Live Q&A: Building an Open Cloud Platform

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] okay so it's time for the q a and uh joining me again back is philippe so philippe and i are going to take any questions that you have please make sure that you leverage the interface that you have on the browser to send in questions we're already getting a bunch of questions and as i look through them there's a lot of technical questions more in depth around edr etc i think one of the questions that i can see here from brendan is uh when did qualis start the journey around the open platform and uh what are the challenges uh that you faced around that so maybe philippe you want to start off with that yes you're going back in time so in fact we started like at the time when in 1999 this is when we started with the lamp protocol linux apache mysql and php and we really started that we're expanding the capabilities with our release 4.0 if i recall we started to realize that the technology was not at the level so that we really needed to essentially re-architect so that was i don't recall exactly when that time was probably i think maybe assume that you remember uh maybe but i think it was around 2006 yeah i think so and so and then we realized that we had to re-architect so and at the same time what we had also is this new technology coming out finally which could help us significantly uh you know get away from that lamp protocol which of course was very early and limiting us so the release was becoming harder and harder and so we made the decision and then of course what we realized is that the challenge to re-architect because when you have a cloud model to do that re-architecting it's not obvious it's like i used to say at the time you know moving changing the the the engine of your car from uh four cylinders or eight cylinders to 12 cylinders while you are driving at 150 miles an hour on the run on on the highway very hard to do so we learned how to do that and then we realized that it was very difficult for us to essentially find the talent in in in the silicon valley because that talent as i mentioned in my presentation was essentially sucked by the google the facebook etc so we made the concerted effort then to really go to india and where today we have 900 people and this is what essentially so we were really in full in full in 2012 this is when we essentially started uh our operation in pune in india and which has been a huge success now we have 900 people and significant talent so as i mentioned again in the presentation we went for the talent and then we discovered the cost to give you an element of the big advantage we have is that today we spent 17 of our revenues in engineering but yet if we were to bring all these people into the into the us it would be 43 percent of our revenue that we'll be spending in engineering so this is what has allowed us to essentially drastically expand our platform as you have seen in the presentation of cement and i will add to that is that in addition to the technologies maturing and being available one of the other impetus was that the realization a few years ago that cloud and containerization as these technologies started to come you realize that i t is accelerating so if you are building a platform that is not open that is very focused on one specific use case then you will not be able to quickly address anything new that comes up right five years ago or 10 years ago maybe you wouldn't have even known about container security so the goal here really has been to create a platform where we can very quickly add any new technologies that it brings up and bring them into the platform and so that's what is really going to help expand so that way if it's not a purpose-built point solution that only works for that one thing and then when something new comes up in technology then we will have to kind of go and and rush for it so uh related to uh to that uh there's there's a few questions that are coming up is uh what kind of sensors does quality support so i think as i mentioned in the presentation uh the whole point of building this platform to be open and scalable is the idea of bringing in large amounts of data from any kinds of sensors so today there's a big debate about agent-based versus agent-less technology and i think there's really no point in that because you need to be able to bring data from every possible sensor so today we support cloud container on-prem mobile sensors cloud connectors etc what's what's key really and that has changed as i mentioned in the presentation is the move towards leveraging those sensors to also be able to perform response actions uh because now what really with the pace at which it's changing you need that ability to be able to quickly respond to any changes that are happening in the environment and we cannot continue to have again a whole different set of sensors that is being used for the response actions let me see what other questions are coming in um so philly probably this question is for you from jonathan why why did it take the industry so long uh to move to cloud for security um purpose uh using the cloud for security purpose yeah i don't know that that's a that's a question again we go back to our journey when we came up with that idea essentially which was not our idea said souls.com in fact was born as well in 1999 so that idea of building this sas or cloud-based application that was not really new which was new here is for us to apply that to security and so in the beginning everything was fine because we were essentially looking from the internet at your internet-facing devices so having a cloud model made a lot of sense so we started to really get some very good customers but then of course the problem changed because now of course the our perimeters were becoming more and more porous and now we have to go and look at the inside of the company we had learned by then that the cloud architecture was absolutely giving us the scale giving us the accuracy so there is a lot of advantage to that cloud model so we scratch our heads for about six months to try to see how