
of
ensuring
that
you
have
everything
where
you
need
it
at
certain
points
in
the
pipeline.
So
this
this
can
absolutely
help
you
get
started
because
it
is
an
overwhelming.
C
B
B
Look
a
little
complex
on
its
on
its
own,
but
but
I
think
the
key
you
threw
in
earlier
was
automation
right.
We
take
this
and
multiply
it
by
the
number
of
containers.
The
number
of
clusters,
the
number
of
clouds
and
trying
to
do
this
in
a
more
manual
fashion
with
x
number
of
tools
can
be
pretty
pretty
challenging.
So.
C
B
Obviously,
in
the
compliance
world
controls,
I
I
kind
of
break
down
in
my
mind
the
things
you
need
to
do
for
compliance
into
kind
of
three
buckets
there
may
be
more,
but
this
is
the
world
according
to
eric,
and
one
is
that
we
have
implemented
controls
right
now,
standards
that
are
out
there
nist
pci
sock
to
they.
There
are
certain
you
know,
they're,
obviously
saying
protect
access,
protect
your
data
and
so
on,
but
they're
not
saying
you
you're
going
to
do
this
to
actually
achieve
it
or
you're
going
to
use
these
tools
actually
achieve
it.
B
You
know
that's
great
stuff
and
I
think
we're
in
a
unique
position
at
cystic
just
because
of
the
way
that
we
have
implemented.
You
know
we,
as
we
were
prepping
for
this
call.
We
were
talking
about.
What's
the
background
on
on
cystic,
where
the
heck
do
you
guys
come
from?
What's
the
name
all
about
right?
B
Obviously,
if
you
take
the
two
apart,
you're
digging
systems,
but
our
founder
loris,
he
was
one
of
the
wireshark
co-creators
right
and
if
most
people
light
up
when
you
say
wireshark
because
they're
using
it
in
their
career,
in
fact,
I
was
doing
some
google
searches
for
something
completely
unrelated
yesterday
for
my
home
and
something
came
up
that
said,
oh
here,
I've
discovered
this
thing
with
wireshark.
It
had
to
be
some
router.
I
was
trying
to
figure
out.
B
So
wireshark
was
all
about
capturing
deep
level,
information
storing
it
so
that
you
could
go
through
it,
and
this
is
more
about
network
laura
said
containers
are
coming,
there's
a
challenge
with
understanding
what's
happening
in
the
container.
What
can
we
do
to
get
that
low
level
information
and
then
capture
it
because
containers
come
and
go,
and
so
we
do
that.
That's
one
of
the
unique
things
that
we
do
is
kind
of,
observe
your
systems
at
a
system
call
level
and
then
be
able
to
have
the
deep
information
a
lot
of
times.
It's
like.
B
A
Cool
background
people
yep,
let
me
ask
you
a
question.
So
if
you
were
a
database
vendor,
I
understand
how
databases
work,
I
mean
I
mean,
I
don't
understand
the
internal
workings
of
them,
but
I,
but
I
get
it
that
there's
you
know
you
install
a
database,
you
allocate
storage
to
it,
you
allocate
resources
and
you
build
your
tables
and
then
people
access
it
and
run
their
little
reports
and
so
forth,
and
whether
it's
in
the
cloud
or
like
a
distributed
database,
you
know
in
kubernetes,
or
you
know
something
more
traditional.
A
B
Sure
I
you
you
could
think
about
systig
as
having
two
parts-
one
we
talked
about
earlier
in
the
in
context
of
operator
where
you're
deploying
this.
We
call
it
an
agent,
you
can
call
it
whatever
you
want
now,
typically,
in
an
open
shift
environment,
your
spit
you,
you
just
set
that
up
as
a
daemon
set,
so
that
any
new
node
that
gets
put
up
based
on
workload
or
you
know
scaling.
B
One
of
these
is
gonna
appear
there
right
and
that's
the
part.
That's
detecting,
observing
those
system
calls
tapping
into
cube
api
other
data
sources
and
getting
the
getting
the
insights
right,
and
we
could
talk
a
little
bit
more
about
what
those
are
in
just
a
second,
but
then
that
data
gets
related
back
to
a
back
end
right
now,
by
and
large,
the
majority
of
our
customers
are
now
using
our
sas
backend.
So
that
means
we
have
a
cloud-based
place
where
your
data
goes.
You
have
your
account.
It's
secure
and
you
log
in
there
to
see.
B
Here's
the
behavior,
here's
what's
happening,
here's
what
I
need
to
to
watch
out
for
you
log
in
there
to
set
up
your
policies
and
so
on.
So
those
are
the
two
pieces
and
and
what's
one
of
the
things
that
I
hear
from
customers
like
yeah,
we
just
spin
up
that
agent
and
you
start
discovering
stuff,
and
that
means
that
a
container
that
starts
talking
and
maybe
talking
to
other
containers.
