Cloud developers can fix the safety of run time

Developers are growing. Application Application Applications Developers with coding in their selection language, and on their selection platform, in the context of the preferred integrated development environment and through the mechanical application methodology. While some or all these factors may be governed by the group in which they are in and thus become less personal decision, there is a general concept of freedom to be, especially when it comes to using open source tools.

As Laissez-Faire as all of this is heard, developers are also aimed at a number of system management responsibilities that need to happen to ensure that the “Uptime” is maintained and users take functionality from the applications and data services to work or even play.

At the point of the cloud Runtime

While all mechanical software groups of any reasonable size will have a special security team (and the smaller ones obviously will not always have this luxury), the rise of cloud computing and the Kubernetes container orchestration platform has set more than the control of the cloud development engineer. Because the cloud and containers move so quickly (some “rotate” to existence for simple minutes), the safety issue must be moved to the execution point of the application, that is, the point where an application is actively performing and making calls to the resources surrounding it in the embedded environment.

But how do developers know what to work on security corrections today? Traditionally, this has seen them receive a list of issues from the IT security team (almost all without environmental or applications) and then try to work through a logical reverse engineering process as they try to understand what is happening in any particular cloud.

A new route to the root

This could mean that you work through thousands of items covering different software libraries, different cloud containers, different data supply and different third -party plugins and much more. What developers would like in these scenarios is one way to find the main cause of safety issues and to be able to prioritize actions to restore system health. But cloud computing has changed some basic basic elements, so what route do we take to get to the root now? Real -time security tools The company Sysdig has many opinions to share here.

“Sysdig was founded to solve a problem. This problem was the question of how we do we observe when we cannot see a package [a chunk of data moving over a network with routing information to tell it where to go] to the virtual and abstract world of the cloud, “he said Alexer LawrenceCloud Security Strategy Director in Sysdig. “We knew it was our mission, because the packages are not lied, but it’s not the old days of networking where we could see network switches to see packages. call It becomes the lowest common denominator and we have access to this information. If I’m on a server on a virtual machine in the cloud, the call of the system is the thing that the package creates. It is the thing that gives the order to write the file. ”

What is a system call?

To define this term, a system call is a interface mechanism between an application and infrastructure governing (often of the operating system core) that allows the application to access memory, processing power, data storage or other services that need to breathe.

Sysdig Lawrence along with the founder and head of technology Loris Risani Say that a system call is undoubtedly a richer source of telemetry from a package ever. This is due to the fact that any software system has “things that happen” without ever becoming a package. For example, suppose an app wants to make a call on a host server in a container. It does not have to leave the cloud container or host to make this action happen, everything happens internally.

“But if we can ‘use’ the call of the system, we can now know that everything is happening in this individual host, so?” But then we had customers early saying, hey, you realize that this has really great consequences for security and not only notice. This is what inspired the company to create the Falco project, which is basically like a camcorder that all things should not happen. acts. ”

An analogy here is similar to being at home and turning the fountain and getting beer or wine from the fountain instead of water, that is, the thing that has the order to do something that would normally expect to happen is to do something we don’t expect to happen. But this is not beer taps, this is now we can call a cloud-native app protection platform or Cnapp for a short period of time.

Falco, as in Eagle-Ayed

The Falco project is powered by rules and all of these rules are written in Yaml software language. Now, a graduate housed under the auspices of the Computing Computing Cloud Foundation, Falco can be described as an open source running platform that allows software developers to find and react to suspected behavior in linux containers and applications. Falco was designed, designed and manufactured to work with Kubernetes, but his bullet and jurisdiction are not limited to Kubernees. This means that it is also able to deliver performance security monitoring for other container orchestra platforms and autonomous containers.

“Falco’s journey is far from the end, as cloud-native safety threats are being completed, Falco is evolving to meet them, although the growing synergy between Falco and Stratoshark. [a software tool built by the same team that created Wireshark, which analyzes system calls and log messages]. Together, they lay the foundations for a new security standard – one where detection, research and response are perfectly unified, “Degioanni writes on his company’s blog. Falco is facing this with the modernization of the stack, making safety more automated and easier growth.”

It supports a final note indicating that Falco and Stratoshark will pioneer in a Kubernetes (KDR) detection and response approach. Then we will see stricter integration between tools, automated forensic work flows and cooperation between Falco and Wireshark communities to redefine the safety of open source running time.

Our immediate future, self -care of developers

Where companies like Sysdig get us are in a future where software developers take more direct control of the system’s system and health from the first authorities. While the perception of perception is that developers are more interested in “cool functionality” on the road to creating the next murder application, they are in fact very interested in managing virtual clouds.

“The assignment of where we are today, there are sellers who specialize in detecting and responding to the software system (think of this as a security camera in your home) and there are sellers who offer security management technology (a broader angle view in a stack of it) lose your belongings. “Our platform is now sitting at this widest point where we can offer users the most accurate visibility in their cloud stack as quickly as possible … a combination that is now authorized and accelerated with AI services. Accurately, quickly and in the most effective way.”

We live in a world where the security of the software system tries to be more automated (through artificial intelligence yes, but also through an automation at the system level that we will probably not classify as AI), more hands and more self -care. It is a large part of it because we were able to talk so much about the so -called devops as the marriage of joint responsibility between developers and business staff. The concept of mechanical platform and technologies without agents followed the example for the same reason.

Will we still need security teams in the future? Yes, obviously, they may be able to spend more time refinement and finishing tools on platforms such as Sysdig than chasing vulnerabilities and attacks. Everything is much more granular to the calculation … and, in terms of users’ security, the fine -grained is ok.