could we scan the inside of a company from the outside and we came up with that notion of essentially taking one of our scanners which were in the cloud and then making appliancing them if i could say that and then having them now installed inside and then dialing out so we didn't need to punch a hole through the firewall and to our biggest surprise we saw a lot of pushback and uh why because the security people at the time and rightfully so we're absolutely questioning the security of the cloud and i say i'm not very comfortable to see my vulnerabilities being now someplace in the cloud where i don't know so with significant resistance from the security people and we try to essentially of course to secure all that data we try to explain you know all the security measures we were taking so it took a certain number of time to essentially have the security people realizing that hey but by the way having our data in the cloud is not as bad as we thought and especially when we were speaking about scale so what we saw very quickly and i think salesforce.com went with that same realization that in the beginning they thought they had more of an sme smb market but certainly the large corporation were adapting them because they could deploy so our first large deployment was with dupont uh in the 40 different locations in the world so we're fedexing the scanners two two days later they were arriving any monkey like me could install that in five minutes and then suddenly you had all that visibility and scalability that's what allows us to have as of today 70 of the of the fortune 100 which are using qualis because of that scalability so that's the way we essentially moved into uh showing customers that the cloud was in fact a highly scalable solution but it still took time it's about two years ago that we saw that suddenly the mindset changing that suddenly security people were realizing that after all in fact it's easier to secure the cloud solution than it is to secure that network where you don't know what you have you don't know what connects to what when in the cloud in fact you have that a better view of your assets and what you need to secure and then you can build security in the cloud which is what we have done now with companies like google like azure like amazon etc which is our platform to essentially secure their own cloud infrastructure so that's that's our journey and i think today definitely you know the the mindset has changed and we see more and more adoption of the cloud but then as i mentioned earlier you've got to secure both environments the old one and the new one and you need to do that as seamlessly as possible because again the old one connects with a new one etc so you have now that massive uh network or computing environment which is becoming you know pretty complex all right thank you philippe for that um there's a question here from uh amy about uh as the qualis platform is now growing are we going to support the uh mitre framework uh i think that's a that's a pretty good uh question because when you start to collect data from so many different types of infrastructure there needs to be sort of a common framework in which you can map what's going on through the environment and i think mitre attack framework provides a very very uh comprehensive capability and so as you will see in the demo from kunal as well as travis is going to talk about this in his session uh our teams are doing a lot of work not just uh in terms of mapping uh the ttps to the various data points that we see from identifying an attack perspective but we're actually going a step beyond that to actually map mitigations to the individual ttps as well so what does that mean in in addition to leveraging mitre framework to track if a particular uh signal is in progress where an attack or a discovery or lateral movement is in progress by being able to map the mitigations you can actually work towards preventing those various ttps from being actually exploited because we can now see that if you apply these patches if you fix these misconfigurations then you are going to have much better protection and you saw that in one of the examples that shalish had in terms of being able to have a uh in terms of being able to have a policy out of the box that gives you best practices that can help reduce the potential of a malware or ransomware attack uh taking place in that organization so yes that that's a a big area of focus for us uh and uh you will see a lot more uh coming out next year and our our research leader travis is going to talk about this i think on the thursday session so definitely i encourage you to go look at that let me see what else really is this the same agent what is the cpu utilization with all the modules enabled so yes it is a single agent and that's where we have put a lot of effort and it's all about the architecture i see another question related to that other when vendors have multiple agents under the hood so in terms of quality architecture we have taken that additional effort to ensure that the architecture is done in such a way that that single agent that single binary is able to collect all of the data um that is changing on the machine and being able to push that back to the platform so that all of the analysis that we do is done on the platform side and that architecture which is really a seamless cloud-based architecture helps us in the direction of not having to install different binaries because uh the agent is not doing any processing really on the end point all it is doing is collecting the data looking at the changes and pushing them up to the platform so uh yes the agent today is really a single binary that is uh doing asset inventory patch management vulnerability assessment configuration assessment um as well as file integrity monitoring edr and soon as you will see in some of the upcoming presentations the response action capability in terms of uninstalling software uh as well as taking action on uh executing custom scripts will be something that will be supported by that single agent um we have a question from emily um so you talked a lot