KubeCon 2020 Q&A: Capsule8 Showcases Monitoring and Detection for Production Infrastructure

November 12, 2020

KubeCon 2020 Q&A: Capsule8 Showcases Monitoring and Detection for Production Infrastructure

Written by David Marshall

KubeCon + CloudNativeCon 2020 goes digital. Will you be in attendance? If the event were physical, we would have looked forward to visiting with Capsule8. So we reached out to them digitally instead.

Read this exclusive pre-show interview between VMblog and Kelly Shortridge, VP of Product Management and Product Strategy at Capsule8, a pioneer behind production-ready infrastructure security for Linux systems. Designed to avoid costly downtime, overloaded hosts, or stability snafus unlike traditional security tools, organizations depend on Capsule8 to efficiently protect their Linux workloads with detection, investigations, and protection in any environment.

VMblog: Do you have any speaking sessions during the event? If so, can you give us the details?

Kelly Shortridge: I'll be presenting a session during the co-located Cloud Native Security Day on November 17th at 12:25 on the topic of replacing security theater with security chaos engineering. Information security too often fulfills the stereotype of the surly gatekeeper, pursuing security theatrics -- the term encompassing primarily performative (and often punitive) measures that don't support superior security outcomes. What I propose the industry adopt instead is a security chaos engineering approach, one which embraces the importance of convenience, alignment with organizational goals, and the wisdom derived from failure.

This talk covers only a sliver of security chaos engineering as a practice, so I recommend viewers also download the recently released "Security Chaos Engineering" O'Reilly publication I wrote with my co-author Aaron Rhinehart. It's available for the lovely price of free, and is the first publication to dive into how organizations can pragmatically adopt a security chaos engineering approach.

VMblog: How does your company or product fit within the container, cloud, Kubernetes ecosystem?

Shortridge: Capsule8 provides monitoring and detection for production infrastructure, which basically means that we enable teams to keep all their Linux-based systems operational. The reality for most organizations is that production isn't exclusively running on containers, Kubernetes, or a single cloud provider, and we understand that. Our customers receive the same capabilities across all their infrastructure types, which helps them protect system operations consistently across their current mix of environments and wherever they plan to migrate in the future.

VMblog: Can you give us the high-level rundown of your company's technology offerings? Explain to readers who you are, what you do, what problems you solve, etc.

Shortridge: The modern non-negotiable in I.T. is hitting your uptime and availability requirements -- that's the top priority for most organizations when it comes to delivering services to customers. But, the reality of complex systems is that there is a lot outside of operators' control that can jeopardize that uptime, whether deliberately malicious activity by attackers, accidental or careless activity by developers, or the general issue of systems deviating from expected behavior. Capsule8 is built to monitor production infrastructure and immediately detect those issues so organizations can restore service as quickly as possible and recover from failure gracefully.

VMblog: And while talking about your products, can you give readers a few examples of how your offerings are unique? What are your differentiators?

Shortridge: Linux environments were traditionally ignored by security vendors and the importance of uptime and operational performance in production is still completely overlooked by most security vendors. Capsule8, however, understands what matters to both security and ops teams in keeping infrastructure safe, and we can execute on that understanding with decades of experience remotely administrating Linux systems. We treat production infrastructure as the highest priority asset that it is, rather than copy pasting Windows malware detection techniques that are not only irrelevant on Linux, but entirely miss how attacks are actually conducted on Linux and the types of accidental behavior by developers that can lead to production incidents.

Our architecture also reflects this understanding of the criticality of production uptime as a revenue engine for modern businesses. We don't use a kernel module (a mix of kprobes, perf, and BPF instead), we enable resource limitation (memory, CPU, and event rate), and we perform local analysis rather than hoovering up data and sending it across already busy production networks. This is why we're often seen as one of the few security tools Ops teams feel comfortable deploying in production.

VMblog: At what stage do you feel we are at with regard to containers? Is there anything still holding it back? Or keeping it from a wider distribution?

Shortridge: It's safe to say that containers are here to stay. But, people are realizing that it isn't a panacea for their multiplicitous software delivery and operational challenges. I think it's a healthy place to be -- the hype is now tempered, allowing for more thoughtful and honest assessment of when and how containers are optimally deployed.

VMblog: There will be plenty of interesting topics covered during the KubeCon keynotes. But can you take this opportunity to share your own thoughts about any big changes or directions you see for this industry?

Shortridge: I'm obviously hopeful that the O'Reilly publication on Security Chaos Engineering I wrote with Aaron will stimulate conversation about harnessing failure as a learning opportunity to fuel continuous improvement in both speed and stability within software delivery. A big change I'd love to see industry-wide, drawing on the report, is more organizations embracing the practice of engineering teams adopting accountability for security changes and issues. A solid cluster of large tech companies have already adopted a Security Champions model (which we highlight in the report), but it would be inspiring to see more movement across a broader set of organizations towards unifying responsibility and accountability in security. The traditional model of security as a gatekeeper in a silo just doesn't cut it anymore in a world of speedy, distributed systems operating at scale -- and, as evidenced by the lack of progress over the past two decades in infosec, arguably never cut it before, either.

Published in KubeCon + CloudNativeCon 2020

Tagged under

David Marshall

David Marshall has been involved in the technology industry for over 19 years, and he's been working with virtualization software since 1999. He was able to become an industry expert in virtualization by becoming a pioneer in that field - one of the few people in the industry allowed to work with Alpha stage server virtualization software from industry leaders: VMware (ESX Server), Connectix and Microsoft (Virtual Server).

Through the years, he has invented, marketed and helped launch a number of successful virtualization software companies and products. David holds a BS degree in Finance, an Information Technology Certification, and a number of vendor certifications from Microsoft, CompTia and others. He's also co-authored two published books: "VMware ESX Essentials in the Virtual Data Center" and "Advanced Server Virtualization: VMware and Microsoft Platforms in the Virtual Data Center" and acted as technical editor for two popular Virtualization "For Dummies" books. With his remaining spare time, David founded and operates one of the oldest independent virtualization news blogs, VMblog.com. And co-founded CloudCow.com, a publication dedicated to Cloud Computing. Starting in 2009 and continuing all the way to 2016, David has been honored with the vExpert distinction by VMware for his virtualization evangelism.