Murray Goldschmidt. Chief Operating Officer Sense of Security Pty Ltd. Micro Services, Containers and Serverless PaaS Web Apps? How safe are you?
|
|
- Alexandra Warren
- 5 years ago
- Views:
Transcription
1 Murray Goldschmidt Chief Operating Officer Sense of Security Pty Ltd Micro Services, Containers and Serverless PaaS Web Apps? How safe are you?
2 A G E N D A Serverless, Microservices and Container Security Key Implications for Penetration Testing Programs Key Security features for Container Deployments 4 CI/CD Integration for Automated Security End to End Vulnerability Management Continuous Monitoring, Governance & Compliance Reporting Page 2
3 14-Sep-18 Are Containers As Good as it Gets? Cloud containers are designed to virtualize a single application *** Modified *** Page 3
4 As Good as it Gets? e.g., you have a MySQL container and that's all it does, provide a virtual instance of that application. *** Modified *** Page 4
5 As Good as it Gets? Containers ***SHOULD*** create an isolation boundary at the application level rather than at the server level. *** Modified *** Page 5
6 As Good as it Gets? This isolation ***SHOULD*** mean that if anything goes wrong in that single container (e.g., excessive consumption of resources by a process) it only affects that individual container and not the whole VM or whole server. *** Modified *** Page 6
7 Page 7
8 Container Security Tech Neutral Security Requirements Intrinsic Security of the Kernel Attack Surface Reduction Container Configuration Hardening of the Kernel and how it interacts with Containers Addressed By Supply Chain Risk Mgt/ Vuln Mgt/ CaaS Hardening/Config Mgt/Vuln Mgt Configuration Management Hardening Page 8
9 Monolithic vs Microservices Architecture Page 9
10 Monolithic vs Microservices Architecture Page 9
11 Monolithic vs Microservices Architecture Page 9
12 Monolithic vs Micro Services (API Centric) Page 10
13 Monolithic vs Micro Services (API Centric) Page 10
14 Example: Microsoft eshop Reference Architecture Page 11
15 Example: Microsoft eshop Reference Architecture Page 12
16 VM vs. Containers (where the abstraction occurs) VM c o n t. C o n t. C o n t. C o n t. C o n t N c o n t. C o n t. C o n t. C o n t. C o n t N Hardware Hypervisor 1 V M V M V M V M V M Hardware Host OS V M V M V M V M V M Hypervisor 2 Hardware Host OS c o n t 1 C o n t 2 C o n t 3 C o n t 4 C o n t N Container Engine Dep 1 Dep 2 Guest OS Dependencies Application Container App. Deps. Application ABC Virtualisation Containerisation Type1 Bare Metal Type 2
17 Page 15
18 Page 16
19 Page 17
20 Page 18
21 Page 18
22 Page 18
23 Page 18
24 Page 18
25 Page 18
26 Page 18
27 Page 18
28 Page 18
29 Page 18
30 Page 18
31 Page 20
32 Developers Page 21
33 Hackers Page 22
34 Hooking Lowest Wins Page 23
35 North-South & East-West Attacks and Pivots Page 24
36 Break-In Page 25
37 Entry Point is usually a Pin Hole issue For example a known application issue Page 25
38 Page 26
39 Containers The Contained Challenge IF you can Break-In You then Need to Break-Out Page 27
40 Break-Out <gowest goeast> Page 28
41 Either Find a Container Vuln & Exploit Page 29
42 Or - Living off the Land Relying on misconfiguration, ability to use native tools, or download new and execute Page 30
43 Page 31
44 Page 32
45 Page 33
46 Page 36
47 Page 37
48 Container TTL Page 37
49 09-Oct-18 Sense of Security Content Slide Layout Page 38
50 09-Oct-18 Sense of Security Content Slide Layout Page 38
51 09-Oct-18 Sense of Security Content Slide Layout Page 39
52 How to Upgrade your Vuln Mgt Program What to expect from a Pen Test Supply Chain Risk Implications for CaaS DevSecOps Page 41
53 Pen Test Mechanical Attack vs Knowledge & Finesse Page 42
54 Monolithic vs Microservices Architecture Page 9
55 Sense of Security Page 45
56 Sense of Security Page 45
57 Page 9
58 09-Oct-18 Sense of Security Page 46
59 09-Oct-18 Sense of Security Page 46
60 Page 47
61 Page 48
62 Page 48
63 Page 49
64 Load Balancing Perimeter Public Functions Page 9
65 09-Oct-18 Sense of Security Page 53
66 09-Oct-18 Sense of Security Page 53
67 09-Oct-18 Sense of Security Page 53
68 09-Oct-18 Sense of Security Page 53
69 09-Oct-18 Sense of Security Page 53
70 09-Oct-18 Sense of Security Hack Transformation Page 54
71 09-Oct-18 Sense of Security Hack Transformation Page 54
72 09-Oct-18 Sense of Security Hack Transformation Page 54
73 09-Oct-18 Sense of Security Hack Transformation Page 54
