Freely subscribe to our NEWSLETTER

Global Security Mag: Good afternoon, Denis and Harold. Global Security Mag is pleased to have you with us. And the first question is, how your professional journey brought you to your current positions? 

Harold:I am Harold, and I’ve been in IT (Information Technology) since 1984. I started as a programmer and then slowly transitioned into a role of pre-sales and finally ended up in sales in 1989. Since then, I’ve seen many paradigms in terms of hosts and mid-market solutions and then finally PCs, but I’ve been selling software and related to enterprise businesses all my life, so, B2B (Business to Business) basically. And during my career I transitioned into a role of IT infrastructures Coach and then of course security and then finally ended up in the cloud security space, which I’ve now been doing for about five or six years. 

Denis: My name is Denis. I’ve been with Sysdig for more than five years by now. Before starting to work at Sysdig, I started my career around I would say 1998, where I moved into a technical role, so I started as a systems engineer working in Germany with four different companies as a Consultant. Then, since I was curious about Linux in the early days when Linux was not a thing, I started to get interested in Linux. This then brought me to Red Hat, where I was working as a solutions architect. And since everything around infrastructure was evolving, it was also very interesting. At that time, the containers were operating with virtual machines. So, I moved to VMware, where I was working again as a solutions architect. After that, I moved to SimpliVity which was my first startup and again, I was working as a pre-sales engineer or systems engineer. What has really changed my view of how companies work is that if you work in a smaller team and in a start-up, you’re more efficient, and I like that idea. Then, at the same time, something new appeared out of nowhere. In 2016, Docker became very popular. Some of my friends got into it as well and since this was a brand-new technology like Linux at the time, it caught my interest and I did everything I could to get into it. So I worked for the first year as a consultant, which led me to work for the government as a Docker consultant, and that showed me how complex and difficult it is to introduce new technologies in large companies. Next to the government, I was working with other big companies as well. But what was fascinating was that sometimes you can see that people adopt technology not because they need it, from a needs point of view, but rather because they have to do it, otherwise they’d be too late. After Docker, the most logical decision for me was to start working with a security company and Sysdig was my choice and I still love it here.

Global Security Mag: Could you tell us the key elements that make Sysdig unique, that make the difference, compared to your competition? 
                     

Harold: From a sales perspective I’d say, as I’m sure you’re familiar with the expression of the CNAPP, the cloud native application platform, many companies out there in the market claim that they do that, but if you look behind the scenes most of these companies are coming from a space like EDR, and they try to translate what they do for the endpoints and move into the Cloud. One of the major differences that Sysdig has is that we are coming from the container space, Cloud Security space right from the beginning. So, we created an entire platform focusing on the Cloud space and Cloud Security space and Cloud Native in the true meaning of that expression, CNAPP. So, we are not trying to translate anything that is coming from the old legacy world into a new world. We’ve really built our platform from scratch, which doesn’t mean that we are new and inexperienced. It is exactly the other way around. We’re very experienced, because we focused on that right from the beginning. You may know Loris Degioanni, the Founder and CTO (Chief Technical Officer) of Sysdig and member of Wireshark’s Board, and he also headed the development of Falco, an open-source tool recognized as a project under the Cloud Native Computing Foundation (CNCF). So, we exactly know what we are talking about and Loris’ idea was to translate the monitoring and the security level of Network Security to containers and to the cloud, and this is what we are doing very well, and we are renown in the market for being basically the de facto standard and Falco is the real-time detection security camera widely accepted in the market, which is one of the major differences. Having an open-source legacy and history is also important in general and very important for us. There are competitors out there in the market who claim to do CNAPP as well, but they work like black boxes. Everything is hidden and customers don’t really know what’s going on, and they don’t have a chance to investigate what is happening. We are true believers in the open-source community. I have been with Sysdig for two and a half years now, and given my age (above 60), I did some diligence into how serious this player is. I must admit that my trust in the company is very high. That is why I’ve bet my career on this company, and I’m not disappointed because the demand is there, we do the right thing for the market. 

Denis: Harold already said everything, I would say. The only thing maybe which comes to my mind is that Cloud attacks are getting faster. It’s not like in traditional legacy or like on-prem world where it takes days or hours to verify that there’s a potential exploit available and being able to reach into the systems. Now, since the services are being spun up very fast and very shortly, the attacks are happening ten minutes after a service was deployed or is available on the Internet. That’s why we have also introduced the 5/5/5 rule of thumb or benchmark, which indicates five seconds to detect, five minutes to triage, and five minutes to remediate. Because a proper cloud detection and response platform right now should be able to react in real-time, and real-time is the key here. 10 minutes is real-time compared to many other solutions out there in the market. Five seconds to detect there is a breach, five minutes to correlate the different information and to conclude, and five minutes to fight the breach. 

Harold: The attacks are becoming much more sophisticated. We are seeing that not only with the rise of AI (Artificial Intelligence), the malicious users or attackers are using a lot of automation, and that’s why the attacks are happening basically autonomously and automatically without the classical scene from the movies where the guy is sitting and trying to hack. It’s just operated by botnets, and it’s all happening fast. 

Global Security Mag: What are your key messages to our readers? CISOs, CIOs, and Cybersecurity Managers?  

Denis, Harold: My first advice would be, be faster than your attackers. That is something that we can recommend. And being faster means start to understand what you have. You can only protect what you know you have. So be aware of your environments and the potential back doors and breaches and focus on that. A peer recently asked which crocodile should I shoot first? Which is the closest to my boat, and which is the biggest risk? This means that you should have an awareness of the risks and a strategy for determining which risks you are exposed to and which ones you want to fight first. What I mean by that is that there are many risks out there, but on which risk should you focus, and what is exploitable? What is in use? At Sysdig, we can narrow down what is in use, so what the real-risk scenario that you’re facing is, and we focus on that first. You should know what you must protect, focus on the crocodile that is next to your boat. Then, communication to the company’s Executive Board is essential for CIOs and for CISOs, specifically for CISOs, because they consider risk differently than the Executive Management does. They also look at financial exposures, on how the market is developing, for example, which cars will be built in five years, or so. And when a CISO talks about risk, it’s really about attacker scenarios, network protection, perimeters, and they align with the language and the strategy of the company. This is a more general approach, but it’s essential to speak the same language and communicate about risk, risk awareness and risk tolerance. Which risks are you willing to tolerate, and which are jeopardizing the business, the company’s business? And not necessarily every risk in IT is jeopardizing the business. So, align with the values. That is what we would recommend that CISOs specifically should focus on. Priorities and business risk assessment.

Talking about prioritization, as the big environments which security teams need to overview and secure, it’s very difficult to prioritize proper attacks and since we have introduced a cloud attack graph in our solution, which combines all the different findings, giving not only a prioritization for an actual risk but for a potential risk as well and since security teams struggle with alert fatigue, we also recently introduced Sysdig Sage, which is basically an AI agent, which is completely context aware of our solution, and it gives the user the complete explanation based on large-language model of the events, of what they’re looking at and how to understand what is happening. Sysdig provides a full explanation of why it’s a risk, why it’s a hazard and provides full remediation.