Not many people know that cloud-native security application provider Sysdig is the founder of the open source threat detection platform – Falco. With their commercialised application based on the Falco core, Sysdig is expanding its operations by providing its cloud-native application protection platform via a localised AWS data centre in India. In a conversation with OSFY’s Yashasvini Razdan, Sysdig’s Gavin Selkirk, Vice President and General Manager of Asia-Pacific and Japan, and Simarpreet Singh, Regional Director, India, got candid about threat detection and what Sysdig brings to India…
Q. What is the need for a cloud-native application security solution for container monitoring?
A: Organisations are grappling with their security requirements from two perspectives: prevention, which is focused on hardening an environment (often referred to as cloud security posture management), and cloud workload protection (container security). The reality is that organisations need both. The industry has coined the term cloud-native application protection platform (CNAPP) to cover both these core capabilities. Sysdig Secure covers a variety of use cases and spans the software development lifecycle. For instance, in terms of cloud workload protection, organisations deal with cloud detection and response and vulnerability management. Sysdig addresses these complex use cases, with a particular strength in real-time security for containers and Kubernetes.
Q.With so many security threats, how is it possible for a single platform to handle all, and that too in real-time?
A: Cloud attacks happen within minutes, so the cloud security challenge for organisations is twofold: detecting and responding to threats before malicious actors can complete attacks and identifying which vulnerabilities — among the thousands that exist — pose an immediate risk.
To tackle the first challenge, we built the world’s first and only cloud detection and response framework (555 Benchmark) with analysts and practitioners across the industry to help security teams prepare to outpace threats: 5 seconds to detect, 5 minutes to investigate and correlate signals, and 5 minutes to initiate a response. The Sysdig CNAPP provides teams with correlated findings and anomalies. To support the second challenge, Sysdig comes with an “in use,” feature, previously known as risk spotlight, to pinpoint vulnerabilities within specific microservices of an application that are actively exploited. This capability allows us to notify organisations promptly, urging them to address critical vulnerabilities within 24 hours. CNAPP solutions are associated with being noisy due to the fast and vast nature of the cloud, but by focusing attention on what matters, our solution filters out 95% of alerts. It is a key differentiator in our product and attracts many organisations to us, including very large organisations that understand the competitive edge real-time security offers.
Q. Do you have a free version for the solution?
A:We don’t offer a free version of Sysdig Secure, but Falco is the de-facto standard for cloud-native threat detection; we created Falco and donated it to the Cloud Native Computing Foundation (CNCF). It forms our core and is open source software for all. We operate on a Pareto principle basis, focusing on the critical problems we solve. Organisations interested in our solutions typically engage in a proof of value (POV) approach. For a fixed period, which can range from a week to two months, we demonstrate how our product addresses their specific use cases and solves their challenges. Through these POVs, customers experience firsthand the benefits of our product.
Q. What role does open source play in your quest to reach out to more customers?
A: We are a company of builders and open source is at our core. We started with open source tools and then expanded into our commercial product offerings. We did this because we believe in the power of open source and the community. We know the bad guys are working together and we believe defenders should do the same to push each other to be more secure, competing vendors included.
We donated Falco to the Cloud Native Computing Foundation (CNCF) because we know the power of threat detection and response, and wanted to push the security industry. But we did not stop there. We are the main sponsor of Wireshark, the most popular network analyser, which we are working to extend to the cloud. Our open source-dedicated engineers also contribute to other projects, including eBPF. We donated the largest repository of eBPF libraries a few years ago. By working with the open source community, we can help push the security industry forward, and by building our products on open source, our customers have visibility into their security, giving them more flexibility.
Q. Are you also integrating other open source components in your commercial version, besides Falco?
A:We’re deeply rooted in Falco. Our founder, Loris Degioanni, was a co-creator of Wireshark. He recognised early that containers would have the same visibility challenges as networks, which is the idea Sysdig was born from, and he started first with open source tools. Our contributions to the open source community have been substantial, which I already mentioned. Falco, for example, has around 120 million downloads and is used by companies like IBM, Google, and AWS.