74 -security/next-generationfirewall-vs-container-firewall/ Page 54
75 Security Testing Needs to Go Down The Stack
76 Security Testing Needs to Go Down The Stack User Interface (WebApps, forms, logons, API s)
77 Security Testing Needs to Go Down The Stack User Interface (WebApps, forms, logons, API s) Framework (Struts, Spring,.NET)
78 Security Testing Needs to Go Down The Stack User Interface (WebApps, forms, logons, API s) Framework (Struts, Spring,.NET) Language (Java, PHP,.NET)
79 Security Testing Needs to Go Down The Stack User Interface (WebApps, forms, logons, API s) Framework (Struts, Spring,.NET) Language (Java, PHP,.NET) AppServer (IIS, Apache, Nginx)
80 Security Testing Needs to Go Down The Stack User Interface (WebApps, forms, logons, API s) Framework (Struts, Spring,.NET) Language (Java, PHP,.NET) AppServer (IIS, Apache, Nginx) Process UI (Container, presentation layer)
81 Security Testing Needs to Go Down The Stack User Interface (WebApps, forms, logons, API s) Framework (Struts, Spring,.NET) Language (Java, PHP,.NET) AppServer (IIS, Apache, Nginx) Process UI (Container, presentation layer) Process App (Container, application processing)
82 Security Testing Needs to Go Down The Stack User Interface (WebApps, forms, logons, API s) Framework (Struts, Spring,.NET) Language (Java, PHP,.NET) AppServer (IIS, Apache, Nginx) Process UI (Container, presentation layer) Process App (Container, application processing) Process BackEnd (Container, database)
83 Security Testing Needs to Go Down The Stack User Interface (WebApps, forms, logons, API s) Framework (Struts, Spring,.NET) Language (Java, PHP,.NET) AppServer (IIS, Apache, Nginx) Process UI (Container, presentation layer) Process App (Container, application processing) Process BackEnd (Container, database) Operating System (Linux, Windows)
84 Security Testing Needs to Go Down The Stack User Interface (WebApps, forms, logons, API s) Framework (Struts, Spring,.NET) Language (Java, PHP,.NET) AppServer (IIS, Apache, Nginx) Process UI (Container, presentation layer) Process App (Container, application processing) Process BackEnd (Container, database) Operating System (Linux, Windows) Clustering/Orchestration (CaaS, Swarm, Kubernetes)
85 Security Testing Needs to Go Down The Stack User Interface (WebApps, forms, logons, API s) Framework (Struts, Spring,.NET) Language (Java, PHP,.NET) AppServer (IIS, Apache, Nginx) Process UI (Container, presentation layer) Process App (Container, application processing) Process BackEnd (Container, database) Operating System (Linux, Windows) Clustering/Orchestration (CaaS, Swarm, Kubernetes) Networking (SDN, SecGroups)
86 Security Testing Needs to Go Down The Stack User Interface (WebApps, forms, logons, API s) Framework (Struts, Spring,.NET) Language (Java, PHP,.NET) AppServer (IIS, Apache, Nginx) Process UI (Container, presentation layer) Process App (Container, application processing) Process BackEnd (Container, database) Operating System (Linux, Windows) Clustering/Orchestration (CaaS, Swarm, Kubernetes) Networking (SDN, SecGroups) Cloud Platform
87 Security Testing Needs to Go Down The Stack User Interface (WebApps, forms, logons, API s) Framework (Struts, Spring,.NET) Language (Java, PHP,.NET) AppServer (IIS, Apache, Nginx) Process UI (Container, presentation layer) Process App (Container, application processing) Process BackEnd (Container, database) Operating System (Linux, Windows) Clustering/Orchestration (CaaS, Swarm, Kubernetes) Networking (SDN, SecGroups) Cloud Platform Core Infrastructure
88 Security Testing Needs to Go Down The Stack User Interface (WebApps, forms, logons, API s) Framework (Struts, Spring,.NET) Language (Java, PHP,.NET) AppServer (IIS, Apache, Nginx) Process UI (Container, presentation layer) Process App (Container, application processing) Process BackEnd (Container, database) Operating System (Linux, Windows) Clustering/Orchestration (CaaS, Swarm, Kubernetes) Networking (SDN, SecGroups) Cloud Platform Core Infrastructure
89 Security Testing Needs to Go Down The Stack User Interface (WebApps, forms, logons, API s) Framework (Struts, Spring,.NET) Language (Java, PHP,.NET) AppServer (IIS, Apache, Nginx) Process UI (Container, presentation layer) Process App (Container, application processing) Process BackEnd (Container, database) Operating System (Linux, Windows) Clustering/Orchestration (CaaS, Swarm, Kubernetes) Networking (SDN, SecGroups) Cloud Platform Core Infrastructure
