Sandeep Lahane has been been quietly building his container security startup Deepfence since 2016. On Feb. 13, Deepfence emerged from its stealth mode, announcing the company's Security as a Microservice technology for container security.
The Deepfence approach uses what the company refers to a a lightweight sidecar container, which runs alongside an organization's existing Docker and Kubernetes container deployments. Deepfence's technology makes use of artificial intelligence (AI) as well as policy driven rules, to help detect potential threats and enforce workload isolation.
"We've developed a Security-as-a-Microservice solution," Sandeep Lahane, co-founder and CEO of Deepfence, told eWEEK. "Container security is not just about isolation, it's about detection, remediation and protection."
Deepfence is backed by IDG Ventures, though Lahane noted that no specific funding amounts have yet been publicly disclosed. The company makes use of multiple open-source technologies while the core Deepfence platform itself is a proprietary technology.
Lahane explained that Deepfence is deployed as a sidecar container, that can monitor container workload activities. Among the things that Deepfence can monitor are file system changes and system processes. The sidecar container can also be configured to capture varying amounts of network data packets as well. For example, Lahane said that Deepfence users can set a rule that would monitor 50 percent of the traffic coming from a specific container to a given location. Users can also choose to capture all the traffic, if needed.
"We can look at what comes into and out of, every container and cluster to see what really is changing," Lahane said. "Changes can be file system, process, behavior or system call level changes."
Deepfence analyzes all the changes and applies heuristics and AI-powered analysis to help determine potential threats. Lahane said that Deepfence uses multiple technologies as part of the analysis including a time-series database and Elasticsearch among other tools. Deepfence also makes use of both deterministic and probabilistic techniques to identify risks. Lahane explained that a deterministic risk for example, is if one container sends a bad packet to a second container which triggers a crash. A probabilistic risk in contrast, benefits from the analysis of many different events to help determine the potential for risk.
When Lahane first started working on Deepfence there were few container security vendors. Now in 2018, the market has multiple vendors including Aqua Security, Twistlock, Capsule8, StackRox, NeuVector and LayeredInsight.
While Lahane see the market for container security as being big enough for multiple vendors, in his view, Deepfence differentiates from its competitors in several ways. Lahane said the Deepfence approach is about moving security along with workloads that are running production.
"We're more about security for modern workloads than about security by policy," he said.
Looking forward, Lahane said that multiple customers are deploying Deepfence and it will be customer requirements and needs that will help to drive the container security platform forward.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.