We
see
that
and
we
can
draw
you
a
map
of
that.
We
know
that
that
containers.
Might
you
were
talking
about
databases?
B
That's
my
sequel
and
it's
talking
to
a
wordpress
front
end
right.
We
can.
We
can
show
you
that
if
anything
odd
starts
to
happen
or
the
performance
breaks
down
or
someone's
if
a
process
other
than
this
is
one
of
the
cool
things
too
a
process
other
than
my
sequel
starts
running
in
that
container.
That's
probably
a
problem.
You
know,
bitcoin
mining
is
one
of
the
classic
examples
we
can
detect
that
and-
and
so
a
lot
of
what
I'm
describing
here
by
the
way
mike
is
the
the
architecture
of
the
commercial
side.
B
What
we
do
secure
effectively
think
it's
important
to
to
mention
the
open
source
projects
as
well.
Right
because
I
know
that's,
we
share
that
in
terms
of
dna
of
embracing
and
wanting
open
source
to
be
a
part
of
who
we
are
cystic.
What
I
lovingly
call
lowercase
systig
was
was
our
first
was
the
open
source
project
that
or
systig
as
a
company.
B
I
know
dave's
heard
of
falco
mike,
I
don't
know
how
familiar
you
are.
Falco
has
subsequently
been
donated
to
the
cncf,
so
it's
not
cystic
anymore
in
that
sense,
but
it
was
started
and
created
for
us
and
now
or
by
us,
and
now
it's
like
a
kubernetes
runtime
security
tool,
falco's
all
about
set
up
these
rules
to
detect
the
bad
things
or
the
things
you
don't
want
happening
on
your
systems
relay
that
back
and
let's
be
able
to
take
some
action
at
that
point.
C
A
A
B
Yeah
by
an
increasingly
well
first
of
all,
we
are
starting
to
put
more
sas
back
ends
in
region
where,
let's
say
a
company
in
germany
who
has
that
requirement
it's
in
frankfurt,
it's
wholly
owned
there.
Having
said
that,
let's
take
a
step
back.
You
guys
have
a
lot
of
customers
that
are
falling
into
that
ilk
right
right.
They
want
they're
looking
for
iron-clad
solutions,
that's
what
openshift
provides
right,
they're
looking
and
so
for
a
lot
of
our
joint
customers
in
the
past.
B
It's
all
been
on-prem
or
self-hosted,
which
we
support
as
well,
and
I've
started
to
shift
off
of
the
on-prem
term
more
to
the
self-hosted,
because
sometimes
now
that's
my
private
instance
in
google,
for
instance,
where
the
customer
owns
everything.
It's
not
really.
It's,
not
the
public
service
yeah
it's
in
the
cloud,
but
we
can
do
it
in
in
a
customer's
data
center
as
well.
So
that's
a
demand
for
for
many
of
those
customers.
Three
letter
agencies
you
mentioned,
and
we
can
we
can
meet
that
need
they
just
have
more
to
manage
at
that
point.
B
B
A
B
B
It's
great,
let's
talk
about
it
so
so,
first
of
all-
and
this
is
important,
because
organizations
can
get
overwhelmed
by
the
the
number
of
you
know-
their
business
grows
or
or
they're
suddenly
they're
they've
got
open
shift
and
they've
got
gke
and
eks
and
and
other
you
know,
so
how
how
do
I?
How
do
I
deal
with
that
environment
just
from
a
sheer
management
standpoint?
And
how
do
I
deal
with
that
environment?
B
Obviously,
then,
from
a
compliance
standpoint-
and
I
will
say,
the
perfect
segue
is
that
is
that
one
of
the
things
that
we
have
done
together-
and
this
has
brought
you
you
and
me
together.
Dave
frankly,
is
the
the
fact
that
you
guys
have
a
tool
called
advanced
cluster
management
to
make
sure
I
get
that
that's
right.
B
We
lovingly
say
rackham
for
the
red
hat,
advanced
culture
management,
and
the
goal
of
that
is
obviously
to
help
you
do
exactly
what
you
were
leading
toward,
which
is
manage
diverse
container
kubernetes
deployments,
whatever
they
might
be
and
beyond
management.
I
know,
there's
a
deep
focus
on
risk,
governance
or
governance
risk
and
compliance
so
that
we
can
say
grc,
right
and
yeah.
B
So
that's
an
important
consideration
and
the
good
news
is
that-
and
this
is
one
reason
why
people
choose.
This
dig
is
that
you
don't
have
to
have
multiple
cystic
back
ends
in
order
to
deal
with
that
environment
right,
you
can
still
have
one
and
we
will
consolidate
and
let
you
visualize
and
or
let
you
drill
into
one
or
the
other
which
we
can
get
into
if
I
have
time
to
show
the
demo.