Q. What are the challenges that come with integrating open source components in your commercial offering?
A: Foundationally, we believe in cloud security — that a more secure cloud is fundamentally a good thing across the board. Falco’s open availability is one way we’ve made security available to all. When it comes to Sysdig Secure, Falco users and others alike become customers because they see the value it brings for simplicity, capability, and scale.
Q. Do you think with the advent of large language models (LLMs), the threat to privacy and security has risen?
A: The data was always there to be taken, so it’s not like LLMs have created new data to be stolen. Securing an LLM should be approached as securing any data. What has changed due to AI is the number of attacks and the sophistication. Humans are uniquely susceptible to making mistakes — nearly 90% of breaches are a result of human error. The Sysdig Threat Research team coined the term LLMjacking — attackers gain access through a vulnerable application at the most basic level. Using stolen credentials, they then run a reverse proxy to gain access to an LLM. From there they use the stolen access to rack up bills as large as $46,000 per day.
Our team has also seen evidence of the stolen access being sold on the dark web to people in countries where they do not have access to the LLM. Real-time threat detection and response should be non-negotiable so that you can respond immediately. Companies need to be prepared to contain the blast radius.
Q. What are your engagements with generative AI?
A: We have a generative AI element within our platform called Sysdig Sage. In events where the team has only minutes to respond to an attack, Sysdig Sage allows for quick conversations using multi-step reasoning and contextual awareness. The conversations consider previous context for more in-depth answers. Built on a unique autonomous agents’ architecture, the product suggests next steps, based on the knowledge of where the user is in the product and directs the user’s workflow.
Q. Which industries in India stand to benefit the most from such a solution?
A: We are incredibly proud to have launched the first real-time cloud security software-as-a-service (SaaS) platform in the Indian market. Any organisation that feels its data, if leaked into the open market, poses a risk to their business—whether it’s a monetary risk or a risk to their brand—needs this kind of solution. Over the last year and a half, we’ve seen surprising interest from industries we never expected, such as delivery and logistics companies. These organisations are investing in security solutions because they have data and reputations they don’t want compromised.
Q. What are the target personas who stand to benefit from this solution?
A: The most obvious users would be security practitioners—people who work on organisational security. Most people think security tools are restricted to the CISO’s office and its team. However, the bigger concern lies with the people developing the product. This includes developers of banking, delivery, or e-commerce applications who are responsible for the company’s business. Our solution helps these people roll out applications faster and more securely, ensuring there are no bugs in the application and that it cannot be exposed or hacked by outsiders.
We use the term “shift left,” which is common in the industry, but also “shield right.” In the past, we worked in what was called DevOps, but now it has been renamed DevSecOps, as you cannot separate development, security, and operations—they must be free-flowing. Regarding the specificity of roles, whether they are security architects or solution architects, it touches the entire spectrum of people within the DevSecOps environment in organisations.
Q. How does Sysdig reach out to these target personas?
A: We reach potential customers through various methods, including working closely with our partner ecosystem, direct outreach and marketing initiatives. However, one of the most effective strategies for us has been peer references, which includes our community of customers and users. When a customer secures our services, they often refer us to colleagues in other organisations, leading to significant success.
Q. What is your engagement with the open source community like?
A: We have been a long-term sponsor of the CNCF and we’ve participated in countless community events. From free conference talks to hosting open source meetups, we are fully ingrained in the open source community.
Q. How do you balance your commercial offerings with your commitment to open source?
A: For Sysdig, our open source foundation has always been a key differentiator. Fundamentally, we believe in cloud security — that a more secure cloud is like a rising tide that raises all ships. Falco’s open availability is one way we’ve made security available to all. When it comes to Sysdig Secure, Falco users and others alike become customers because they see the value it brings for simplicity, capability, and scale.