90 Finesse Page 56
91 Page 58
92 Page 58
93 Page 59
94 There are Pen Tests & There are Pen Tests! Lower Cost Predictable Even if a Web App/Service Pen Test not suitable for current technologies Doesn t really assess the threats More North-South than East-West Check Box More considered Requires expert capability, R&D Requires understanding of the full stack incl implications of -aas Requires persistence in an ephemeral setting Yes it will cost more Assurance, Validation & Compliance Page 60
95 Blue Team: Key Steps to App Container Security 1 End-to-End Vulnerability Management 2 Container Attack Surface Reduction 3 User Access Control 4 Hardening the Host OS & the Container 5 SDLC Automation (DevOps)
96 Automated Vuln Mgt SHIFT LEFT Build API s & Plug-ins Third Party Components Vuln Mgt Automation Registry Automated Scan of Pub/Priv Registry Image adapted from Qualys materials Host Compliance Scanning OS CaaS Runtime Audit logging Event logging
97 Container Security Lifecycle Management & Compliance Summary Adapted from: Ten Basic Steps To Secure Software Containers, Instructions For Safely Developing And Deploying Software In Containers, by Amy DeMartine and Dave Bartoletti April 14, 2017
98 Container Security Lifecycle Management & Compliance Summary Develop / Build Test / Modify Release / Production Adapted from: Ten Basic Steps To Secure Software Containers, Instructions For Safely Developing And Deploying Software In Containers, by Amy DeMartine and Dave Bartoletti April 14, 2017
99 Container Security Lifecycle Management & Compliance Summary Develop / Build Test / Modify Release / Production Use Trusted Images Reduce Attack Surface Third Party Components Mgt (SCA) Sign & Verify Images Privileged Access & Auth Mgt Adapted from: Ten Basic Steps To Secure Software Containers, Instructions For Safely Developing And Deploying Software In Containers, by Amy DeMartine and Dave Bartoletti April 14, 2017
100 Container Security Lifecycle Management & Compliance Summary Develop / Build Test / Modify Release / Production Use Trusted Images Reduce Attack Surface Third Party Components Mgt (SCA) Sign & Verify Images Privileged Access & Auth Mgt Network Segmentation User Authentication Vulnerability Scanning Harden the OS Adapted from: Ten Basic Steps To Secure Software Containers, Instructions For Safely Developing And Deploying Software In Containers, by Amy DeMartine and Dave Bartoletti April 14, 2017
101 Container Security Lifecycle Management & Compliance Summary Develop / Build Test / Modify Release / Production Use Trusted Images Reduce Attack Surface Third Party Components Mgt (SCA) Sign & Verify Images Privileged Access & Auth Mgt Network Segmentation User Authentication Vulnerability Scanning Harden the OS Ongoing SecOps Adapted from: Ten Basic Steps To Secure Software Containers, Instructions For Safely Developing And Deploying Software In Containers, by Amy DeMartine and Dave Bartoletti April 14, 2017
102 Container Security Lifecycle Management & Compliance Summary Develop / Build Test / Modify Release / Production Use Trusted Images Reduce Attack Surface Third Party Components Mgt (SCA) Sign & Verify Images Privileged Access & Auth Mgt Network Segmentation User Authentication Vulnerability Scanning Harden the OS Ongoing SecOps Advanced Security Controls Adapted from: Ten Basic Steps To Secure Software Containers, Instructions For Safely Developing And Deploying Software In Containers, by Amy DeMartine and Dave Bartoletti April 14, 2017
103 Container Security Lifecycle Management & Compliance Summary Develop / Build Test / Modify Release / Production Use Trusted Images Reduce Attack Surface Third Party Components Mgt (SCA) Sign & Verify Images Privileged Access & Auth Mgt Network Segmentation User Authentication Vulnerability Scanning Harden the OS Ongoing SecOps Advanced Security Controls Vulnerability Management Adapted from: Ten Basic Steps To Secure Software Containers, Instructions For Safely Developing And Deploying Software In Containers, by Amy DeMartine and Dave Bartoletti April 14, 2017
104 Recap 1 Serverless, Microservices and Container Security CI/CD Integration for Automated Security 2 Key Implications for Penetration Testing Programs 4 End to End Vulnerability Management 3 Key Security features for Container Deployments Continuous Monitoring, Governance & Compliance Reporting Page 64