about point solutions in the cloud so i think this is referring to philippe stock uh there are other vendors who are also providing cloud-based uh solutions now more and more how do you differentiate qualis and what qualis is doing around that so i think i'll answer a little bit and then probably philippe can jump into that but really what what we see right now is the big difference between a uh natively built single platform versus a combination of multiple different cloud point cloud solutions that are potentially acquired to uh to try to kind of beef up the portfolio so to say but they don't have any native interaction between them so philip i don't know if you want to add something to that yeah maybe what i will add is that to what sumet said is that if you look today for example you could go to amazon or google or azure and you could build you know take one of your enterprise solution and really rebuild it in this platform now the problem with that is that nothing wrong of course with these platforms but the problem with that is that if you take the security angle is that if you really want to build yourself if you want to really build a true platform then you have to really architect that and it takes significant amount engineering efforts so uh we took the path at qualis a little bit different was to really create the back end ourselves and make that back end totally portable so then we could not only have our back end in these private cloud in these public clouds but we'll also have the same instance of the code that we could deliver as a private cloud and that required significant engineering effort but also the big advantage is that all the applications that we're building on the top of that are totally native to that platform and it's much more difficult to do that in these public clouds because now you depend on some of these so you have an advantage because you don't have to build infrastructure etc we want bare metal for example everything is micro services so we put a huge engineering effort that you have not to do as much but on the other hand you're also limited by the functionalities that these private that's public clouds you know offer you so again building a very extensible cloud platform is not a walk in the park because you need to build that with scale in mind and cost in mind because it turns out that these platforms is this public cloud platform can become extremely expensive and that's what we see with some of our competition for example which are using this platform to provide edr and edr absolutely it generates so much information that you need to absolutely you know manage and store but also you need to correlate that information with other applications you know to get a better context and again as i mentioned earlier to eliminate or reduce significantly your false positive because without that you could your financing etc becomes extremely extremely complex and very expensive the next question is around hold on i'm going to make sure i get the right question so i patching from qualis has helped us to a certain extent but fixing things goes beyond uh just patching what is qualis doing to help us in additional ways of fixing issues i think that really reflects the reality of uh what is going on today so i think patching and reducing the time to patch has helped significantly uh but as you saw in some places through my demo and there will be a dedicated session by our product manager iran around this during the patching session we're going to talk about the expansion into more of a remediation console rather than just patching which means we bring the ability not only to patch but to deploy configuration changes because sometimes you cannot patch or maybe patching is not the answer sometimes you not want to be able to fix push some configurations out uh in other cases you may not be leveraging the software so you may just want to uninstall that in some cases you want to be able to talk to some third-party solutions to be able to quarantine or revoke access etc so what what you will see uh early next year is that we will expand the patching capability more into being able to provide a more holistic remediation console which basically allows you to take multiple different potential actions and which will be recommended based on the asset so that it can be much more streamlined in terms of fixing issues and being able to generate reports that showcase what mitigation steps have been taken to ensure that those issues are fixed okay uh another question is qualis fedramp compliant yes so the qualis platform is uh fedramp uh compliant and we are fed ramp moderate right now as we are continuing to work towards a job certification and uh fedramp high as well uh hopefully uh sometime next year but it's been a very interesting learning curve for us and what that has helped us is that a lot of other organizations uh as you will see in uh one of the customer sessions with informatica who are moving towards fedramp are leveraging qualis as the fedramp platform and so because of that we are really able to uh share in the product the experiences that we have had in terms of fedramp compliance and uh what the organizations can do to be able to uh achieve that uh compliance with the built-in dashboards which cover many different aspects of fedramp that are directly available through the platform uh and there's a lot of other things as well when it comes to just the the federal government and the various areas that we are working on and covering as well um there's a question from josh uh so there's a lot of terminology uh xdr sassy new things being being thrown out by the different vendors uh what is qualis take on these uh technologies or these buzzwords um so see i think these words really they are you know xdr or sassy or whatever it is really come from a certain need that customers feel uh if you take example of xdr customer feel like there is a need to be able to have a single platform that can do all of the data collection the data correlation prioritization and the response actions so that they don't have to go and deploy multiple different vendors to do that and i think that's a real need and nobody really has a complete platform that covers absolutely every aspect of security but there is that push for consolidation that has been going on i think unfortunately uh vendors jump too early on these buzzwords sometimes from a marketing perspective even without having that functionality and try to create a market or a segment there and i don't i don't think that really does service to the overall industry as such but uh the ultimately all of these really come down to you know if you take the example of sassy it's it's really about trust and you know trust can only come when you have a complete visibility of that portfolio so a lot of times these solutions are more like security gateways in the cloud and while they can control the access they really need additional information from maybe agents or other solutions that can provide them real-time up-to-date assessment of the user assessment of that particular device and i think that's really where that open platform that philippe talked about comes into play uh because no single vendor can actually provide all of those capabilities at least as it stands today um i don't know phillip if you want to add something to that no i i think you said it very well i think at the end of the day there's a lot of buzzwords out there which creates confusion uh some of these buzzwords like casby for example turned out to be a feature uh so trying to build the company around uh around a feature is obviously very short-lived and then your only exit is to try to be acquired by somebody because of course you that's not enough so at the end of the day it's always better to i believe take the approach that we have taken that qualities we are not very buzzword savvy if i may say so we essentially i used to say it's not good enough to be good you need to tell but again you don't want to tell too early you don't want to take too late as well so i think it's just making sure that we communicate what we're doing with our customers we get the feedback and whenever we say that we've got something that we have it and it works all right so um the next question is around the cloud agent uh does qualis cloud agent also deploy in the cloud and what is required to make that happen uh i i think that's a that's a pretty long answer to that and if you attend uh the sessions on the cloud and container security with budri and alex we will go very in depth into showcasing that but you know cloud has really provided very interesting capabilities in terms of automation uh this is again something that you will see in the presentation by informatica as well as they talk about leveraging ci cd pipeline uh to ensure that the agents are directly involved are directly installed onto the amis so that way you can ensure every single instance running in the cloud has that particular agent uh built in and then it just becomes easy and again to help in that direction one of the things that we have done is ensure that deploying the agent does not require you to purchase any licenses from quality so with the asset inventory capability that agent can be put in the ami and that agent can bring up uh that as ami can bring up as many instances as required and you can use automation to decide which quality modules can be enabled on which uh agents as well now uh there's no one single way to do this uh well there's many different ways to do this and that's where if you look at the cloud and the cloud providers we have a lot of scripts available in github from qualis in terms of how to automatically install the qualis agent in aws but if you see that with azure that's gone a step even further because with azure security center uh you as a customer don't even need to install the agent uh yourself uh it's built in through the azure security center interface so just with a single click of a button uh that agent can be automated so that every single ami coming up in that account you can have the agent already built in and we have done some similar integration with uh with aws with with gcp as well and we're working on providing this sort of a simplified capability uh you know without any friction uh across different uh other cloud platforms as well so again that that agent uh is something that needs to be lightweight and real time to run in the cloud because if you have five different agents and each of them is taking five percent cpu you ultimately end up having to pay a huge amount in additional costs just to run your security agents you know which adds to that aws uh or your azure bill and so that's where having a single quality agent has architecturally helped quite a bit to consolidate the different capabilities uh in that single agent so maybe sumana could add something you know to what you say sure just to a little bit demystified all of that so today we're used to the terminology of agents and the reason why we call our agent cloud agent is because you cannot disassociate the agent which is a little piece of code that you put on the on on devices or that you put in your in your in your images and you cannot desaturate this associate that from the cloud because the cloud this is where all the computing power is taking place the analysis of these agents so this is an architecture you have to look at that as an architecture and what is interesting as cement mentioned when you take such an approach on an architecture you realize that you don't need to have a very big agent because most of the computing power if not all of the computing power in fact is done so that's really an architectural complex and the challenge here is that scale we have today more than 50 million agents out there and when you look at the data they bring back to the platform is absolutely outstanding so six seven months ago we're indexing three trillion data points on our elasticsearch clusters today now seven months later we are indexing eight trillion seven or eight trillion i don't remember she med this at seven or eight anyway so it's all it's eight so okay eight trillion data points why because all these agents bring so much