Christophe Baroux Sysdig: We focus on solving the problems that teams need to solve
February 2023 by Marc Jacob
Sysdig, created in 2014, now has 700 employees worldwide. It has launched a security offer for containers and the cloud. Sysdig Secure, a Cloud Native Application Protection Platform (CNAPP), provides cloud and container security to stop breaches without wasting time. Sysdig Monitor simplifies cloud and Kubernetes monitoring. Christophe Baroux SEMEA Sales Director of Sysdig we focus on solving the problems that the teams need to solve.
GSM: Can you introduce us to your company?
Christophe Baroux : Companies are adopting containerized microservices, CI/CD, and on-demand cloud services to speed innovation. However, traditional tools cannot keep up. Securing the cloud requires a security stack built on open standards that automates security across hybrid environments. To help teams building in the cloud, Sysdig delivers security to stop breaches. The company has taken a unique approach to container and cloud security by focusing on runtime in order to provide security throughout the lifespan - from source to run.
Sysdig was founded by Loris Degioanni, a co-creator of Wireshark. He realized early on that containers would have the same visibility problem packets have, which started him on the journey of launching Sysdig. At the onset of the company’s founding, Degioanni and his team created an open source forensics tool named Open Source Sysdig, as well as Falco, the open source runtime security standard. Falco contributed to the CNCF in 2018 and today it has more than 50 million downloads, 480% growth in the last two years. As organizations realize the importance of runtime, contributions to Falco quadrupled over the last two years.
GSM: What is your flagship product or service for 2023?
Christophe Baroux : Sysdig has two flagship products – Sysdig Secure and Sysdig Monitor.
Sysdig Secure is a cloud-native application protection platform (CNAPP) that delivers cloud and container security to stop breaches with no wasted time. The platform includes:
• Cloud workload protection (CWP)
• Cloud security posture management (CSPM)
• Cloud infrastructure entitlement management (CIEM)
• Vulnerability management
• Cloud detection and response
Sysdig Secure provides real-time threat detection with no blind spots. Teams can prioritize the vulnerabilities that matter, reducing the number to patch by up to 95% based on in-use exposure. Sysdig provides guidance on how to fix misconfigurations, excessive permissions and compliance issues to speed resolution.
Sysdig Monitor radically simplifies cloud and Kubernetes monitoring and helps lower costs with deep visibility into cloud-native workloads. Sysdig displays all important information in a single unified view with actionable remediation steps. Sysdig’s cost-savings estimates are based on utilization metrics to help teams prioritize rightsizing efforts to save an average of 40 percent on their cloud bills.
GSM: What are the strengths of this offer?
Christophe Baroux : Sysdig is the best in the world at threat detection and response. Building on Falco, and layering in machine learning-based detection curated by the Threat Research team has led to Sysdig’s strength in threat detection and runtime security. As cyberattackers target the software supply chain more frequently and developer teams increasingly rely on open source software and third-party code, it’s alarmingly clear that teams cannot neglect the threats that arise in production. “Shift left” alone is not enough, as it is impossible to guard against every unknown threat. By focusing on real-time threat detection throughout the software development lifecycle, security teams can strengthen and protect their application environment.
GSM: who are Sysdig’s customers?
Christophe Baroux : Sysdig has hundreds of customers around the globe in more than 40 countries, including BlaBlaCar, Societe Generale and Goldman Sachs. Sysdig’s fiscal year just ended Feb. 1 and we experienced more than 120% in new customer growth last year. Sysdig analyzes more than 7 million containers daily for hundreds of thousands of applications. Late last year, the company was named to Deloitte’s Fast 500 list, and was recognized as a leader in innovation and growth by Frost & Sullivan in the analyst firm’s Global CNAPP Radar Report. Frost & Sullivan also named Sysdig the 2022 Container Company of the Year.
GSM: How do you support your customers?
Christophe Baroux : Sysdig focuses on the entire lifecycle, from source to run, but as I mentioned, we have taken the approach of using runtime insights to enhance all elements of security. While a lot of cloud security tools focus on shift left, and we provide solutions for shift left, we believe you need security that covers the entire lifecycle to catch threats that arise in production. For example, we’ve found that 87% of container images running in production have a critical or high vulnerability.