105
Overcoming the Challenges of Automating Security in a DevOps Environment
SESSION ID: LAB-W02 Overcoming the Challenges of Automating Security in a DevOps Environment Murray Goldschmidt Chief Operating Officer Sense of Security @ITsecurityAU Michael McKinnon Director, Commercial
More informationAUTOMATING SECDEVOPS WORKSHOP
SESSION ID: AUTOMATING SECDEVOPS WORKSHOP Murray Goldschmidt Chief Operating Officer Sense of Security Pty Ltd Agenda Overview Coding Scanning Attacking Security in DevOps Overview Stack Security AWS
More informationContainer Deployment and Security Best Practices
Container Deployment and Security Best Practices How organizations are leveraging OpenShift, Quay, and Twistlock to deploy, manage, and secure a cloud native environment. John Morello CTO Twistlock Dirk
More informationAutomating Security Practices for the DevOps Revolution
Automating Security Practices for the DevOps Revolution Hari Srinivasan Director Product Management, Cloud and Virtualization Security Qualys Inc. 1 Qualys, Inc. 2018 Agenda Transformation of today s IT
More informationCLOUD WORKLOAD SECURITY
SOLUTION OVERVIEW CLOUD WORKLOAD SECURITY Bottom line: If you re in IT today, you re already in the cloud. As technology becomes an increasingly important element of business success, the adoption of highly
More informationRunning MarkLogic in Containers (Both Docker and Kubernetes)
Running MarkLogic in Containers (Both Docker and Kubernetes) Emma Liu Product Manager, MarkLogic Vitaly Korolev Staff QA Engineer, MarkLogic @vitaly_korolev 4 June 2018 MARKLOGIC CORPORATION Source: http://turnoff.us/image/en/tech-adoption.png
More informationSecuring Your Cloud Introduction Presentation
Securing Your Cloud Introduction Presentation Slides originally created by IBM Partial deck derived by Continental Resources, Inc. (ConRes) Security Division Revision March 17, 2017 1 IBM Security Today
More informationLogging, Monitoring, and Alerting
Logging, Monitoring, and Alerting Logs are a part of daily life in the DevOps world In security, we focus on particular logs to detect security anomalies and for forensic capabilities A basic logging pipeline
More informationQualys Cloud Platform
18 QUALYS SECURITY CONFERENCE 2018 Qualys Cloud Platform Looking Under the Hood: What Makes Our Cloud Platform so Scalable and Powerful Dilip Bachwani Vice President, Engineering, Qualys, Inc. Cloud Platform
More informationFlip the Switch to Container-based Clouds
Flip the Switch to Container-based Clouds B I L L B O R S A R I D I R E C T O R, S Y S T E M S E N G I N E E R I N G 1 November 2017 1 2017 Datera Datera at a Glance Founded 2013 Smart storage for clouds
More informationDevOps Course Content
DevOps Course Content 1. Introduction: Understanding Development Development SDLC using WaterFall & Agile Understanding Operations DevOps to the rescue What is DevOps DevOps SDLC Continuous Delivery model
More informationVirtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC
Virtualization Security & Audit John Tannahill, CA, CISM, CGEIT, CRISC jtannahi@rogers.com Session Overview Virtualization Concepts Virtualization Technologies Key Risk & Control Areas Audit Programs /
More informationUnify DevOps and SecOps: Security Without Friction
SANS Secure DevOps Summit Unify DevOps and SecOps: Security Without Friction Matt Alderman, CISSP Chief Strategy & Marketing Officer Layered Insight @maldermania Technology Trend #1: Infrastructure Migrates
More informationRed Hat Roadmap for Containers and DevOps
Red Hat Roadmap for Containers and DevOps Brian Gracely, Director of Strategy Diogenes Rettori, Principal Product Manager Red Hat September, 2016 Digital Transformation Requires an evolution in... 2 APPLICATIONS
More informationTEN LAYERS OF CONTAINER SECURITY
TEN LAYERS OF CONTAINER SECURITY Tim Hunt Kirsten Newcomer May 2017 ABOUT YOU Are you using containers? What s your role? Security professionals Developers / Architects Infrastructure / Ops Who considers
More informationDocker and Oracle Everything You Wanted To Know
Docker and Oracle Everything You Wanted To Know June, 2017 Umesh Tanna Principal Technology Sales Consultant Oracle Sales Consulting Centers(SCC) Bangalore Safe Harbor Statement The following is intended
More informationTHE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES
