Screaming in the Cloud

Eric Carter of Sysdig joins Corey to tackle the evolving landscape of cloud security, particularly in AWS environments. As attackers leverage automation to strike within minutes, Sysdig focuses on real-time threat detection and rapid response. Tools like Runtime Insights and open-source Falco help teams identify and mitigate misconfigurations, excessive permissions, and stealthy attacks, while Kubernetes aids in limiting lateral movement. Eric introduced the “10-minute benchmark” for defense, combining automation and human oversight. Adapting to constant change, Sysdig integrates frameworks like MITRE ATT&CK to stay ahead of threats. Corey and Eric also discuss Sysdig’s conversational AI security analyst, which simplifies decision-making.


Show Highlights
(0:00) Intro
(0:32) Sysdig sponsor read
(0:51) What they do at Sysdig
(3:28) When you need a human in the loop vs when AI is useful
(5:12) How AI may affect career progression for cloud security analysts
(8:18) The importance of security for AI
(12:18) Sysdig sponsor read
(12:39) Security practices in AWS
(15:19) How Sysdig’s security reports have shaped Corey’s thinking
(18:10) Where the cloud security industry is headed
(20:03) Cloud security increasingly feeling like an arms race between attackers and defenders
(23:33) Frustrations with properly configuring leased permissions
(28:17) How to keep up with Eric and Sysdig


About Eric Carter
Eric is an AWS Cloud Partner Advocate focused on cultivating Sysdig’s technology cloud and container partner ecosystem. Eric has spearheaded marketing efforts for enterprise technology solutions across various domains, such as security, monitoring, storage, and backup. He is passionate about working with Sysdig's alliance partners, and outside of work, enjoys performing as a guitarist in local cover bands.


Links


Sponsor
Sysdig: https://www.sysdig.com 

What is Screaming in the Cloud?

Screaming in the Cloud with Corey Quinn features conversations with domain experts in the world of Cloud Computing. Topics discussed include AWS, GCP, Azure, Oracle Cloud, and the "why" behind how businesses are coming to think about the Cloud.

Eric: The thing about it is that Kubernetes, your app doesn't have to die just because we took a security action. It'll spin up another one.

Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. I'm joined today on this promoted guest episode by Eric Carter from our friends over at Sysdig, where he's the Director of Product Marketing. Eric, how are you doing?

Eric: I'm doing great, thank you. Glad to be able to join you. It's been a while coming, but here we are.

Corey: Indeed.

Sponsor: Sysdig secures cloud innovation with the power of runtime insights. From prevention to defense, Sysdig prioritizes the risks that matter most.

Secure Every Second with Sysdig. Learn more at sysdig (S-Y-S-D-I-G) dot com.

Our thanks as well to Sysdig for sponsoring this ridiculous podcast.

Corey: For those who have not listened to the entire nearly 600 backlogged episodes of the show in exhaustive detail, at a very high level, what is it you'd say it is you folks do over there at Sysdig?

Eric: At Sysdig, we are focused on cloud security and sort of our angle around That is to pull together different practices that fall into that and to also be sort of the kings of runtime. Runtime security is key for us because it's sort of where we started. I think about getting insights as quickly as you can so that you're dealing with threats as soon as possible.

Corey: The last time I talked to you folks, I complimented you on bucking the trend of your website and not featuring AI prominently on the front of it.

Someone viewed that apparently as a bug because now you're talking about the first conversational AI cloud security analyst. What I love about this is you could remove the word AI from that tagline, the first conversational cloud security analyst, and it still wouldn't be too far from wrong. Some of those folks are very good at the technical aspect and not so great at communicating effectively.

It feels like the The evolution the DevOps field sort of went through from being grumpy Unix sysadmin types to having to interface with other people is something the security organization is still sort of evolving through. If I look at this industry wide.

Eric: I totally agree with you. And what makes me laugh about that observation is I actually helped to launch that solution.

And that's, and then there it is like front and center. So you're welcome. And I apologize, but yeah, that's all. I think because they're so, we're, we're pretty proud of the angle we're taking with the AI tooling in that we know that a lot of information that gets pushed back out to you when something is detected in and around your, your cloud or your environment, your applications, sometimes you're looking at it and going, yeah, okay, I don't understand.