Many different attack vectors exist, and issues like ransomware, cryptomining, or other compromises aren’t prevented by scanning code or images. Not to mention that container vulnerabilities are discovered daily. Your container, which seems safe one second, can become a potential victim of newly disclosed exploits. Shift-left alone is not enough.
“Shield-right” security emphasizes mechanisms to protect and monitor your running services. Traditional security practices with tools like firewalls and intrusion prevention systems (IPS) aren’t enough. They leave gaps because they typically don’t provide insight into containerized workloads and the surrounding cloud-native context.
Additionally, runtime visibility can help you to improve your shift-left practice. Once your containers are in production, a feedback loop to correlate issues discovered in runtime back to the underlying code helps developers know where to focus. Static security testing can also be informed by runtime intelligence to pinpoint what packages are executed inside the containers that run your application. This enables developers to deprioritize vulnerabilities for unused packages and focus instead on fixing exploitable, running vulnerabilities.
The goal of every cybersecurity program should be full lifecycle security, which is what we provide.
Beyond the solution itself, we support our customers with our Customer Success team, systematically involved in the deployments and of course with all of our partners.
GSM : What is your marketing strategy?
Christophe Baroux : Software has changed the world, and we are now in the next phase with cloud-native application development. Companies must move to the cloud to avoid being left behind. However from a technology evolution perspective, it’s not that simple, companies are still in the early stages of their cloud adoption journey. There is still so much education and learning that needs to take place, and security is arguably the biggest gap.
With that in mind, you will find everything we do is education first. We are focused on helping companies understand how they need to change their approach to security in the cloud vs on-prem. We approach the industry this way because of our open source roots. The community comes first.
Our blog displays high-quality educational content on cloud security. We have a research team - Sysdig Threat Research Team – which is made up of machine learning and threat research professionals who have a network of deployed honeypots, helping us to understand how attack patterns are changing. We also launched Learn Cloud Native, a educational hub. You will find us at global shows and industry events giving talks and sharing best practices. You can also find us on Twitter, YouTube and LinkedIn. We host weekly webinars and we put out annual industry research reports, including our Threat Research Report late last year. Sysdig will attend some key professional events such as ITMeetings in Cannes, AWS Summit Paris, FIC with Exclusive Networks in France and KubeCon EU Amsterdam. We are very busy and as you can see, we try to meet our customers where they are!
GSM : To conclude, what would be your message to our readers?
Christophe Baroux : Sysdig is focused on solving the problems teams need solved. In the current macroeconomic climate, reducing risk while saving money and time is a top priority. I want to highlight two features we rolled out last year.
The first is Cost Advisor within Sysdig Monitor. With cloud costs spiraling out of control, teams need the ability to correlate cloud cost data with Kubernetes workload usage data to optimize costs. Without Sysdig, teams are using multiple sources of information and static spreadsheets in an attempt to understand their Kubernetes costs. They are essentially blind to where their cloud resources are over or underallocated. Cost Advisor enables teams to reduce cloud service provider bills by up to 40%, which in some cases can be millions of dollars. Additionally, Cost Advisor will help teams allocate the right Kubernetes costs to the right teams and eliminate the need for separate Kubernetes cost tools.
The second is Risk Spotlight within Sysdig Secure, which helps teams focus on the vulnerabilities that are most impactful by prioritizing the vulnerabilities that have in use exposure, meaning they are exposed at runtime. As applications are often quickly assembled from public repositories, developers unknowingly bring vulnerabilities from open source packages. Most do not warrant a developer’s attention since they are not tied to packages running in production. Without context, developers find themselves scrolling through thousands of vulnerabilities in spreadsheets trying to figure out which fixes matter. Vulnerability noise hides the true risk, leaving the door open to compromise. With Risk Spotlight, teams can reduce vulnerability noise by up to 95%.
The ground-breaking innovations enhance the capabilities of the Sysdig platform and solve immediate problems that customers face today.
I really appreciate the time today and I look forward to continuing to speak with you and the Global Security Mag readers!