SESSION ID: STR-R14 THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES Doug Cahill Group Director and Senior Analyst Enterprise Strategy Group @dougcahill WHO IS THIS GUY? Topics The Composition
More informationContainer in Production : Openshift 구축사례로 이해하는 PaaS. Jongjin Lim Specialist Solution Architect, AppDev
Container in Production : Openshift 구축사례로 이해하는 PaaS Jongjin Lim Specialist Solution Architect, AppDev jonlim@redhat.com Agenda Why Containers? Solution : Red Hat Openshift Container Platform Enterprise
More informationFeature Comparison Summary
Feature Comparison Summary,, and The cloud-ready operating system is the cloud-ready operating system that delivers new layers of security and Azure-inspired innovation for the applications and infrastructure
More informationGood Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy
Good Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy SESSION ID: CSV-W01 Bryan D. Payne Director of Security Research Nebula @bdpsecurity Cloud Security Today Cloud has lots of momentum
More informationSecuring your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008
Securing your Virtualized Datacenter Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008 Agenda VMware Virtualization Technology How Virtualization Affects Datacenter Security Keys to
More informationRegaining Our Lost Visibility
18 QUALYS SECURITY CONFERENCE 2018 Regaining Our Lost Visibility Sumedh Thakar Chief Product Officer, Qualys, Inc. Agenda Why are we doing what we are doing? The State of IT Now Security Today The Future
More informationWindows Server Windows Server Windows Server 2008
2003 2008 2012 Hardware Innovation X86 Symmetric Multi-Processor (SMP) s Affordable servers for the masses Software Innovation Window 2003 SQL 2005 Exchange 2003 Hardware Innovation X64 s Multi-Core s
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationPrzyspiesz tworzenie aplikacji przy pomocy Openshift Container Platform. Jarosław Stakuń Senior Solution Architect/Red Hat CEE
Przyspiesz tworzenie aplikacji przy pomocy Openshift Container Platform Jarosław Stakuń Senior Solution Architect/Red Hat CEE jstakun@redhat.com Monetize innovation http://www.forbes.com/innovative-companies/list/
More informationOracle Application Container Cloud
Oracle Application Container Cloud Matthew Baldwin Principal Product Manager Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationSecurity Configuration Assessment (SCA)
Security Configuration Assessment (SCA) Getting Started Guide Security Configuration Assessment (SCA) is a lightweight cloud service which can quickly perform the configuration assessment of the IT assets,
More informationDevelopment. Architecture QA. Operations
Development Architecture QA Operations Lack of business agility Slow to onboard new customers Hard to practice true DevOps Outpaced by disruptors Rogue dev projects Lack of SecOps agility Slow threat assessments
More informationCisco CloudCenter Solution with Cisco ACI: Common Use Cases
Cisco CloudCenter Solution with Cisco ACI: Common Use Cases Cisco ACI increases network security, automates communication policies based on business-relevant application requirements, and decreases developer
More informationSelf-driving Datacenter: Analytics
Self-driving Datacenter: Analytics George Boulescu Consulting Systems Engineer 19/10/2016 Alvin Toffler is a former associate editor of Fortune magazine, known for his works discussing the digital revolution,
More informationRED HAT OPENSHIFT A FOUNDATION FOR SUCCESSFUL DIGITAL TRANSFORMATION
RED HAT OPENSHIFT A FOUNDATION FOR SUCCESSFUL DIGITAL TRANSFORMATION Stephanos D Bacon Product Portfolio Strategy, Application Platforms Stockholm, 13 September 2017 1 THE PATH TO DIGITAL LEADERSHIP IT
More informationPrivilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer
Privilege Security & Next-Generation Technology Morey J. Haber Chief Technology Officer mhaber@beyondtrust.com Agenda The Next-Gen Threat Landscape o Infomatics, Breaches & the Attack Chain o Securing
More informationTable of Contents 1.1. Introduction. Overview of vsphere Integrated Containers 1.2
Table of Contents Introduction Overview of vsphere Integrated Containers 1.1 1.2 2 Overview of vsphere Integrated Containers This document provides an overview of VMware vsphere Integrated Containers.
More informationTitle DC Automation: It s a MARVEL!