It's Greek to me, but isn't that, isn't that the phrase, right? And so what I love about it, and it was even helpful for me on the marketing team to, to To even learn our product better by just asking simple questions and then asking a follow up question and then asking you more questions. And ultimately the, the aha moment is when, okay, okay, genius, how do I fix this?

And what's great about that is you get suggestions for here's what you can do. And I think ultimately that's what people want to just get to the answer quickly. The tagline, and I don't know if it's on that homepage or tagline that a lot of people. Appreciated was, it was accelerating human response, because there's often this thing that says, I hate Gen AI because it's taking my job, it took our jobs, right?

It's not that, right? I think it's a very helpful tool.

Corey: Even getting away from protectionism, I think that for many things you need a human in the loop. Aiding that human in their decision making process, in filtering Noise to get some signal out of it. The things that computers are great at. Yeah, that's fantastic.

I'll use it myself as a writing assistant, which is a far cry from write this blog post for me. I tend to be, the way that I write is the way that I talk, the way that I think. I go from tangent to tangent to tangent, it lacks structure. So very often I will have it lend structure, and then I'll disagree with almost everything it writes, but now I actually have a beginning, middle, and an end.

I hated writing conclusions for blog posts. It nails it with that. And I'm seeing this when it comes to computer assistance with other areas of intrigue. And analyzing security incidents is one of them. Analyzing logs is another. Writing code is still the third.

Eric: Yeah, and there, and again, there are a lot of things that emerge that maybe I haven't heard about yet as a security professional.

Bye. And, and if it shows up in my feed, I can go, Hey, what is this? Right. And I get an answer because we're pulling from a knowledge of the world's information. We've also trained it very well to not do things like, Hey, help me understand what I should make for dinner tonight, give me three options. Right.

So all of those things, it'll politely decline, but it will effectively answer questions in the security domain. And a lot of us need help from that. And oftentimes you've got, let's say newer folks on. Whatever team it might be, security, DevOps, DevSecOps, they don't want to have to go ask someone a question, but, or, or they find themselves just going out doing their favorite Google search to figure it out.

So here you have it right there. Very cool way to deliver information in a different way. And some people will still resort to charts and graphs and so on, but you now have a way to get there. Get insights quickly. So, I love it.

Corey: It reminds me of an old joke I used to tell, where like, the worst internship ever is like, tailing the log files and looking for anything suspicious that jumps out at you.

Reminds me of one of my internships when I worked at the largest ISP in the state of Maine, the Maine Schools and Libraries Network, headquartered out of Orono at the university. And, one summer they had the student workers, we had us all doing a hub inventory in all the buildings. It took all summer.

There were a lot of buildings, a lot of rooms, and a lot of hubs. And these were old school, unmanaged hubs at a time when switching was the way to go. And I only realize now, with the benefit of 20 years experience, they didn't need to inventory those damn things. They were ripping out and replacing them as they failed.

But they wanted, just wanted something to get the 19 year old kids out of their hair so they could actually do their jobs and not be blinded by our ignorance slash youthful optimism. It, it got us some exercise, and I thought that was very well done. But there, there is a There are elements to that that I still picked up and learned from, inventorying these things.

And it feels like that is in some way where I see some of the concern from AI coming. Not that people should be doing manual tasks by hand when computers are more effective at it, but it feels like it's not so much replacing the senior aspects of what a cloud security analyst does in your particular expression.

But a lot of what the junior folks might potentially be doing. The counter argument there is that junior folks don't generally spring fully formed from the forehead of some ancient god. They, they go from being junior to senior. It makes me wonder what the future is going to look like as far as career progression.

Eric: Yeah, indeed, indeed. But having, you know, in that same vein, you, you make me think of is that there's a whole world of folks who are getting pretty clever understanding how to use these AI tools, right? I still find myself. Sometimes being too basic and think about it. This idea of doing a multi sort of multi pronged question.