C
C
C
B
Yeah
drop
in
the
ammo
and
it
starts
happening
right,
and
then
it
shows
up.
You
get
your
get
your
insights
and
the
rackham
ui
yeah
yeah
cool.
I
think
one
of
the
things
that
I
I
just
wanted
to
to
drive
toward
as
we're
thinking
about
compliance
for
containers
and
cloud,
because
I
think
this
will
allow
both
of
us
to
kind
of
showcase
a
little
bit
of
how
we
we
do.
B
It
is
kind
of
the
things
that
the
things
to
think
about
right,
one
of
the
first
ones-
and
I
mentioned
it's
like
yeah-
we
want
to
protect
users
and
data,
and
so
on,
and
even
at
systick
we
had
to
prove
who's
got
access
to
what
one
of
the
first
ones
is
all
about
access
control
right.
It
is
like
make
sure
that
this
is
all
buttoned
up
and
tightened
down,
and
I
I
think
that
that's
a
big
part
of
what
the
platform
of
openshift
does
in
its
own
right
to
help
with
that
yeah.
C
Absolutely
so
openshift
if
you
compare
openshift
and
just
upstream
vanilla,
kubernetes,
there
are
a
lot
of
services
that
involve
security
that
we
had
on
top
of
openshift
and
you
think
about
things
like
just
identity
providers.
You
get
a
default
set
of
identity
providers
out
of
the
box
from
openshift
that
you
can
choose
from.
You
can
obviously
bring
in
your
own
openshift
red
hat's,
all
about
customer
choice
and
being
open
about
that,
so,
which
is
why
we
love
our
partners
and
our
ecosystem,
because
red
hat
can't
do
everything
right.
C
C
Our
back
is
the
authorization
of
access
control,
allowing
users
to
be
part
of
a
namespace
or
a
project
or
allowing
a
pod
to
actually
run
in
a
certain
certain
project,
so
our
back
by
default
is
is
on
in
shift,
whereas
in
vanilla
kubernetes
you
have
to
you
have
to
start
it
with
a
flag
when
you
start
up
the
cluster,
and
so
those
are
the
type
of
things
that
open
shift.
Openshift
has
done
to
secure
the
platform,
and
then
you
know
obviously
systig
helps
to
ensure
that
we're
compliant
right
complying
around
those
things.
C
C
I
know
systig
was
very
helpful
in
that
process
as
well
as
we
shared
those
with
you
early
on
before
we
published
it,
but
it's
a
it's
a
huge
document
right,
it's
a
spreadsheet
with
six
different
tabs,
and
I
think
it's
now
in
a
pdf
format.
It's
50
some
page
or
maybe
even
more
a
couple
hundred
pages,
and
it
is
a
bear
to
just
go
through
that
and
say
well.
Am
I
compliant
with
this
benchmark?
Do
I
have
to
run
this
command
open
shift?
C
B
Yeah
and
and
and
try
to
make
it
a
little
bit
easier
to
see
again,
greens
and
reds,
and
here's
some
remediation
tips
and
so
on
so
yeah
yeah.
So
I
think
that
yeah
on
the
front
end,
you
want
to
be
able
to
check
that
at
your
environment
against
those
best
practices
that
again
includes
that
authentication,
more
and
more
people
are
driving
toward
least
the
principle
of
least
privilege
eric
carter.
The
marketing
guy
should
not
be
able
to
modify
our
running
production
sas
solution
in
any
way,
shape
or
form.
B
B
B
At
any,
given
time
you
want
to
know,
is
it
configured
the
right
way
and
is
it
configured
the
way
that
we
said
we
would
when
we
achieved
pci
compliance
as
an
example
right,
because
if
it's
not,
then
we're
at
risk?
If
those
auditors
show
up-
and
we
were
talking
about-
you
know
whether
that's
once
a
year
or
more
frequently
right,
and
so
you
want
to
manage
that
risk.
You
want
to
flag
this
configurations
as
best
you
can.
B
You
want
to
run
the
benchmarks,
and
so
now
we
know
our
platform,
hopefully
is
in
the
best
shape
that
it
can
be,
and
so
part
of
this
is
all
about
compliance
of
the
platform
and
part
of
it
then
will
shift
into
is.
Are
my
workloads
themselves
set
up
right
correctly
right,
and
I
think
we
both
have
a
hand
in
this
whole
idea
of
checking
things
before
we
even
decide
to
have
them
orchestrate
or
have
them
spun
up
in
our
openshift
environment.
C
Yeah,
so
you
mentioned
shift
left
earlier
and
we
think
about
compliance
and
all
those
frameworks
we
talked
about
pci
others
as
well
is
the
build,
adding
adding
those
checks
to
cystic
help.
