At RSA 2020, the team from Digitial Anarchist media sat down with Keith Mokras, technical marketing engineer at Palo Alto Networks, to discuss how containers are shifting security, why DevSecOps has grown to fill those gaps, and why cloud native tools need cloud native security. |
Transcript
Alan Shimel:
Hello everyone. It's Alan Shimel on Digital Anarchist Network. We're live back here on Broadcast Alley at RSA Conference. We're in the Moscone West building though you can't see it, you just see our background. Our guest and myself, we just see people coming up and down escalators here, busy buzzing around from one session to the next. The weather's been beautiful in San Francisco this week. The sessions have been great. We kicked it off Monday with DevSecOps Days. I thought we had some great sessions, just talking to Keith about it and we're here now covering what's going on. Our next guest is from Palo Alto Networks, part of the Prisma team.
Keith Mokris:
Correct.
Alan Shimel:
Keith Mokris-
Keith Mokris:
Mokris, yep.
Alan Shimel:
I try Keith.
Keith Mokris:
No, you're good.
Alan Shimel:
Hey man, welcome.
Keith Mokris:
Yeah, thank you so much for having us Alan.
Alan Shimel:
So Keith, as I guess a lot of our security people know, maybe not any of our DevOps folks, Twistlock was sort of the one of the original container security companies. They were, I think really the first company that I met with that was really focused on container security. Of course they were acquired by Palo Alto—it was about a year and a half now?
Keith Mokris:
Really only eight months-
Alan Shimel:
Was it?
Keith Mokris:
... although it feels much longer.
Alan Shimel:
There's, like in any kind of merger acquisition, after about six months you see a transitioning, and now sort of the Twistlock line is now called Prisma.
Keith Mokris:
Yeah, Prisma Cloud-
Alan Shimel:
Prisma Cloud is part of Palo Alto. But it's more than just a name change. One of the things we're seeing is that the ... It's not enough just to do container security anymore. We're really seeing a transition to cloud native security.
Keith Mokris:
Sure.
Alan Shimel:
So what are we, when we talk about that, what do you think? What do you mean? What do we mean?
Keith Mokris:
Yeah, so we had this view at Twistlock that we've certainly been using at Palo Alto Networks, where we talked about the cloud native continuum. Essentially organizations have more infrastructure options than ever before for building and deploying their modern applications, or even for running them in a lift-and-shift type of scenario. So containers are certainly one of the bedrock components of that. But you also have associated technologies like Kubernetes, these other container-like on-demand PaaS platforms like AWS Fargate, Microsoft ACI and Google Cloud Run, where you're running your event containers in a very event-driven way.
Keith Mokris:
Then even on one end of the spectrum, you're running cloud VMs as cattle rather than pets like you would in the data center. Then of course serverless is obviously a key part of cloud native platforming today.
Alan Shimel:
Yeah, so there's all of that. Then look, when we look at, even just looking at CNCF and Kubernetes of course is a big piece of that. But there is, I forget, what is there seven or eight or nine things, like Helm and the service mesh stuff, Linkerd and these things. When we look at the stack today that people are running, and a lot of them are running them on top of VM. Some are running them on bare metal, but on top of VMs.
Then you have your container Kubernetes ecosystem that includes things like mesh and Helm, and all of these other cloud native pieces of the stack. It very much is a new stack. You're looking at someone who, I remember when TCP/IP wasn't part of Windows, for instance. You had to have Linux. That was one of the big reasons to use Linux. It had TCP/IP data. So we're seeing this new stack develop and it needs security. Right?
Keith Mokris:
Exactly.
Alan Shimel:
Just saying, "Well I'm just going to secure the containers," that's not enough anymore. We need ... We're doing microservices and the more microservices you add, the more you realize you need a mesh to handle the micro service, and we've got to secure that. It's also a great conduit for security.
Keith Mokris:
Well, and this is something I think we pick up with every DevOps or DevSecOps event that we work on with you, is that developers and DevOps teams are really the ones driving all of this innovation. Infrastructure teams want to make them as happy as possible. There's a lot of organizations we work with, where they tell their Dev and DevOps teams, you pick the compute option that's going to work for your app on AWS, GCP, Azure, or even on-prem, and we'll find a way to secure it. So that's where we've really wanted to expand as a full Cloud Native Security Platform beyond just containers.
Alan Shimel:
Yep. You know Keith, I've come up with this concept I call the multi-verse. Right?
Keith Mokris:
Sure.