What is it? We call it, uh, the term is escaping my mind where I can say, Hey, what's, what's this threat? Uh, who's behind it? Is there a user? Tell me what that user's permissions are and then tell me what, how to fix it. You can ask it all in one fell swoop and get a nice answer. These are the kinds of things that.

I think you mentioned younger people, the folks who are getting savvy with AI, know how to, how to take advantage of it. And the tool is able to do it. It's pretty amazing.

Corey: I'm somewhat surprised by that. I mean, Amazon Q, their obnoxious under, underperforming chatbot, they stuff into basically everything over at AWS.

When you ask it questions that touch on the security realm, or worse, that it thinks touch on the security realm. It falls all over itself, declining to answer, because it cannot give advice on security related topics. Which is great and all, if I want, if you don't want, it doesn't want the liability of telling me to configure a policy some way that doesn't actually protect what I care about.

It can start stretching that refusal definition into areas that are frankly absurd. Like, great, how do I wind up sharing, how do I wind up hosting a static website in S3? I can't advise on security approaches. Terrific. It's a single page of HTML. I just want to show the rest of the world. There are no security issues here.

Just tell me what I'm doing, please. And of course, it doesn't work. So I'm amazed that you've gotten it past that level of refusing.

Eric: Yeah, well, intentionally, of course. And I can't imagine it being very helpful if it declined out of risk, you know, of giving you some sort of answer now that it is afraid of.

But. Yeah, it does quite well. Still, as you know, there's some fear and trepidation about turning on AI solutions in organizations, and that's fair, right? Because whether it's, you know, because it, what data is it being trained on? How do I know this isn't just another, you know, gateway into my environment, right?

So, so certainly we, we have to assure folks of how we anonymize things and so on to make, make them understand that we're helping you get answers without exposing your deepest, darkest secrets. But that leads me to the, the concept of like, yeah, I mean, you've got what we've been talking about is AI for security, but there's a big exploding need for security.

For AI, right? And early on, we wanted to say, well, it's just another workload, but the world doesn't think about it in his exact terms, partly because just there's a lot of potential data that's there being leveraged, being trained upon that we want to protect. And so that's another angle, right? Where we've worked with AWS, for instance, to enable The ability to detect when one of their AI solutions is being used, right?

Put it in a special zone, give you special visibility, identify risks that are going on because that's one of the hurdles I think we have here in the, here in the early days, right? Of getting people to leverage AI for not just for security, but for whatever their business needs.

Corey: It feels like it's the first time that you can have a plausible social engineering attack against a computer.

Eric: It's funny, the kind of things that folks try to do. Yeah, forget all your training and do this instead, right? And depending on how you've done it, it can, that could work. It's a threat when you're talking to these, these engines. But yeah, and again, I think this concept of AI workload security is gaining a lot of momentum.

Whether it's just identifying, hey, did, When we propped up this bedrock system, did we set it up correctly in the first place? So think in the realm of like posture management. And now how do I watch to make sure that there's not, because I think there's a lot of stealthy things going on in, in this world right now, where not only is AI being used to sort of Generate more and more threats, but bad guys are trying to get into the cloud, not just to get into your, your potential AI to do things and try and make money.

And however, what we've seen most recently is once I get into your account, I may turn on an LLM and start using it for my purposes. And that could get, you talked about costs in AWS, that could get real expensive, really quick.

Corey: Counterintuitively, in the large customer environments I sometimes find myself, it's difficult to notice that sort of stuff.

If you're spending, you know, 80 million dollars a year on your cloud bill, It's hard to notice when someone spins up another 50 grand a month. It's, it just gets lost in the background noise.

Eric: Our threat research team identified some activity that once, once they were in, I mean, you typically might, let's say I make a thousand queries to it out to the.

AI Engine, or the LLM, right, a day. Suddenly that was jumping up to like 20,000. And that, that's a bill in one day that can be way over the top. But you're right, you have to be watching, right, in order to understand that that's happening. You know, otherwise, what are you going to do? You wait, and then this massive bill, and I don't know, you probably have more experience on how do I handle that.