You
with
you
know
making
sure
your
images
are
compliant.
Your
application
is
compliant.
How
much
of
those
benchmarks
are
handled,
you
know
and
and
properly
documented
or
whatever.
If,
if
you
do
shift
left
make
sense,.
B
Yeah
it
does,
I
think,
a
lot
right,
because
one
of
the
things
you
can
do
one
of
the
challenges.
Well,
let
me
back
up
one
of
the
challenges.
Is
it's
so
easy
in
the
world
of
containers
to
just
go,
get
something
whether
it's
off
of
your
red
hat
catalog
or
whatever?
It's
being
called
these
days
or
docker
hub
or
whatever.
C
B
This
and
I
got
this
container,
and
now
I
I
can
basically
start
using
it,
but
but
I
should
probably
check
for
a
few
things.
First
and
again,
part
of
those
configuration
checks
might
be.
Is
this
container
set
to
run
as
root?
That's
one
of
my
favorite
ones,
right
which
is
like
it
main.
It
probably
doesn't
need
to
be,
and
you
should
modify
that
before
you
decide
to
run
it.
B
You
should
check
also
that
this
thing
that
was
uploaded
a
month
ago
doesn't
have
a
bunch
of
known
vulnerabilities
in
it
right,
and
these
are
all
part
and
parcel
to
due
diligence
for
compliance
understanding.
What's
there
fixing
it,
so
we
do
help
with
that
right
and
we
can
help
you
even
outside
of
the
context
of
the
repository
of
the
registry,
implementing
this
with
things
like
jenkins,
tecton,
other
ci,
cd
tooling,
so
that
we
can
have
the
developer
understand
right
within
the
tool
they
know
and
love.
Oh
this
thing
this
os
package
needs
to
be
fixed.
B
This
third
party
library
has
a
vulnerability.
This
thing
has
a
password
file
in
it
that
probably
shouldn't
be
there.
This
container
is
configured
wrong
right
and
so
those
all
will
help
with
the
whole
equation.
Again:
that's
a
control
and
inside
systick
we've
pre-built
policies
for
pci
for
nist
and
for
other
things,
I'll
show
you
in
a
minute,
but
that
will
help
you
get
your
best
leg
forward
and
have
that
that's
a
control
that
you
can
prove
is
in
place.
C
B
I
see
a
lot
of
folks
that
don't
like
that,
because
it
stops
progress,
but
we
are
seeing
more
and
more
folks
using
admission
controllers
like
making
sure
that
it's
set
up
hey.
This
didn't
pass
that
scan
it's
not
going
into
the
cluster
right
and
we
have
some
tooling
within
cystic
to
help
with
that
kubernetes
emission
controllers.
B
B
That's
the
right
thing
to
do,
because
the
last
thing
you
want
is
to
get
in
a
rush
and
have
that
exposed
whatever
might
be
out
in
in
production,
and
someone
take
advantage
of
that-
and
you
know
it's
like
reminds
me
that
human
error
is
one
of
the
biggest
issues
here.
It's
like
getting
in
too
much
of
a
hurry.
Gartner
said
something
like
you
that
I
got
a
quote
here.
I'm
going
to
read
it
99
of
cloud
security
failures
through
2023
will
be
the
customer's
fault,
like
meaning
the
user.
The
human.
A
Eric
I
wanted
to
ask
you,
so
it
certainly
sounds
like
you
have
a
lot
of
opinions.
Are
they
just
the
world
according
to
eric
or
let's
talk
about
like
like
the
customers
for
a
second
and
like
aha
moments
and
kind
of
like
what
you
just
said
right,
like
you
know,
whatever
the
percentage
was
it's
like
pilot
error,
you
know
user
error.
What
what
have
you
you've
been
there
for
quite
some
time
you
I'm
sure
you
get
pulled
into
customer
conversations
all
the
time.
A
What
are
some
of
the
top
like
aha
moments,
that
a
customer
will
be
like
light
dawn's
on
rocky
head.
Can
you
share
any
of
those
with
us
like?
Well
we're
going
to
do
this,
all
ourselves
we're
going
to
we're
going
to
roll
it,
and
actually
let
me
let
me
let
me
give
you
a
20-year
backup
to
this
question.
A
So
I
was
a
solutions
architect
when
I
started
at
red
hat
in
2002,
and
you
know
I
had
a
couple
reps
that
I
was
supporting
and
you
know
we're
out
there
selling
to
goldman
or
you
know
more
or
trying
to
we're,
trying
to
sell
linux,
we're
trying
to
sell.
You
know
people
wanted
us
to
sell
them
on
open
source.
A
First
and
like
we
were
trying
to
sell
everything,
except
for
our
own
products,
because
you
know,
and
then
we
were
competing
against
internal
I.t
teams
who
were
like
threatened
by
red
hat,
because
we
were
gonna
take
away
their
crown
of
like
the
linux
king
and
their.