Alan Shimel:
Because today there are a few companies who say, "Look, our whole thing's on AWS and that's it." Most companies today, it's beyond hybrid. It's multi-versed. They'll have some stuff back at the data center, some stuff they'll put on AWS, they may put some of their Kube stuff on Google. There have some very specific stuff that Azure does well. They put it on Azure, and so there's public, there's private, there's open, there's closed. For you guys, that's ... Look, Palo Alto has been doing security a long time, but that's a challenge, right?
Keith Mokris:
Exactly.
Alan Shimel:
Because you've got to, as you mentioned, we live in the age where the developer is the alpha predator-
Keith Mokris:
Sure-
Alan Shimel:
... on the list. He or she are going to pick where they want to ... what's the best location for this application or code, and now "Hey man, you make it secure? Right? Give me the tools that help me secure it no matter where I put it."
Keith Mokris:
Sure, and in this multi-verse, as you've put it, one of the big challenges is how do security teams get any sort of consistency?
Alan Shimel:
How can you?
Keith Mokris:
How do I know that an application on-prem, how do I instantly get just visibility, but compare that risk posture to an app I'm running on EKS on AWS for example? That's one of the problems that we're really committed to solving.
Alan Shimel:
I mean look, if it was easy, we'd all do it. Right?
Keith Mokris:
[Laughs] Exactly.
Alan Shimel:
But that's your job, you've got to do it. It's a constant fight. Or not a fight, but it's a battle, and it's an evolving battle too, because things change as we go, as well. Next thing I want you to talk about was something that you mentioned briefly and that is the, we got to make tools better for our developers. There's security tools. Security people need insight, but developers are using them and we got to make it better for the developers.
Keith Mokris:
Sure.
Alan Shimel:
That again is a challenge that we got to work with here. Right?
Keith Mokris:
Yeah. I think one of the evolutions I've seen that's really exciting is we're starting to see security teams understand that they need to know more about all of this cloud native tooling. So some organizations that I think are really mature and visionary are having their security teams sit within or near the development and DevOps teams. I love that approach, where it's not about tooling, it's about knowledge and information sharing and education. Ultimately as everyone knows, if you can't provide tooling, and again all of the integrated mechanisms, developers aren't going to use it.
Alan Shimel:
Agreed. Agreed. Agreed. Let me talk a little bit about RSA.
Keith Mokris:
Sure.
Alan Shimel:
So you were at DevSecOps Days on Monday. We spoke off camera about it. I thought it was a great day, full of some great sessions. What about the conference itself?
Keith Mokris:
Yeah, I mean I think one of the things that's really incredible is how many organizations are talking about a cloud security strategy. When you think about all of the different topics that you can address here, it's exciting to see how RSA is really evolving to focus a lot of its time on cloud, as much as it's focusing on a lot of threat research or threat intelligence, and all of the other topics that organizations are challenged by. Identity is a huge challenge for organizations that are growing and understand they have a ton of endpoints.
Alan Shimel:
This multi-verse thing is going to make identity blow up, because I got to keep my identity on Azure, Google, Amazon, back home, somewhere else and AD does go across all of that. AD was a double edged sword. With Active Directory, we didn't really ... We were able to handle identity because it was an AD-centric world. We're moving away from that a bit, more than a bit, and that's going to, it's going to open up a whole 'nother bee's nest of stuff. But yeah, it's really coming.
We're almost out of time. First of all I want to thank for all Palo Alto is doing in the DevSecOps space. They went out and acquired Twistlock, but they allowed the Twistlock team to really...a lot of times, you know what they say about acquisitions, you got to break a few eggs to make omelets. But this is a case where it really worked out well, because the Twistlock, now Prisma, team has really been able to spread its wings.
Keith Mokris:
Definitely. I mean, Twistlock is just one piece of some of the recent acquisitions Palo Alto Networks made. Evident.io and RedLock are two other leading teams.
Alan Shimel:
Yes, I forgot.
Keith Mokris:
PureSec is another that we've all brought together as part of Prisma Cloud, and we're excited to continue to be a big part of this DevOps world.
Alan Shimel:
Where can people get more information on Prisma Cloud specifically?
Keith Mokris:
Yeah, so PaloAltoNetworks.com and then head on over to Prisma in the dropdown.
Alan Shimel:
Very cool.
Keith Mokris:
Awesome, thanks so much Alan.
Alan Shimel:
Thank you so much. Palo Alto Networks, Prisma Cloud team, here at RSA Conference. We're live on Broadcast Alley. This Alan Shimel for Digital Anarchist Network. We'll be right back.