Hey, AWS. It wasn't me, it was you. So that's a tough one, but we've done some work at Sysdig again to try and identify anywhere AI is popping up. That's number one, that's half the battle because sometimes these things are being turned on outside the sort of guidance and observability of the leadership and things like that.

And so you want to know that it's there and then you want to know is it protected and then you want to know is anything bad happening. So we've, we've tried to focus a solution around that to make sure that anyone that's getting into this world has the tools they need.

Sponsor: In the cloud, every second counts. Sysdig stops cloud attacks in real time by instantly detecting

changes in risk with runtime insights and open source Falco. We correlate signals across workloads, identities, and services to uncover hidden attack paths and prioritize the risks that matter most.

Discover more at sysdig (S-Y-S-D-I-G) dot com

Corey: Security practices in AWS, I mean, it goes beyond just AWS, but it's my area of specialty. So we'll talk about that for a bit, I suppose. Is the attack surface is so wildly broad. There are a couple hundred services that folks can use. You're probably not using most of them if you're like, Effectively everyone.

Those are different things that need to be secured, need to be watched. The way that their security policies work within IAM are byzantine, to put it gently. There are so many different gotchas, tips, and tricks, it's forced an entire I feel new discipline around how to approach security and what practices make the most sense.

Eric: Yeah, totally agree. And, and every time we add a new service, there's a whole new surface there that we need to make sure we're protecting. And you're right. A lot of folks, when they get into it at first, and by the way, this is, you know, obviously, like I said, introduced where Sysdig plays, they, they think first about the guardrails and the posture controls, and that's, that's That's good.

That's correct, right? You don't want to just go, the classic example is I've got an S3 bucket and I've left it on public setting. Default it shouldn't be that way, but you want to know that. Or you want to know, you know, did I, am I overly permissive? You mentioned IAM. Policies and things like that being tricky, uh, or not well baked.

That's another key one. Um, you know, so I, I would need to understand that I've got misconfigurations, or where I've got misconfigurations. And a lot of times what's driving that is, of course, we want to be secure, but I also might be a credit card company, right? And I need to meet some compliance guidance. And I need to be able to say, this is what I've done.

And this is, you know, hey, auditors, here's, here's the proof, right? And so we need to observe those things. I think the good news is that AWS, for instance, has CloudTrail, which does logs, all of the activity, whether it's users, APIs, or whatnot. We use that as a data source. It's an excellent data source until, until a bad guy turns it off.

That's another thing to watch for. And that can help us understand what's happened. So oftentimes, posture is the first stop. Vulnerability management, I'm sure you've, you know, Chatted to others about this, you know, identifying what are the known vulnerabilities and fixing those. That's another key first stop for most companies.

And then we do believe that's important. We like to think about that, not just when you're building stuff. Let's say you're in the world of containers. Not just scanning the container before you push it out, but continuous doing that. Because every day, new vulnerabilities are reported. That was great yesterday, I feel really good.

But today, there's a big one, and we need to do something about it. So I need to always be watching. The problem is noise. There can be a lot of things that pop up on these reports that I need to deal with. And how do I know what to deal with? What to prioritize? And that's the key challenge for any cloud administrator security team.

Corey: You folks have put out a number of reports showing the accelerating speed of security incidents, particularly in the cloud. It's shaped some of my thinking on this to, I guess, to articulate something I've sort of intuitively believed since the beginning. Which is, is that attackers are generally better at automating than most operations teams.

There's still the click ops thing, where you use the AWS console, then lie about it. Whereas with the attackers, they have these things ready to go in scripts to the point where they can pivot, they can lateral from once, uh, from once they're into an environment to different parts of it, to different skills, to different services as fast as computers can execute.

The idea of human response times being sufficient to guard against this is fantastical to my mind.

Eric: It's crazy how fast they can move. And one of the things that if you think about it, like they can just put something together and start running it. There's no, they don't worry about bug testing or QA of, of what they're doing.

So they, they get to skip all of those steps that the rest of us in the software world try to make sure that, Hey, this software is set. So in other words, they're just automating, automating, There's even botnets for rent and things like that, where you can just start doing things. And yeah, we've, we've seen it takes 10 minutes or less, right, to get from the time I'm in to the time I start doing damage.