You
know
they're
like
well,
we
can
do
this
ourselves
and
if,
if
we
pay
red
hat
for
that,
then
what
am
I
gonna
do
and
like
do
you
see
any
of
that
from
the
security
and
compliance
space
the
customers
feel
other?
A
B
Yeah
it
is,
it
is
a
definite
challenge,
a
lot
of,
especially
because
a
lot
of
the
kind
of
cloud
native
stuff
sort
of
starts.
It's
it
wasn't
it.
You
know
it's
not
as
it's
not
a
huge
hasn't
been
as
huge
as
like
our
traditional
environment,
vmware
or
something
like
that,
and
so
these
teams
do
feel
like
they've
got.
It
nailed
it.
B
It's
funny
because
we're
talking
about
image
scanning
people
get
sort
of
seem
to
get
that,
probably
because
we're
used
to
virus
scanning
all
that
stuff,
but
sometimes
now
we're
the
the
the
this
team
that
got
so
excited
and
actually
has
done.
Great
work
is
now
we're
going
to
run
something
that's
important
to
the
business
in
production
and
guess
who
shows
up
it's
the
security
and
compliance
team
that
wasn't
invited
to
the
party
and
it
stops
right
and
part
of
that
stoppage
and
then
they'll,
say
hey,
but
we
scanned
our
images
and
they're
like
yeah.
B
C
B
Sometimes
you
know,
because
it
was
just
too
complicated,
it
would
slow
them
down.
Runtime
security
is
one
of
those
things
right.
It's
like,
oh,
I
didn't
even
know.
I
can't
we
just
use
what
we
were
using
and
it's
like.
No,
I
didn't
know
that
containers
would
be
different.
I
didn't
know
that
the
fact
that
a
container
might
live
five
minutes
or
less
or
something
would
be
a
challenge,
but
it
is-
and
so
there's
that
there's
that
aha
moment
now
we
are
seeing
companies
get
it.
B
I
I
use-
and
I
can
use
this
publicly
because
they're
our
joint
and
we
rewarded
them
last
year-
ford
right
ford,
I
feel
like
even
though
they're
a
hundred
year
old
automobile
manufacturer,
they
did
it
right.
They
they
knew
they
wanted
to
get
into
this
world
number
one,
and
there
was
a
small
team,
but
then
they
almost
held
their
own
mini
conference
inside
of
ford
and
brought
in
all
those
stakeholders.
You
rattled
off
a
bunch
of
them
a
second
ago
mike,
but
it's
like
the
compliance
team,
the
developers.
B
B
Then
they
started
searching
for
solutions
right
and
clearly
the
secure
platform
openshift
in
spades
right
and
then
they
put.
You
know
they
put
systick
through
the
ringer,
but
they
liked
again
the
fact
that
we
were
able
to
help
across
the
different
phases
right
because
the
developers
were
like
okay
make
it
easy
for
me
to
know.
There's
a
vulnerability
check.
The
devops
team
makes
make
sure
that
there's
no
surprises
when
something's
running,
and
I
don't
notice
that
someone
has
put
a
bit
mining,
bitcoin
mining
thing
out
there
for
and
it's
been
running
for
30.
B
You
know
make
sure
I
can
see
that
and
then
obviously
you've
got
incident
response
teams.
You
know
security
operations.
How
do
you
help
me
if
a
container
isn't
running
anymore?
So
those
are
all
those
are
all
things
and
then
again,
not
everyone
does
it
that
way.
Sometimes
our
invitation
into
an
account
is
because
there's
an
oh
crap
moment.
A
B
Eight
twenty
yeah-
it's
probably
I
would
say
this
if
you
go
back
you've
been
in
three
years.
If
we
go
back
three
years,
the
time
we
were
braiding
brought
in
was
when
they
didn't
realize
that
it
was
going
to
be
a
different
world
and
then
it
was
probably
more
60
of
people
were
reacting.
40
were
being
proactive,
that's
probably
flipped
at
this
point.
B
People
are
getting
more
and
more
educated
they're
starting
to
build
this
stuff
in
before
they
get
too
big
and
and
so
on.
So
that's
that's
a
blessing
for
us.
We
would
much
rather
be
vacant
earlier.
The
partnership
with
you
guys
helps
with
that
too,
because
they
see
that
slides
that
they
were
showing
earlier.
You
get
that
in
front
of
someone
and
they
start
going.
Oh,
I
didn't
even
think
about
that.
B
Let
me
do
this
before
I
even
get
too
far
in
this
project
forward
again
perfect
example,
but
again
we're
sometimes
when
we
can
come
in
and
be
the
hero,
though,
that
feels
good
too
right.
