DeepFactor is honored to have an article that covered one of our speaking sessions, Breaking News: DevSecOps is Broken Without RUNTIME Observability, published on InformationWeek.com.
Each year, 8,000+ developers, engineers, software architects, dev teams, managers and executives from 70+ countries gather for DeveloperWeek (conducted Feb 17-19, 2021) to discover the latest in developer technologies, languages, platforms, and tools. "When it comes to technology, there’s incremental change, and then there’s fundamental innovation. Developer technology, from blockchain and artificial intelligence to big data and quantum computing represents fundamental innovation that people can build on for years. We are in the DevTech Age, where developer technologies and tools are now the most disruptive and fundamental technology innovation in the marketplace. When you build tools for developers, you are not just implementing a small incremental use case, you are building platforms, frameworks, and APIs that will enable entirely new web, mobile, and IoT innovation." Read more about DeveloperWeek here.
DeepFactor's Presentations at DeveloperWeek:
Breaking News: DevSecOps Is Broken without RUNTIME Observability
- Speakers: Dr. Neil Daswani, Stanford Advanced Cyber Security Program, Co-Director; Kiran Kamity, DeepFactor, Founder & CEO; Mike Larkin, DeepFactor, Founder & CTO
- Abstract: This panel of RUNTIME observability and security developers and experts will discuss the what, why, and how DeepFactor’s Continuous Observability platform:
- Automatically observes more than 170 parameters—across system call, library, network, web, and API behaviors in every thread of every process in every running container of your application—and detects security and compliance risks in your CI pipeline
- Detects insecure behaviors that only manifest at runtime and cannot be caught with code scanning or just looking at known CVE databases
- Reduces alert volume by prioritizing the findings of your SCA tools with runtime insights from observability tools
- Empowers Engineering leadership to accelerate productivity and decrease mean-time-to-remediate (MTTR) security and compliance risks pre-production as their teams ship secure releases on schedule
- Takeaways: You’ll leave this session armed with the knowledge to immediately leverage continuous observability to consistently deploy apps with confidence.
- Email Amy for access to the recording.
So You Think You Know the Behavior of Your Containers? Would You Stake Your Job on It?
Abstract: You’ve developed a fabulous application in a container/Kubernetes Continuous Integration (CI) pipeline. The application works like it should, and the static scans look secure, but, is it actually operating securely? Are any 3rd party components you’ve integrated doing something they shouldn’t be doing? How do you know?
To be confident about the behavior of your app, active inspection of running binaries within a container, utilizing live telemetry is key. Pre-production observability enables this by filling the gaps that static code (SAST) and dynamic external inspections (DAST) don’t cover.
During this technical session, you’ll see pre-production observability in action and the benefits the solution delivers to developers and their teams. Mike Larkin, CTO at DeepFactor, and John Day, Customer Success Engineer at DeepFactor, will discuss a straightforward method to obtain this information from any container to deliver extracting metric data with minimal overhead. This information can then be processed to indicate issues that may affect the unknowing behavior of your container be it security, performance, or operational intention.
Takeaways: You’ll leave this session armed with the knowledge to immediately leverage pre-production observability to consistently deploy apps with confidence.
Click here to watch a replay.
DeepFactor Founder & CEO, Kiran Kamity's, Key Takeaways
I attended DeveloperWeek as a speaker, attendee, and booth staffer, which gave me a 360° experience. I focused on the sessions in DevOps Summit, Containers & Kubernetes & Cloud Security. The overall conference experience with the virtual platform was nice—within the same tab you could attend sessions, ask questions, and speak with the booth staff. But, I certainly missed the physical booth & face-to-face interactions and relationship building. Sessions were informative and education for the most part. I noticed that there was a lot of discussion around enabling DevOps in organizations(while we "Silicon Valley types" take it for granted, there are several companies that don’t have even CI yet!). I am always drawn to new technologies - and observability, security, and technologies like fuzzing were certainly among the up and coming technologies used in the context of DevOps. Honeycomb's session, "Observability for Software Teams", demonstrated using observability for performance troubleshooting. We [DeepFactor] demonstrated using Continuous Observability for security & compliance insights, and some other startups talked about using fuzzing tools to identify bugs in web/API layers of apps. The booths were generally busy. DeepFactor’s booth was packed with a lot of attendees—almost 500—throughout Thursday and Friday.
DeepFactor's Customer Success Engineer, John Day's, Key Takeaways
Out of all the virtual events I've attended since the beginning of COVID, this has been the most interactive session out of any of them. Being an engineer, having a virtual event feel like an in-person event made it that much easier to engage. I attended sessions such as, "Recipe for Doing Devops within Your Enterprise with Kubernetes" presented by Salesforce and "GitOps, Kubernetes, and Secret Management" presented by CloudBees. Both sessions reinforced the need for understanding what's happening inside your containers. Being inside the application allows us [DeepFactor] to observe behaviors with more semantic knowledge than other techniques (sidecars, eBPF programs, etc.). GitHub and GitLab have introduced dependent module vulnerability scanning services as part of their enterprise offerings. But these checks are performed at the source code check-in time; what happens if your code is dynamically importing something from a container’s base image or from the base operating system? This is where DeepFactor provides the missing piece with runtime visibility.
And, since we have such a strong car analogy that makes the point about the need to test-drive running code, we were able to draw large crowds during our speaking sessions and at the booth to learn more about DeepFactor's Continuous Observability platform. I think that having a “live” booth where we can chat with the booth visitors in real time is the best way to interact with potential customers with different roles - from developers to the AppSec teams to Engineering leadership. I look forward to participating again next year.
*Looking at a parked car is different from driving it. Similarly, scanning the code or executable is different from observing a RUNNING application.
DeepFactor gives you peace-of-mind knowing that you’ve created a framework for the AppSec teams and dev teams to work together in harmony. Engineering teams will be shipping faster with decreased alert fatigue and fewer security risks; across the board, productivity will skyrocket.
DeepFactor enables your organization to have a ‘security at the source’ mindset by allowing application security to START left. You no longer need to choose between shipping fast versus secure to production—DeepFactor empowers you to deliver both with confidence.