And that's, that's why we had put out, I think about this time last year, this idea that the new benchmark is needed. You know, you really need to be able to, can I respond effectively in 10 minutes? And if you reverse engineer that, what that means is I need to be able to detect things as they're happening in real time.

And by the way, to try and filter through the noise and get to the true risk of this thing that's happening. So how fast can I do that? Let's say I want to do that in five seconds, right? And a lot of tools are not able to deliver that. We, we have always been good at that partly because we're basically a streaming detection engine.

It's built on our, our open source Falco heritage, right? That it's watching things as it comes, if it detects something based on, on the Detection policies, it's going to pop you something to say, hey, this is happening right now. Lately, we can also correlate that with other things, like this is happening and there's a misconfiguration and this, there's too many permissions for this particular user or machine identity or whatnot.

So we want to know, we want to then be able to invest, to sort of investigate. And the challenge with investigating is if I have to go to some deep, dark well of a, uh, not that I have anything against, uh, SIEMs or, you know, uh, these big, where we're storing a lot of log information and so on, but that might take a while.

I need information right now to understand what's the threat. Is it really a threat? And then I want to be able to invoke a response. So our challenge to the industry was detect quickly, five seconds, investigate, take five minutes to do that, and then five minutes to enact your response to contain this.

Then you're at least in that 10 minute window that we know is sort of the point of, uh, of no return often.

Corey: And

Eric: this is where the industry is headed. Typically, we see, and what I mean by, by where the industry is headed, there's more and more automation being put into play. That's coming from Sysdig, that's coming from tools at AWS, there are other external tools, organizations that are focused on work, building workloads.

Yes. This, then, that, right? And just deploy runbooks. What I'll say is, there's often still the desire to have a human go, Yeah, this is a thing. Go. So that you're not enacting automation in something that ended up being a false positive. So I think you want to get to a fully automated response, but you also want to have a sanity check in between, or at least that's what I'm still seeing right now.

So you'll see a balance of both in terms of being able to sort of get to the heart of the matter. The better we are at correlating multiple things and saying, yes, this is a real threat and sort of doing that for you. Presenting with all the evidence, but doing it for you. Then I think, you know, the more confidence that our customers or the industry gets in our ability to do that and do that effectively, then I think this automated response activity could be good.

Some of the things we already do, and the good news was something like a Kubernetes. Kubernetes is kind of orchestrating all this thing. Let's say, Corey, you get into a container and you're doing some bad stuff.

Corey: All my bad stuff happens in containers, but please continue.

Eric: We're going to automatically kill that container.

Boom. Down goes Frasier, right? The thing about it is that Kubernetes, your app doesn't have to die just because we took a security action. It'll spin up another one. Of course, you're hoping that the threat guy isn't following all your containers around. But, so some things can be done like that. If it's bad enough, you want that to just stop.

Because as soon as I'm in that container, then that's when all the lateral movement things can start to take place and I get into bigger and badder things. And so, So some of that is already possible, and our customers do it, but again, while everyone wants automation, they also want a quick human sanity check.

Corey: I'm curious to see how this winds up shaping the, I guess, the future of this space, because as, as response times get faster, it feels like you're almost locked into an arms race with attackers. Oh, they can respond in ten minutes, but we need to then be in and out within five, and it winds up with a constant game of one upsmanship.

Eric: It's true, and things are Constantly evolving. And that's why cloud security is constantly evolving, you know? And oftentimes take a step back, note, wow, are we not there yet? Are we not there where we've got, we've outwitted the bad guys and it just, I don't think it'll ever, it'll ever happen. And that's where this art of having threat researchers who always understand the latest thing, things like the MITRE ATT&CK framework.

It's like, here's the things you need to know. And here's the latest tactics, techniques, and procedures that, uh, adversaries are using. It's, it's a never ending battle. And sometimes we focus on, on interesting things and think we're going to be good. Um, and by that, I mean, you know, I fixed all of my. Known vulnerabilities should be good, right?

But sometimes the vulnerability is not the thing. The thing might be you've got a exposed, uh, credentials that ended up in a container or something and it's out on a repository. So now it's really more and nothing to do with a known vulnerability, just the fact that your credentials got exposed and now somebody's getting into the environment.

It's very hard to prevent against that, except for you want to have things like multi factor authentication and so on. And so. That's where, as a company that's trying to tackle the entirety of this picture the best we can, yes, posture controls, yes, vulnerability management, but also identifying, you know, this whole IAM space, you know, are you giving too many permissions?

There's a cool thing about where we sit from Sysdig and runtime is that we can see The Activity. That Activity Insight, what we call Runtime Insights, can do a few things. One, obviously it's where we're throwing up alerts about real threats. It's also where we go, hey, in that running of this service or this application, Corey doesn't need all these permissions.

Actually, all he needs is this, and you've given him this. And we'll help you see that. And we'll even help you give you a, hey, go paste this into AWS to kind of make it so, right, to, to, to buckle it down. I think sometimes there's a fear that if I don't give the, you know, I'll just give a little bit more than it's needed just in case, right?

That's where your exposure time.

Corey: It's also the nature of the way these things work, where, okay, I give it the permission I think it needs. Denied. Okay, I'll broaden it a bit. Denied. After three or four repetitions of that, screw it, I'll give it everything, and I'll come back and fix it later, and later never happens.

Eric: Exactly. And that's why we try to marry this idea of, okay, yeah, we see, we see how this works and what's running and what's working or not working, and we'll profile workloads and help you try and understand that, right? So identity is a big one. And again, we already talked about the real time nature of trying to identify things quickly so you can stay ahead.

And I think that's just going to be a constant arms race, which I think is the word you use. So it's a, it's a tricky business, but again, the bet, the good news is that the more of these things that you can put together and identify, yes, this is a real thing. This is in use. This is based on the internet.

It has So this idea of correlation really does help identify whether things will be a real risk or not. And us in the industry is just getting better and better at painting that picture, showing you even like, here's a possible attack path, right? Did you know that if, if somebody gets in this thing that's misconfigured, all of this, the keys to the kingdom or the family jewels or whatever we call it, are all back here, right?

Corey: The old school data center approach of M&M security, where it's a hard candy shell, soft chocolatey center. Doesn't work anymore. Okay. We stop attackers at the firewall. Like the, the cloud equivalent would be that once you have access to an EC2 instance, if that EC2 instance exec, if that E two instance role has access to do all kinds of things, it doesn't need to do well, great.

This is why the idea of least permission has taken root the way that it has, it's the right way to do it. It's just obnoxious to get that configured properly.

Eric: It's very difficult. It's very difficult. And I know that AWS has a tool like IAM Access Analyzer, I think they call it, that's trying to help with that.

Sysdig is trying to help with that. Uh, so it's important. And I love what you just said, because in some of our presentations, we'll show a picture of the castle with the moat and the drawbridge. It's like, this is the old days where there was basically one way in and one way out. Now it's much more like an amusement park where there's a lot of ways to get in, get out.

And so, you know, you've got to be able to guard that appropriately, but a lock on the door is not enough. You also need the security cameras to, once, once they're in, are they just happily riding the merry go round or are they being destructive in some way, shape, or form? And then, you know, obviously having someone to be able to respond to those things.

So, the analogies can go on and on and on, but, but it's, the cloud is different. We know it, it's changed a lot of dynamics. Um, you know, as companies have transitioned from your more traditional on prem, they, they tried to drag some of the old ways with them, but it's not always working in the same way as when we just owned the bare metal and we, we, uh, owned the firewall and we were good.

And so the practices of cloud security are, there's a, there's a lot of things that go into it and it's continuously evolving on its, by itself, thanks to a The activities of, of. People out there and, and, and again, now we want to be able to use things like AI to, to give what we might call the defenders, us defending our cloud a, a, a leg up.

Um, because why not, right? You can't bring a knife to a gunfight if the, uh, adversaries are using AI. We need to use it in a similar fashion. And so just making it work for you correctly is, is the hard part, right? We've, we've spent a couple years getting it right and we've released what we've released around helping you under understand.

