Our Investment in KSOC: An Essential Tool for Kubernetes Security #KIEM #KDR

Chase Roberts
3 min readFeb 15, 2022

Kubernetes is complicated so applications can be less so. Kubernetes (a.k.a. K8s) takes care of distributed systems and scaling configurations so that applications builders can focus on the applications they’re building instead of the systems on which they run. Borrowing an analogy from Kubernetes: The Documentary (yes, you should watch it), Kubernetes is like the mail system: you put your item inside of a box — a standard configuration — and the postal service manages the complexity of getting your package to its destination. The postal service doesn’t need to know what’s in the box, and you only need to understand how to mail a package — a standard protocol. In this analogy, Kubernetes is the postal service, the application is what’s inside the package, and the Kubernetes programming interface is like the mailbox, mailing instructions, stamps, etc. For a more elaborate non-technical overview, I’d suggest this post.

Kubernetes adoption is off the charts: 5.6 million developers use K8s worldwide up 67% from the previous year according to our friends at the Cloud Native Computing Foundation (CNCF). The growth is largely driven by the availability of Kubernetes from cloud service providers (CSPs) like Amazon Web Services, Google Cloud Platform, and Microsoft Azure. True to their value, the CSPs simplify running Kubernetes in the cloud. The simplified deployment models have enabled armies of developers to adopt Kubernetes without the required skills to secure it. 😬

If you as the mailer were responsible for determining how to keep a package secure and avoiding all of the points of failure during the mailing process, you’d require an army of experts and financial resources. These requirements are not too dissimilar from what it takes to secure Kubernetes: it is hard to secure precisely because it is complex.

We’re good though, right? Not so much. The first generation of K8s security tools are largely observability-driven: they alert users about security issues, but they don’t help them fix the issues. The complexity of securing K8s and the lack of skills among developers to secure it means many of these workloads are vulnerable. Just ask the smart folks at Telsa, Capital One, Microsoft, and Docker. The landscape of solutions also lacks depth and largely includes monitoring tools adapted from other infrastructure applications.

Enter: Jimmy Mesta. As we dug deeper into the K8s security ecosystem, Jimmy’s name came up repeatedly as one of the experts. We learned that Jimmy teamed up with a talented sales leader in the security industry, Brooke Motta, to start a company to develop a more complete solution: KSOC (Kubernetes Security Operations Center). KSOC monitors Kubernetes misconfigurations and vulnerabilities wherever they may occur — cloud, hybrid-cloud, on-prem environment — alerts of these issues, and then auto-generates enforcement policies to address the issues. Not only does KSOC offer the depth required to effectively secure Kubernetes workloads, but it also presents users with automated “easy buttons” for resolving security incidents. KSOC is the essential tool for every developer running Kubernetes in any context anywhere — all 5.6M of them.

Two categories are emerging: Kubernetes Infrastructure Entitlements Management (KIEM) and Kubernetes Detection and Response (KDR). I’m excited to announce that Vertex Ventures US will support Brooke (CEO) and Jimmy (CTO) via a $6M seed financing on their journey to simplify Kubernetes security management and define KIEM and KDR as categories. We’re blown away by the talent of this team and the clarity with which they’re tackling this important problem. We can’t wait to see Brooke and Jimmy usher in the KIEM and KDR movement. Here’s to all of the application builders who can now breathe a sigh of relief. 😅