Title DC Automation: It s a MARVEL! Name Nikos D. Anagnostatos Position Network Consultant, Network Solutions Division Classification ISO 27001: Public Data Center Evolution 2 Space Hellas - All Rights
More informationRed Hat Atomic Details Dockah, Dockah, Dockah! Containerization as a shift of paradigm for the GNU/Linux OS
Red Hat Atomic Details Dockah, Dockah, Dockah! Containerization as a shift of paradigm for the GNU/Linux OS Daniel Riek Sr. Director Systems Design & Engineering In the beginning there was Stow... and
More informationCloud Native Security. OpenShift Commons Briefing
Cloud Native Security OpenShift Commons Briefing Amir Sharif Co-Founder amir@aporeto.com Cloud Native Applications Challenge Security Change Frequency x 10x 100x 1,000x Legacy (Pets) Servers VMs Cloud
More informationNetwork Virtualization Business Case
SESSION ID: GPS2-R01 Network Virtualization Business Case Arup Deb virtual networking & security VMware NSBU adeb@vmware.com I. Data center security today Don t hate the player, hate the game - Ice T,
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
SAI2803BU The Road to Micro- Segmentation with VMware NSX #VMworld #SAI2803BU Disclaimer This presentation may contain product features that are currently under development. This overview of new technology
More informationTechnical Brief Distributed Trusted Computing
Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,
More informationDevSecOps Shift Left Security. Prioritizing Incident Response using Security Posture Assessment and Attack Surface Analysis
DevSecOps Shift Left Security Prioritizing Incident Response using Security Posture Assessment and Attack Surface Analysis Themes Vulnerabilities are Low Hanging Fruit Why so many breaches that Anti-Virus
More informationCloud & container monitoring , Lars Michelsen Check_MK Conference #4
Cloud & container monitoring 04.05.2018, Lars Michelsen Some cloud definitions Applications Data Runtime Middleware O/S Virtualization Servers Storage Networking Software-as-a-Service (SaaS) Applications
More informationKubernetes Integration Guide
Kubernetes Integration Guide Cloud-Native Security www.aporeto.com Aporeto Kubernetes Integration Guide The purpose of this document is to describe the features of Aporeto that secure application services
More informationThe threat landscape is constantly
A PLATFORM-INDEPENDENT APPROACH TO SECURE MICRO-SEGMENTATION Use Case Analysis The threat landscape is constantly evolving. Data centers running business-critical workloads need proactive security solutions
More informationTEN LAYERS OF CONTAINER SECURITY. Kirsten Newcomer Security Strategist
TEN LAYERS OF CONTAINER SECURITY Kirsten Newcomer Security Strategist WHAT ARE CONTAINERS? Containers change how we develop, deploy and manage applications INFRASTRUCTURE Sandboxed application processes
More informationDEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION
More informationTable of Contents 1.1. Overview. Containers, Docker, Registries vsphere Integrated Containers Engine
Table of Contents Overview Containers, Docker, Registries vsphere Integrated Containers Engine Management Portal Registry Roles and Personas 1.1 1.1.1 1.1.2 1.1.2.1 1.1.2.2 1.1.2.3 1.1.2.4 2 Overview of
More informationHackproof Your Cloud Responding to 2016 Threats
Hackproof Your Cloud Responding to 2016 Threats Aaron Klein, CloudCheckr Tuesday, June 30 th 2016 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Changing Your Perspective Moving
More informationWHITEPAPER. Embracing Containers & Microservices for future-proof application modernization
WHITEPAPER Embracing Containers & Microservices for future-proof application modernization The need for application modernization: Legacy applications are typically based on a monolithic design, which
More informationIBM Bluemix compute capabilities IBM Corporation
IBM Bluemix compute capabilities After you complete this section, you should understand: IBM Bluemix infrastructure compute options Bare metal servers Virtual servers IBM Bluemix Container Service IBM
More informationMerging Enterprise Applications with Docker* Container Technology
Solution Brief NetApp Docker Volume Plugin* Intel Xeon Processors Intel Ethernet Converged Network Adapters Merging Enterprise Applications with Docker* Container Technology Enabling Scale-out Solutions
More informationKubernetes made easy with Docker EE. Patrick van der Bleek Sr. Solutions Engineer NEMEA
Kubernetes made easy with Docker EE Patrick van der Bleek Sr. Solutions Engineer NEMEA Docker Enterprise Edition is More than Containers + Orchestration... DOCKER ENTERPRISE EDITION Kubernetes integration
More informationAzure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region
Azure DevOps Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region What is DevOps? People. Process. Products. Build & Test Deploy DevOps is the union of people, process, and products to
More informationDevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY
DevOps Anti-Patterns Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! 31 Anti-Pattern: Throw it Over the Wall Development Operations 32 Anti-Pattern: DevOps Team Silo
More informationMicroservices a security nightmare? GOTO Nights Zürich - March 3, 2016 Maximilian Container Solutions Switzerland
Microservices a security nightmare? GOTO Nights Zürich - March 3, 2016 Maximilian Schöfmann @schoefmann Container Solutions Switzerland Microservices (2016) small, hence many services talking over
More informationCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,
More informationSecurity as Code: The Time is Now. Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS
Security as Code: The Time is Now Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS Introduction Business is moving faster to the cloud, and DevOps is accelerating scale and pushing automation
More informationSecurity in Cloud Environments
Security in Cloud Environments Security Product Manager Joern Mewes (joern.mewes@nokia.com) 16-11-2016 1 Cloud transformation happens in phases and will take 5+ years Steps into the cloud Now 2016+ 2020+
More informationDevOps A How To for Agility with Security
DevOps A How To for Agility with Security Murray Goldschmidt, COO Compliance, Protection & Business Confidence Sense of Security Pty Ltd Sydney Level 8, 66 King Street Sydney NSW 2000 Australia Melbourne
More informationWHITE PAPER. RedHat OpenShift Container Platform. Benefits: Abstract. 1.1 Introduction
WHITE PAPER RedHat OpenShift Container Platform Abstract Benefits: Applications are designed around smaller independent components called microservices. Elastic resources: Scale up or down quickly and
More informationPatching and Updating your VM SUSE Manager. Donald Vosburg, Sales Engineer, SUSE
Patching and Updating your VM SUSE Manager Donald Vosburg, Sales Engineer, SUSE dvosburg@suse.com Why should I care? I just clone my base VM image, and after that it is not my problem... Understand the
More informationViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project
ViryaOS RFC: Secure Containers for Embedded and IoT A proposal for a new Xen Project sub-project Stefano Stabellini @stabellinist The problem Package applications for the target Contain all dependencies
More informationGo Faster: Containers, Platforms and the Path to Better Software Development (Including Live Demo)
RED HAT DAYS VANCOUVER Go Faster: Containers, Platforms and the Path to Better Software Development (Including Live Demo) Paul Armstrong Principal Solutions Architect Gerald Nunn Senior Middleware Solutions
More informationAGILE RELIABILITY WITH RED HAT IN THE CLOUDS YOUR SOFTWARE LIFECYCLE SPEEDUP RECIPE. Lutz Lange - Senior Solution Architect Red Hat
AGILE RELIABILITY WITH RED HAT IN THE CLOUDS YOUR SOFTWARE LIFECYCLE SPEEDUP RECIPE Lutz Lange - Senior Solution Architect Red Hat Digital Transformation It requires an evolution in. Applications Infrastructure
More informationKuber-what?! Learn about Kubernetes
DEVNET-1999 Kuber-what?! Learn about Kubernetes Ashley Roach, Principal Engineer Evangelist Agenda Objectives A brief primer on containers The problems with running containers at scale Orchestration systems
More informationCSP 2017 Network Virtualisation and Security Scott McKinnon
CSP 2017 Network Virtualisation and Security Scott McKinnon smckinnon@vmware.com Security Lead, Northern EMEA Network & Security, VMware Disclaimer This presentation may contain product features that are
More informationUnderstanding Perimeter Security
Understanding Perimeter Security In Amazon Web Services Aaron C. Newman Founder, CloudCheckr Aaron.Newman@CloudCheckr.com Changing Your Perspective How do I securing my business applications in AWS? Moving
More informationSECURITY-AS-A-SERVICE BUILT FOR AWS
SOLUTION BRIEF: SECURITY-AS-A-SERVICE BUILT FOR AWS Alert Logic Security-as-a-Service solutions integrate cloud-based software, analytics and expert services to assess, detect and block workload threats
More informationBUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology
BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology ebook BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS
More informationQualys Cloud Platform
Qualys Cloud Platform Our Journey into the Cloud: The Qualys Cloud Platform & Architecture Thomas Wendt Regional Manager Post-Sales, DACH, Qualys Inc. Digital Transformation More than just adopting new
More informationOperating System Security
Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.
More informationDocker and HPE Accelerate Digital Transformation to Enable Hybrid IT. Steven Follis Solutions Engineer Docker Inc.
Docker and HPE Accelerate Digital Transformation to Enable Hybrid IT Steven Follis Solutions Engineer Docker Inc. Containers are the Fastest Growing Cloud Enabling Technology Title source: 451 Research
More informationHow to Keep UP Through Digital Transformation with Next-Generation App Development
How to Keep UP Through Digital Transformation with Next-Generation App Development Peter Sjoberg Jon Olby A Look Back, A Look Forward Dedicated, data structure dependent, inefficient, virtualized Infrastructure
More informationContainerization Dockers / Mesospere. Arno Keller HPE
Containerization Dockers / Mesospere Arno Keller HPE What is the Container technology Hypervisor vs. Containers (Huis vs artement) A container doesn't "boot" an OS instead it loads the application and
More informationMicroservices. Chaos Kontrolle mit Kubernetes. Robert Kubis - Developer Advocate,
Microservices Chaos Kontrolle mit Kubernetes Robert Kubis - Developer Advocate, Google @hostirosti About me Robert Kubis Developer Advocate Google Cloud Platform London, UK hostirosti github.com/hostirosti