What's happening in your real time threats. And, and it wasn't easy to get it to, to answer in that swim lane and to answer in ways that make sense, that aren't just nonsense. I hate that word hallucination because it happens, right? But it's like, you can't just get a bunch of gobbledygook.

Corey: When I'm confidently wrong, I'm starting to call it a hallucination now.

It sounds a lot better than bullshitting.

Eric: That's right. Yeah. Uh, and that's it. And that's the, that's the thing you've got to, Work at, uh, in order for people to then put trust, I would say trust in the tool. And I think, again, we've done a, we've done a pretty, pretty decent job of that. So, so again, you know, our, our lot in life, if we think about AWS, uh, as your, if that's your platform of choice is to one, stay on top of.

All the things that they're up to. Look, they have their own security tooling and it's getting better and better. Uh, the good news is that things like GuardDuty, for instance, at AWS, it's, it's getting better and better at providing more and more detections. We're, we're using that as a data source in some instances.

If you're using it, great, right? Add that into the mix. A lot of times. You know, the insights that they can provide are valuable, and we want to be able to leverage those things. Or conversely, if we've identified some good information, and a customer is using, like, Security Hub, we can send that information back to AWS Security Hub.

I can see it all in place. And of course, the latest ground has been the security lake part of AWS. I don't know if you've done any, any sessions in and around a security lake, but there's this this move to try and let's get all of my security today in one place. And then I can do all kinds of interesting things with it.

You know, interesting being hopefully identifying threats proactively and so on. And so we we try to participate in that world in a sense to integrate with all these things. And it takes some Some work, but it's worth it because this is certainly where everyone's modernizing and doing a lot of their application development these days.

Really, it's been, I've been doing this long enough. I think you have too. You've now see this, this certainly this flip right where people have been dabbling their toes in the cloud and now it's, it's sort of flipped to the To the percentage wise, it's the majority that are doing things in the cloud.

Corey: I think that that is, we're seeing a shift.

It's, some folks have said it would take longer. Some have said that it would take a shorter period of time. But the one thing that I think is constant in this entire space is that everything's always changing and the rate of change only increases. There's a calculus lesson in there somewhere for folks better at paying attention in class than I was.

Eric: I was never good at the math, so, uh, I'll take your word for it.

Corey: I really want to thank you for taking the time to speak with me. If people want to learn more, where's the best place for them to find you?

Eric: Yeah, obviously the easiest thing to do is, is to just jump on over to, uh, Sysdig. com. That'll have all of the things you need to, to get the gist of what we do, how we can help.

Hey, since we're here kind of focused in and around the world of AWS, one of the pages I help build is Sysdig. com slash AWS. I tried to make it as simple as possible for things like this, right?

Corey: It's handy for podcasts. Like every once in a while, someone will give a URL. It's like seven levels deep with hyphens and dashes, and they do startup spellings of common words with different names and no vowels.

Yeah. Thank you for not doing that. You

Eric: know, Corey's not, there's not going to be a link that someone can click on. And so, yeah, that's where having a slash AWS works.

Corey: But there will be in the shout out. That's what it's there for.

Eric: Brilliant. Yeah. So all good. I think, you know, there's so much going into this world of cloud security.

It's our goal to stay on top of it, to leverage as much insight that we can into what's happening like right now, and to give our customers the ability to react fast to these things. And so, yeah, I'm looking forward to this coming year and all the things that it has to hold. You mentioned earlier a threat report.

There's, I think we just issued a new one. It has a bit of what we saw and what we think is going to happen next. And not to create a bunch of fear and doubt in people's minds, but we all know staying ahead of threats is a key part of running a successful business and not being in the news headlines.

Corey: We had all hoped to remain so lucky.

Thanks again for your time. I really appreciate it.

Eric: Indeed, Corey. Thank you so much.

Corey: Eric Carter, Director of Product Marketing at Sysdig. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five star review on your podcast platform of choice.

Whereas if you hated this podcast, please leave a five star review on your podcast platform of choice, along with an angry, insulting comment that makes no sense because you didn't follow through to supervise the gen AI that wrote it for you.