With over 1700 industry-leading and innovative companies such as Sony, Amazon, IBM, Spotify, Etsy and Lyft trusting Looker’s data platform, Looker takes security seriously. The Looker Security Operations team, managed by Richard Reinders, is constantly working to ensure they have the best security possible to protect their customers’ production workloads. We sat down with Richard to ask him about his security strategy at Looker and how Capsule8 fits in.
What are the areas of pain you experienced prior to implementing Capsule8 Protect at Looker?
Richard: When we made the strategic decision to use Kubernetes, we needed security solutions that would work in our planned environments. We found that most security vendors advertise container and Kubernetes support but only do so with a large asterisk. Their solutions aren’t built to support cloud-native environments and require far too much customization to work in a containerized environment — if they will work at all in the environments they advertise. Moving beyond that hurdle, we wanted to ensure that we selected vendors we could truly partner with and use approaches that would meaningfully move the needle for security. Capsule8 helped us meet those goals.
How much input did you receive from your DevOps team when you were evaluating the Capsule8 solution? What were their biggest concerns and how did you overcome them?
Richard: For our DevOps team, major concerns centered around performance and maintenance of our production infrastructure. Securing our environment could not come at the cost of slowing our cluster or instance performance. Going through the trial with Capsule8, we determined that this was not going to be a problem. Capsule8’s distributed approach to collecting and analyzing security data, along with its “resource limiting configuration options” helps Capsule8 to not consume many resources, giving the DevOps team confidence that we can secure production without hindering performance.
What were Capsule8’s strengths relative to other solutions you evaluated?
Richard: Capsule8 worked well. Capsule8’s use of detection strategies, rather than rules, allowed us to get up and running quickly. This approach saved us the hassle of trying to make rules and more closely aligned with our existing approach of only whitelisting known approved behavior. Additionally, we found the technical depth of the Capsule8 team to be terrific. It is critical to get quality hands on support and know how when dealing with Kubernetes and that’s what we get with the Capsule8 team.
How has Capsule8 fit into your security strategy?
Richard: Our vision is to maintain a single pane of visibility and alerting across our environment regardless of location, cloud or underlying infrastructure. To do that, we need security solutions, like Capsule8, that can integrate with our approach and behave as “good neighbors” alongside one another. We also need vendors that understand the big picture. That means focusing on the right things,being collaborative, and not trying to implement a bunch of items in a half baked fashion that fail to be comprehensive.
How does detection & response enable your sales organization to better position your products?
Richard: At Looker, we care a lot about security, and we are constantly working to ensure we have the best security possible to protect our customers’ production workloads. As we make our Kubernetes transition, we consider Capsule8 a critical piece of the protection we offer to our customers. By transparently sharing our approach with customers, they can better evaluate our security posture and rapidly become comfortable with Looker. By using Capsule8, we have confidence in our ability to detect and shut down attacks before they take hold — and we can share that confidence with our customers.
Which compliance requirements are most important to your organization and how are you leveraging Capsule8 to meet them?
Richard: We use Capsule8 today to help meet our SOC 2 requirements. We have several other compliance initiatives underway where we will slot Capsule8 in to help make it possible. Having Capsule8 has helped on the security front and also accelerated our ability to meet our growing compliance requirements.
How will you leverage Capsule8 as you continue to grow?
Richard: We are planning to offer up Looker in multiple cloud environments, and transition from hosted instances to a Kubernetes architecture. As we expand we want to ensure consistency and manageability. Capsule8 will be a major line of defense for a running container.
Capsule8 is defining modern enterprise protection by providing detection and response for Linux infrastructure in any environment. Capsule8 provides host-based detection and investigatory data for incident response with on-going support. Unlike anyone else, Capsule8 mitigates the financial, scalability and reliability limitations of protecting your Linux infrastructure.