Sysdig builds open-source solution for cloud and container security in the modern infrastructure
The container and cloud security market is riding a wave of growth, and one of the companies capitalizing on that opportunity is Sysdig Inc.
Founded in 2013, Sysdig grew out of an open-source project to troubleshoot issues in the modern container-based infrastructure. The company’s founder and chief technology officer, Loris Degioanni (pictured), had successfully combined an open-source implementation for a network analyzer with a commercial solution in his previous company called CACE Technologies.
Degioanni and his Sysdig colleagues sensed that the growth of applications in cloud environments would require new tools for monitoring and security.
“Let’s try to understand where the cloud is going, where containers are going,” Degioanni said. “What does it mean to offer deep, rich but at the same time lightweight and easy-to-deploy security and visibility for a new way of writing software? That’s how Sysdig was born.”
Degioanni spoke with John Furrier, host of theCUBE, SiliconANGLE Media’s livestreaming studio, in advance of the AWS Startup Showcase: Open Cloud Innovations event. They discussed how the shift from in-house network devices to cloud necessitated a different monitoring solution, the development of Sysdig’s offering from an open-source project, the firm’s close partnership with Amazon Web Services Inc. and the importance of trust in community-based software development. (* Disclosure below.)
Decoding the network
Degioanni built his previous company on an open-source network analysis tool called Wireshark, which was ultimately acquired by Riverbed Technology Inc. in 2010. Wireshark is a packet analyzer that allows users to see what is happening in the network at a microscopic level.
“When we were doing network packets, we were using network devices to collect information,” Degioanni recalled. “The data that is being transferred on the network has some very nice properties; it’s rich and very deep. When you can see and decode what’s happening on the network, you can understand what applications are doing. Packets never lie.”
But by the middle of the last decade, the landscape had shifted. Enterprises were rapidly moving operations to the cloud, and a packet-based approach was no longer practical.
“All of the sudden we’re moving to the cloud and the router, which was the vantage point for this beautiful way of doing security and visibility, disappears,” Degioanni said. “I was sure that what we were doing before was useful and powerful for the users, but I was also sure the world was going to change. The retrofitted solutions were not going to work, so I decided to start from scratch.”
Reliance on Falco
The solution became Falco, an open-source project originally created by Sysdig and now managed under the auspices of the Cloud Native Computing Foundation. Sysdig Secure leverages Falco to continuously detect threats and anomalous behavior across containers, Kubernetes and the cloud.
“A substantial portion of our commercial product is an extension of Falco,” Degioanni explained. “I compare Falco to the security camera for your containers, your hosts and your cloud infrastructure. In software infrastructures, you can still have your firewall, but then you use a ‘security camera’ like Falco that is able to observe every single container, every single process, every single machine, and every single network connection.”
Sysdig has partnered with AWS to fine-tune the Falco open-source project. In October, Sysdig announced that AWS would provide a CloudTrail plug-in for real-time detection of unusual behavior in Amazon cloud services using Falco rules. The plug-in for Falco provides a basis for supporting other cloud environments and operating systems.
“A tool like Falco can be the security camera for AWS Fargate as well,” Degioanni noted. “AWS and team members at Amazon have made many contributions to Falco.”
Trusting the community
Sysdig’s customer base has grown by 140%, serving nearly 700 customers, with average annual recurring revenue of more than $875,000 across its top clients. The company recently closed a Series G round that garnered $350 million in additional funding.
Enterprise reliance on open-source tools has come under increased scrutiny in recent months, following a string of cyberattacks that exploited vulnerabilities in the community-guided software. Sysdig’s solution, and continued coordination with CNCF, offers an example of how the open-source world is addressing security challenges in the rapidly evolving cloud native ecosystem.
“Our focus was to fill the gap with runtime security for containers, for Kubernetes, and also for cloud, but we need to do it in a way that is community-first,” Degioanni said. “It’s a great partnership because the CNCF is a great home for all of these projects and really makes it possible for the users to trust a project in a way they know. The users can trust this project and know it is community driven.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the AWS Startup Showcase: Open Cloud Innovations event. (* Disclosure: Sysdig sponsored this segment of theCUBE. Neither Sysdig nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Photo: SiliconANGLE
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU