AiThority Interview with Ali Golshan, CTO and Co-Founder at StackRox
Know My Company
What is your experience about interaction with smart technologies such as AI and Cloud-based computing platforms?
I’ve been working with Cloud-based solutions for most of my career. The majority of my work has focused on the intersection of security and infrastructure which, over the years, has essentially evolved into Cloud Security. While in both my start-ups I’ve worked with Machine Learning, I think of it in more practical terms, not the way the current Security industry markets “AI”. I don’t believe the security industry is anywhere close to providing solutions the way the sector promotes the use of AI. My measure for the correct use of the term “AI” is to substitute it with “computers”, if the sentence still makes sense, then it’s the right application. Apply this test to a lot of Security Marketing, and it fails the test.
What is your experience with the technology journey and what led you to co-found StackRox?
I’ve always enjoyed building. Initially, it was Legos, when, in my early teenage years, I learned to program, that became a pretty natural transition because I preferred building without a blueprint. I spent the first half of my career working for large organizations and in the government intelligence community. While the learnings were incredible, there was always a blueprint as to what should be built. Eventually, the pull for uncharted territories brought me to the west coast. In 2010, I founded my first company, Cyphort, which focused on the automation of malware analysis and incident response. The company was eventually acquired by Juniper Networks, but I didn’t feel satisfied, because I felt like the journey ended before we as a company could really make our mark on the industry. So StackRox was born!
What is the StackRox Kubernetes Security Platform and how does it help DevOps and Security teams operationalize Security?
Kubernetes, as an orchestrator, is quickly becoming the new operating system for the multi-cloud world and this requires an entirely new approach to Security – coverage for the entire application and container. The key innovation is rather than taking the traditional security approach of bolting security on after the fact, we decided to leverage the core capabilities of Kubernetes to build security in!
The StackRox Kubernetes Security Platform provides full container life cycle security across build, deploy, and run. What distinguishes our platform amongst other container Security Platforms is that we have built-in deep integrations with Kubernetes. These integrations enable the rich context, native enforcement, and continuous hardening needed to operationalize security for DevOps and Security teams. We leverage the context from Kubernetes to provide better visibility, enrich risk profiling, broaden our understanding of vulnerabilities, and manage configurations across the Cloud-native stack. For example, sharing that you have 29 instances of a bad vulnerability won’t help you much instead, StackRox marries that information to Kubernetes information such as whether a cluster is running in test or production, whether it’s open to the Internet, which asset is running in privileged mode, and whether a suspicious process has been launched against it.
All that rich data enables StackRox to stack rank risk in our customers’ environments, so they’ll fix that handful of very serious problems. We also tap Kubernetes for enforcement, so rather than apply a third-party firewall, for example, we ensure Kubernetes is applying the network segmentation policies. This approach ensures DevOps and Security are looking at the same source of truth in Kubernetes, a key element in Operationalizing Security.
What is the state of container and Kubernetes Security technology and how should organizations prepare for the continued growth in this complex space?
According to our recent survey, even though two-thirds of organizations have more than 10% of their applications containerized, 40% of the organizations remain concerned that their container strategy does not adequately invest in Security. Another 34% report their strategy lacks sufficient detail. These data show that companies are embracing containers and Kubernetes rapidly but don’t have the security plans or other details for running these systems in place yet.
The data from our survey shows fast maturation across a number of key areas, including defining a strategy for container security, moving more containerized workloads into production, and robust adoption of Kubernetes. Despite having a greater percentage of containers in production, these organizations have only modestly reduced their security concerns. Worries about misconfigurations and runtime risks persist, and still, too few organizations have a robust security plan in place. It’s clear that organizations are putting at risk the operational benefits of agility and flexibility by not ensuring their Cloud-native assets are built, deployed and running securely.
Frankly, security has long been an afterthought, the last gate before deploying a new application. With containers and Kubernetes, we have the opportunity and responsibility to help developers build good security into their assets right from the start. To operationalize Security effectively, organizations need a container security platform that is rooted in Kubernetes, incorporates DevOps best practices and internal controls as part of its configuration checks, and assesses the configuration of Kubernetes itself so developers can focus on coding. Most organizations expect DevOps or DevSecOps teams to run container Security platforms, Security tooling for the Cloud-native stack must enable a bridge between DevOps and Security.
How large is your product development team? Are you looking to expand in the coming year?
Given the fast-moving nature of the container and Kubernetes adoption and our company’s delivery of industry-leading technology, we are consistently growing our product development team.
Which recent events in “Threat Detection” and “Incident Response” forced you to relook into the technology offered to Cloud customers?
New security vulnerabilities in Kubernetes and well-known exposures on Cloud Deployments have us continually looking at the out-of-the-box security policies we ship that help our customers understand their environment. Our Policy Engine is crucial to customers being able to triage risk and apply controls at build, deploy, and runtime. We’ve focused on enabling capabilities that prevent threats while minimizing noise and alert fatigue. Organizations can set which phase the policies should apply to and what enforcement action you want to apply, from failing a build to scaling service to zero to killing a pod.
StackRox accelerates forensic investigations by stitching together related events to help you focus on the most relevant information. StackRox also monitors process execution, network connections, and flows, privilege escalation, and files launched to identify threats in real-time. The StackRox platform lets you alert on, or block, such threats.
The StackRox platform also applies anomaly detection to pinpoint suspicious runtime behavior and supports a range of responses. You can set our platform to alert on such activity or kill the impacted pods or containers. StackRox provides robust capabilities that make forensics easy. Organizations can use StackRox to drill down into each incident to understand context such as suspicious files or processes launched. StackRox integrates with existing security tools, such as your SIEM or other incident management systems, or your cloud provider’s Security Services such as Google Cloud Security Command Center for incident aggregation and correlation.
Tell us more about your Risk Profiling. How do customers benefit from deploying it in their IT stacks?
StackRox leverages its integration with Kubernetes to deliver deeper insight into cluster details, labels and annotations, privileges, secrets, and network reachability to more accurately prioritize risks. Details such as whether a cluster is running in test or production, the owner of the application, the type of data and secrets accessed, and the network configuration of the deployment (for example: is it reachable from the Internet) all provide helpful context far beyond vulnerability data.
StackRox is the only company today which leverages Kubernetes deployment details to assess risk across an organization’s entire environment and stack-rank their assets to focus remediation efforts. The StackRox Kubernetes Security Platform automatically profiles and prioritizes risk across every deployment to accelerate remediation. Instead of providing a long list of vulnerabilities, StackRox helps organizations understand where misconfigurations or missed best practices increase the likelihood their containers could be compromised.
Along with providing a priority ranking and enumerating the underlying risk factors, StackRox also offers comprehensive investigative capabilities to help address the security of deployments and collaborate with DevOps. By using StackRox, organizations of all sizes can quickly understand risks across clusters, namespaces, pods, and service accounts. Advanced search capabilities allow organizations to easily discover other deployments that might be running with similar risks.
The Crystal Gaze
What start-ups and labs are you keenly following?
I’m working with a few incredible start-ups that are at very early stages, but they haven’t launched yet so I can’t let the cat out of the bag. I can share a bit about the technology areas at a high level. One company is focusing on preventing account takeovers and credentials, which is still broken. Another one is focused on creating a suite of developer tools to enable built-in privacy for IoT. I tend to follow projects and specific technology disciplines rather than specific labs.
I find there is incredible research coming out of the most unlikely places these days, so it’s best to cast a wide net. I’m thinking of groups as broad as MIT Media Labs, Sandia Labs, DARPA, and CERN. They all touch on Security, ML, Analytics, Distributed Systems, and Visualization, so I enjoy tracking their work.
As a tech leader, what industries you think would be fastest to adopting Analytics and AI/ML with smooth efficiency? What are the new emerging markets for these technology markets?
I believe every industry is becoming a software and data company, so the application of AI/ML will be across the board. To be more specific, I see some great advancements in healthcare, automotive, and edge-based computing in particular.
What’s your smartest work-related shortcut or productivity hack?
I batch process my Slack messages the same way I do emails, and I block off large chunks of time with no disruptions to be deliberate about the work I’m doing.
Tag the one person in the industry whose answers to these questions you would love to read:
Alex Watson – Gretel Labs
Thank you, Ali! That was fun and hope to see you back on AiThority soon.
Ali is the Co-founder & CTO of StackRox. Prior to StackRox Ali was the Founder & CTO of Cyphort and lead the company’s research & technical initiatives; he is the original architect behind the core Cyphort technologies. Previously Ali has advised numerous Fortune 100 companies including Google, Microsoft, Visa and PwC. Ali has also worked with Government Intelligence Agencies and Defense Contractors.
StackRox helps enterprises secure their containerized, Cloud-native applications at scale. The StackRox Container Security Platform enables security teams to discover the full container environment and ensure they adhere to security policies, and it detects and stops malicious activity. StackRox customers span Global 2000 enterprises, including in financial services, technology, and E-Commerce industries, as well as government agencies. StackRox is privately held and headquartered in Mountain View, California.