It's
like
oh
you're,
having
a
hard
time
seeing
that
spin
up
this
agent
and
it's
like
okay
click
here
and
there
and
then
see
now
you're
able
to
see
what's
going
on
and
that
you
know
that
makes
fans
for
assisting
as
well.
A
A
A
A
B
It's
a
great
question
and
it's
important
in
the
sense
that
yet
there's
no
one
solution
that
you
put
you
write
your
check
and
now
in
pci
or
nist,
compliant
or
stock2
compliant.
First
of
all.
Now,
is
it
helpful
to
try
and
find
a
solution
that
fights
off
more
so
that
you
have
more
visibility
without
having
to
hop
around
between
tools?
Absolutely
and
so
yeah?
The
point
the
point
there
is
that
you
know
security
compliance.
It's
never
done
by
one
tool.
B
You
know
you've
got
someone
doing
firewall
stuff,
you've
got
you
know,
and
not
all
of
us
can
do
all
the
things
we
try
and
do
more
and
more
with
every
kind
of
release
that
we
do,
but
we're
not
going
to
do
the
things
that
are
inherent
to
the
openshift
platform
right,
because
those
things
are
covered.
You've
got
se
linux,
you've
got
all
you
know.
You've
got
all
so
many
things
that
go
into
making
it
secure
from
day
zero.
B
But
you
know
recently
we
launched
cloud
security,
so
you
met
you've
routed
off
a
bunch
of
vendors
like
cloud
security.
Posture
management
was
really
more
about
public
cloud
stuff
with
something
like
we
didn't
do,
but
everyone
kept
asking
right,
you're
securing
my
workload.
Can
you
help
me
secure
the
the
surrounding
environment
even
better
like
if
I'm
running,
open
shift
on
aws
or
azure,
which
is
perfectly
viable?
We
have
customers
like
customers
doing
that
also.
Can
you
at
the
same
time
you're
showing
me
an
issue
with
containers
and
kubernetes?
B
B
I
believe
that
these
two
things
are
starting
or
need
to
come
together,
right,
visibility
that
shows
the
environment
as
well
as
the
workload,
and
so
our
our
goal
is
to
continue
to
expand
that
to
add
more
value
from
the
same
tool,
but
we're
not
a
firewall
company
as
an
example.
So
yeah
you'll
still
need
to
work
with
a
few,
hopefully
fewer
than
you
did
before.
C
C
C
B
B
The
bad
too,
by
the
way,
just
real
quick,
is
that
that
there's
always
some
innovator
right
and
so
there's
there's
open
source
stuff
that
comes
along
and
that's
why
we
try
to
build
on
top
of
open
source
so
that
we
capture
some
of
that
innovation.
I
think
of
oppa,
but
I
mean
as
far
as
ourselves,
we're
you
know,
we're
built
on,
obviously
our
own
stuff,
plus
we
have
prometheus
that
we
leverage
and
now
we're
leveraging
cloud
custodian.
B
C
B
C
B
Yeah
and
we're
not
controlling
any
network,
we
can
give
you
visibility
into
what's
happening
on
the
network.
So
that's
that
would
be
one
of
the
things
that
I
would
call
out
as
a
difference.
We
did
recently
enable
the
fact
that
something
to
help
you
simplify
using
what
kubernetes
has
for
controlling
networks,
kubernetes
networks,
curly
policies,
and
so
we
can
help
you
visualize
that
and
decide
like.
B
B
C
B
B
That
goes
down
to
the
compliance
standard
of
basically
saying
control,
who
has
access
and
how
right
or
you
can
do
this
thing,
where
we're
we're
able
to
overlay
what
we'll
call
composite
like
or
yeah
compo
with
like
the
kubernetes
activity
with
the
cloud
activity
and
then
even
drill
down
into
a
specific.
You
know
part
of
that
or
in
a
specific
name
space
and
to
see
oh,
like
detect,
crypto
miners
right,
and
so
you
can
get
an
idea
of
the
chain
of
things
that
might
be
happening.
B
One
of
my
favorite
new
views
in
this
whole
ball
of
wax
is
this
idea
of
users,
because
sometimes
it's
the
best
of
intentions
that
I'm
doing
something
for
my
business,
but
I'm
not
knowing
that
I'm
violating
a
an
important
policy
for
nist
right,
and
so
I
can
go
in
and
see
something
like.
Okay,
eric
lugo
he's
got
a
bigger
red
is
oh,
he
keeps
logging
in
without
the
right
kind
of
authentication.
B
If
we
get
audited
we're
going
to
be
in
trouble.
So
now
I
can
go,
have
a
conversation
with
eric
right
and
make
sure
that
this
is
all
properly
set
up.
So
this
is
the
idea
of
being
able
to
kind
of
have
multiple
levels
of
views,
and
I
noticed
again
this
is
new,
I'm
getting
the
hang
of
it,
but
I
noticed
that
I
can
do
things
like
here.