information because they also give you real time and that's the big difference of course a cloud open cloud platform that's what that platform gives you but you need to have all that computing power in the cloud thank you philippe another question uh pivoting on container security uh there's a quite a few solutions out there providing uh container and container run time but uh orchestrating them them in the cloud environment has been a challenge especially with something like fargate uh how does qualis really help in that direction so that's that question actually uh is going to get answered in depth again when you look at the session that you have from badri and the team uh when we talk about cloud and container security will be covered in depth but uh you know piggybacking on how powerful our agent really has been we took a very different approach for container security which is the ability to embed a small piece of instrumentation into the image so that it goes with every container a lot of the challenges when you talk about orchestrating security for containers at runtime comes from the fact that most of the solutions require a sidecar container or they require a privilege container to be running on every single host on which your containers are running so that you can assess the security of it and of course when you move to solutions like forget or other solutions which is managed container registry there is no host so you cannot have a runtime container and that really becomes a challenge so uh the way qualis approach this is is uh taking what we learned from our agent and being able to embed a piece of code uh as part of the instrumented image which now ensures that every single container even though no matter how short-lived it is is carrying a qualis uh agent which is communicating with the platform and can take all of the instructions needed and that way there is no dependency on a sidecar container so that way all the telemetry no matter that container is running in any cloud on docker on-prem wherever it is the same policy can be pushed out and same policy can be applied so we put a lot of focus on ensuring that that particular aspect is seamless and easy to use so um i think we are at the end of our time it's a lot of very interesting questions have been coming up so thank you very much for that please do keep sending the questions uh qualis uh product management engineering teams are responding to a lot of those questions those we were not able to cover here um i will take one last question uh that came in from ravi and uh i think it's probably for philippe to say what does the future hold for us when it comes to cyber security i think if you want to take a make an attempt at predicting the future yeah predicting and that's a broad question but i think again you know we are working very close with our customers there's nothing that we start at qualis without having what we call design partners which are some of our customers which really understand very well not only what they need to do what they want to do but also the technical side of it so we designed that with us today our next big thing is of course coming up with it with what we call our data lake analytics and sim solution which is entering you know beta uh in fact uh almost extremely soon so those of you who are interested to become beta user please you know uh you know let us know and would be very happy to extend that get your feedback uh this is obviously again that that data lake slash analytics like sim is essentially an extension to our platform so again everything we do at quality is with the coherence of that platform and uh taking by the way integrating different cloud platform is not easy to do because then you have the issue of scale that you need to absolutely solve so i think having that native a plat of that application which essentially integrate natively many different solution i think this is really where the future is and with that again you know thank you very much thank you philippe and thank you everybody for joining us today on the first day very exciting hopefully you enjoyed the sessions in the demo we're happy to give you back the rest of your day but we really look forward to seeing you tomorrow for the vmdr uh sessions a lot of very interesting customer talks as well tomorrow um so please do uh make sure you put that on your calendar and uh join us tomorrow morning to uh attend uh the rest of the sessions as well yeah and thank you yeah oh sorry and please give us the feedback because this is obviously a new a new format so it's very important that we get the feedback where could we improve you know what could we do better for you next time and in fact we're going to do this quality security conference more frequently and of course that's one of the advantages of doing things cloud-based because of course you know we can essentially we're not limited by the space and the booking and all of that we can really create them significantly more frequently again thank you very much thank you have a good day
Info
Channel: Qualys, Inc.
Views: 125
Rating: 5 out of 5
Keywords:
Id: q_djeU46I_g
Channel Id: undefined
Length: 33min 7sec (1987 seconds)
Published: Fri Feb 12 2021
Related Videos
Speeding SaaS Cybersecurity Policy to Implementation
Qualys, Inc.
394
Conversation with PepsiCo CEO Indra Nooyi and David Bradley
The Aspen Institute
709K
Extending VMDR to ICS/OT Environments and Enterprise Mobile Devices
Qualys, Inc.
164
Seamlessly Expand Vulnerability & Patch Management to Enterprise Mobile Devices
Qualys, Inc.
191
Life Lessons From 100-Year-Olds
LifeHunters
23M
Torch Cutting Basics Everyone Should Know | Oxygen & Acetylene Fuel
WeldTube
282K
The Map of Particle Physics | The Standard Model Explained
DoS - Domain of Science
506K
Brad Feld, Founder and Partner of Foundry Group
FINTECH TV
66K
Inside the mind of a master procrastinator | Tim Urban
TED
44M
Why was Facebook down for five hours?
Ben Eater
466K
Chris Hadfield answers questions live from space with the Governor General of Canada
Canadian Space Agency
3.3M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.