Multi-Cloud Security and Visibiity Agnostic…. And Awesome 

About Me Dan Papandrea @popsysdig Current -Field CTO - Sysdig Former HPE Helion Principal Architect (PCF, Openstack, Hybrid Cloud) Former Lead Solution Engineer - SS&C Son of a pizza man... 

Agnostic Defined 

Awesome.. Defined. If I have to tell you… you probably need more awesome in your life 

I think this talk will help you with your Awesome…... 

Reality of MultiCloud and Cloud Native 

Multi-Cloud Paradigms Choices… Cloud Provider Private Cloud Hybrid All of the above 

Microservices: The default development model of Multi-Cloud Kubernetes Microservices Multi Cloud • Innovation pace • Cost efficiency • Risk mitigation 

You can’t secure or SEE..what you cannot see Cloud-native leaves you blind. Cloud-native ops fails without dynamic context and scale. Containers disappear and leave no trail. 

Legacy Point solutions Legacy or point solutions do not work. Secure & Reliable DevOps for Cloud native requires purpose-built tools ● Not built for cloud-native apps ● No Context ● Not built for DevOps ● Invasive instrumentation ● Limited context ● Lack scale and data depth 

Visualization… its Prometheus or bust Vendors/OSS Solutions Deployment and Security -I swear to you im not being bribed by Armon Dadgar Visibility/Troubleshooting CLOUD Provider Tools (Cloudwatch etc) CLOUD Provider Registries (ECR, GCR, ACR etc) 

Cloud native changes DevOps workflows Security Availability Reliability ● Monitor performance & capacity ● Troubleshoot issues Ops functions ● Scan for vulnerabilities ● Apply runtime policies ● Triage security alerts ● Support forensics/IR Security functions Operations and security functions converge for Secure DevOps 

Context is King… and Queen…. and Rook.. and Bishop… and all the horses and all men Unstructured mix of data coming from individual hosts, VMs, and containers Enriched Context HOST HOST HOST HOST HOST HOST HOST HOST HOST HOST HOST HOST HOST HOST HOST SVC 1 SVC 2 SVC 3 SVC 4 Organized insights for applications, services, teams “How many CVEs have been identified in a particular namespace?” “Did a user access a container in a namespace in scope of PCI” “Which services are consuming the highest amount of CPU, memory, and network bandwidth” Common questions answered 

Event Forwarding Response Actions Alerts Workflow of your cloud-native lifecycle BUILD CI/CD Security Registry Security Services Context Infrastructure Labels / Metadata (CONTEXT) Cloud Command Center SIEM Remediation RUN RESPOND Master Node Node Self-hosted SaaS Image Vulnerabilities IR / Forensics Sysdig Platform Metrics, Events Security Policies Events and Alerts, Commands and Captures On Prem 

Sysdig Platform: Agnostic and Awesome Visibility/Security Deploy securely Block threats at runtime Remediate and respond Full stack cloud-native visibility Run reliably at scale Troubleshoot quickly 

Unleash your Awesome…. FALCO.ORG 

Thanks!