I'm
going
to
go
back
to
let's
go
to
the
compile.
I
can
even
do
things
like.
B
Okay,
if
I'm,
I
can
type
in
nist,
and
it
shows
me
the
things
that
are
happening
that
are
contrary
to
a
nist
best
practice,
or
you
know
dci
right
now.
This
is
kind
of
your
bird's
level,
bird's
eye
level
view,
and
you
can
start
to
do
things
like
click
into
it
and
and
so
on.
So
our
goal
is
to
give
you
a
vision.
Remember,
I
said
earlier
guys,
visibility
right.
So
this
is
one
level
of
visibility.
If
we
draw
it
back
into
the
build
phase.
B
I
just
want
to
show
this
real
quick,
because
I
know
we
don't
have
a
lot
of
time,
but
you'll
look
that
out
of
the
box,
because
we're
thinking
about
compliance,
there's
a
bunch
of
things
that
we
have
just
sort
of
added
for
you,
and
I
was
talking
to
one
of
our
customers
this
morning,
he's
like
yeah.
We
just
use
what
you've
provided.
This
is
an
image
scanning
policy
like
for
nist
and
what
what
it
does
is
it
tells
you
hey.
B
According
to
the
policy
right,
you
need
to
be
checking
for
these
things,
and
this
is
like
exposed
ports.
How
long
has
it
been
since
you've?
Actually
done
a
check
against
this,
do
you
have
you
know
user
setup
as
as
root,
and
so
you
can
get,
then
you
can
when
these
images
are
being
spun
up
before
you
push
it
into
production,
you
can
understand.
How
am
I
doing?
How
is
it
do?
I
need
to
fix
anything
right
so
again,
visibility,
visibility
and
build,
and
then
we
also
talked
about
the
cis
benchmarks.
B
B
B
About
the
the
visibility
into
cis
benchmarks,
everything
from
aws
to
kubernetes
to
openshift
and
so
on,
we
talked
about
runtime
right
runtime.
Is
that
I'm
now
running
my
container?
These
are
things
that
I
can't
find
with
image
scanning,
because
it's
often
human-based
this
is
somebody's
doing
something
suspicious.
I
love
I
love
scrolling
through
here
because,
like
suspicious
file
system,
changes
right,
private
credentials,
suspicious
network
tool
unexpected
right.
So
these
are
those
kind
of
things
that
we're
able.
This
is
built
on
top
of
that
open
source.
B
Falco
and
again,
you
see
in
here
some
of
the
compliance
controls.
Hipaa
fim
stands
for
file
integrity,
monitoring
right,
so
we
can
help.
You
understand
as
an
example
by
looking
by
applying
these
rules
observing
the
environment
if
it's
violated
to
trigger
an
alert
and
even
take
some
action
like
if
it's
violated,
I
can
kill
the
container
that
it's
happening
in
spoil
the
fun
of
the
hacker
right
and
then
openshift
will
spin
up
another
one.
B
Typically,
you
know
wherever
that
has
some
capacity
to
do
so
and
now
we
can
go
jump
into
action,
running
shells
in
a
container,
our
favorite
demo.
Right
so
again,
we've
tried
to
tool
in
things
that
are
going
to
help
you
and
if
you
look
at,
let
me
see
if
I
can
go
in
here
at
some
of
these
policies,
I'm
going
to
go
into
the
I'm
going
to
go
into
the
library
right.
We
have
tagged
my
screen.
The
way
it's
but
I'll
just
show
it
from
here.
B
We've
tagged
what
these
different
rules
that
you
can
apply
with
different
standard
tags
right.
So
if
I
need
to
do
nist
853,
I
know
that
I
probably
need
to
be
checking
for
crypto
mining,
outbound
connections
and
so
on.
Right
so
again
helping
you
customize
even-
and
this
is
this-
is
all
in
the
name
of
detecting
that
bad
behavior.
B
And
then,
if
something
triggers
you
know,
maybe
you've
got
a
security
operations
team
watching
right.
Oh
somebody
is
running
a
shell
in
a
container.
Where
is
that
happening?
What
is
it
fire?
Oh
man,
talk
to
our
our
auditors
are
showing
up
tomorrow.
I
better
get
get
a
handle
on
this
right
and
then
we
give
you
the
ability
to
to
respond
key
to
it
again.
Key
to
compliance
is
proof.
B
We
give
you
a
couple
ways
to
do
that.
You
can
view
an
activity.
Audit
and
dave
you'll
recognize
this,
that
what
we're
showing
you
here
is
the
ability
to
pull
in
and
understand
what
commands
were
being
issued
in
the
environment,
with
network
activity
who,
what
was
going
on
from
a
cube,
exact
standpoint
and
what
files
were
being
manipulated
yeah.
So
this
is
like
tracing
and
if
I
see
the
word
shred,
probably
not
good
right,
this
actual
command
is
all
about
trying
to
shred
that
I
was
doing
something
and
good
luck.
B
You
didn't
get
very
far
because
we
captured
it
and
our
next
level
of
detail
would
be
like
getting
into
our
capture
files,
which
we
don't
have
to
spend
a
lot
of
time
on
here,
but
capture
files
are
effectively
a
dump.
Now
now
we're
in
wireshark
land
right,
a
dump
of
all
of
the
system
calls
that
were
happening
before
during
and
after
an
incident.
B
So
now
we're
in
the
respond
phase
and
we're
able
to
kind
of
filter
through
and
see
who
was
doing
what
right
and
we
give
you
an
interface
as
a
jumping
off
point,
so
people
that
are
familiar
with
our
founders
kind
of
heritage
around
wireshark
will
start
to
recognize
this
piece
right.
So
our
again,
our
goal
is
to
to
give
you
visibility
into
the
kubernetes
containers.
Open
shift,
open
shift,
running
private,
open
shift
running
in
the
public
cloud.
B
Give
you
insights,
you
know
into
what's
happening
and
to
give
you
out
of
the
box
things
that
gonna
give
you
a
leg
up
on
being
pci
nist
talk
to
hipaa
compliant,
it's
not
a
magic
bullet
or
a
magic
wand,
but
it
gets
you
further.
Farther
openshift
plus
system
gets
you
pretty
pretty
close
to
having
the
controls,
the
validation,
the
automation
and
the
proof
right.
I
think
you're
in
much
better
shape.
B
C
C
C
No,
but
when
there,
when
there
is
you
know,
cystic
will
obviously
be
the
first
ones.
We
we
work
with
to
get
their
information
you
know
published
in
in
open
shift
and
in
that
manner,
but
right
now
your
compliance
operator
is
nice
if
you're
starting
out,
but
I
would
say,
for
enterprises
and
for
folks
who
really
need
to
comply
with
pci
and
those
frameworks
you're
going
to
want
to
look
at
system
and.
B
We
do
have
the
ability
to
sort
of
forward
what
we
discover
the
information
that
we
have
out
right
yeah.
So,
if
there's
a
tool,
I'm
thinking
about
rackham
again
is
one
of
those
things
where
you
know
future.
I
think
in
the
next
stage
it's
like.
Can
we
not
only
set
our
policies
there
or
get
things
set
up,
but
can
I
also
forward
back
so
that
I'm
once
again
in
the
name
of
simplifying
seeing
from
one
pane
of
glass,
even
if
the
data
is
coming
from
different
sources.
C
B
So
the
on
the
first
part
policies.
Yes,
some
of
those
you
noticed
have
just
like
a
slider.
Oh
turn
it.
On
turn.
On
inside
of
that,
it's
all
based
on
on
falco,
you
can
modify
those
to
fit
your
own
needs.
You
can
just
modify
what
we've
built.
You
can
pull
in.
Remember,
there's
the
little
color
easter
egg
bubbles.
You
can
pull
those
in
and
create
a
multi-faceted
policy.
B
The
rules
contribute
to
the
policy
which
then
gets
you
know,
starts
monitoring
environment.
So
that's
good
a
service
navigator,
I'm
not
sure
what
that
means
other
than
I
do.
We
do
give
you
the
ability
to
kind
of
we
capture
a
lot
of
metadata
context,
information
so
that
you
can
drill
in
your
views
from
cluster
level,
and
this
may
this
may
not
be
in
the
right
place,
but
cluster
see
what
the
name
space
looks
like
all.
B
We
built
you
those
views,
because
we
capture
the
context
and
that's
one
of
the
challenges
of
cloud
and
container
or
cloud
native
environments
is
it's.
I
don't
care
so
much
about
post
with
ip
address
x.
What
I
care
about
is
an
aggregate
my
service
running,
maybe
across
20
nodes
in
total.
How
is
that
doing?
How's
the
name
space
doing
how's
the
deployment
doing
so.
Would
you
give
you
that
visibility
that
may
or
may
not
be
what
service
navigator
meant,
but
that's
what
it
connects
in
my
mind.
C
B
B
A
Well,
we
are,
we
are
overtime
and
my
manager
has
been
chatting
me
on
google
chat
for
the
past
11
minutes
like
where
are
you
so
I
need
to
bounce
eric
carter,
dave
muir
from
red
hat
thanks.
So
much
for
those
who
are
are
either
watching
today
or
will
be
watching
the
the
reposted
video.
If
anyone
wants
to
get
in
contact
with
dave
or
eric,
and
you
don't
have
their
contact
information
dave,
muir's
home
phone
number,
please.