More informationSecuring Your Virtual World Harri Kaikkonen Channel Manager
Securing Your Virtual World Harri Kaikkonen Channel Manager Copyright 2009 Trend Micro Inc. Virtualisation On The Rise 16,000,000 Virtualized x86 shipments 14,000,000 12,000,000 10,000,000 8,000,000 6,000,000
More informationService Mesh and Microservices Networking
Service Mesh and Microservices Networking WHITEPAPER Service mesh and microservice networking As organizations adopt cloud infrastructure, there is a concurrent change in application architectures towards
More informationEnabling Cloud Adoption. Addressing the challenges of multi-cloud
Enabling Cloud Adoption Addressing the challenges of multi-cloud Introduction Organizations of all sizes are adopting cloud for application workloads. These organizations are looking to avoid the costs
More informationAPI, DEVOPS & MICROSERVICES
API, DEVOPS & MICROSERVICES RAPID. OPEN. SECURE. INNOVATION TOUR 2018 April 26 Singapore 1 2018 Software AG. All rights reserved. For internal use only THE NEW ARCHITECTURAL PARADIGM Microservices Containers
More informationA10 HARMONY CONTROLLER
DATA SHEET A10 HARMONY CONTROLLER AGILE MANAGEMENT, AUTOMATION, ANALYTICS FOR MULTI-CLOUD ENVIRONMENTS PLATFORMS A10 Harmony Controller provides centralized agile management, automation and analytics for
More informationIndustry-leading Application PaaS Platform
Industry-leading Application PaaS Platform Solutions Transactional Apps Digital Marketing LoB App Modernization Services Web Apps Web App for Containers API Apps Mobile Apps IDE Enterprise Integration
More informationSIEMLESS THREAT DETECTION FOR AWS
SOLUTION OVERVIEW: ALERT LOGIC FOR AMAZON WEB SERVICES (AWS) SIEMLESS THREAT DETECTION FOR AWS Few things are as important to your business as maintaining the security of your sensitive data. Protecting
More informationMODERNIZING TRADITIONAL SECURITY:
GUIDE TO MODERNIZING TRADITIONAL SECURITY: The Advantages of Moving a Legacy Application to Containers The Leading Cloud Native Cybersecurity Platform Understanding Lift and Shift As containers become
More informationSecuring Microservices Containerized Security in AWS
Securing Microservices Containerized Security in AWS Mike Gillespie, Solutions Architect, Amazon Web Services Splitting Monoliths Ten Years Ago Splitting Monoliths Ten Years Ago XML & SOAP Splitting Monoliths
More informationCisco Cloud Strategy. Uwe Müller. Leader PreSales Cloud & Datacenter Germany
Cisco Cloud Strategy Uwe Müller Leader PreSales Cloud & Datacenter Germany 277X Data created by IoE devices v. end-user 30M New devices connected every week 180B Mobile apps downloaded in 2015 78% Workloads
More informationCSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES. Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance
CSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance ABOUT THE BUILDING SECURITY BEST PRACTICES FOR NEXT GENERATION IT CLOUD
More informationCLOUD-NATIVE APPLICATION DEVELOPMENT/ARCHITECTURE
JAN WILLIES Global Kubernetes Lead at Accenture Technology jan.willies@accenture.com CLOUD-NATIVE APPLICATION DEVELOPMENT/ARCHITECTURE SVEN MENTL Cloud-native at Accenture Technology ASG sven.mentl@accenture.com
More informationServer Hardening Title Author Contributors Date Reviewed By Document Version
Server Hardening The University of Waikato Title Server Hardening Author Milton Markose (Systems Administrator Security) Contributors Information Security Forum (ISF) Date 21-08-2014 Reviewed By Information
More informationTHE THREE WAYS OF SECURITY. Jeff Williams Co-founder and CTO Contrast Security
THE THREE WAYS OF SECURITY Jeff Williams Co-founder and CTO Contrast Security 1. TODAY S AVERAGE APPLICATION IS A SECURITY DISASTER 2. SOFTWARE IS LEAVING SECURITY IN THE DUST SOFTWARE Typical enterprise
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationAWS Integration Guide
AWS Integration Guide Cloud-Native Security www.aporeto.com AWS Integration Guide Aporeto integrates with AWS to help enterprises efficiently deploy, manage, and secure applications at scale and the compute
More informationDocker Universal Control Plane Deploy and Manage On-Premises, Your Dockerized Distributed Applications
Technical Brief Docker Universal Control Plane Deploy and Manage On-Premises, Your Dockerized Distributed Applications As application teams deploy their Dockerized applications into production environments,
More informationShortcut guide to Web application firewall deployment
E-Guide Shortcut guide to Web application firewall deployment Before purchasing a Web application firewall (WAF), there are several factors all organizations must consider. This expert tip offers advice
More informationRECap: RunEscape Capsule for On-demand Managed Service Delivery in the Cloud
RECap: RunEscape Capsule for On-demand Managed Service Delivery in the Cloud Shripad J Nadgowda, Sahil Suneja, Canturk Isci IBM T J Watson Research Center Evolution of application runtimes (General-purpose
More informationDefining Security for an AWS EKS deployment
Defining Security for an AWS EKS deployment Cloud-Native Security www.aporeto.com Defining Security for a Kubernetes Deployment Kubernetes is an open-source orchestrator for automating deployment, scaling,
More informationGrowth of Docker hub pulls
millions 6000 Growth of Docker hub pulls 5000 5000 4000 3000 2000 2000 1000 300 800 1200 0 May-15 Jun-15 Jul-15 Aug-15 Sep-15 2016 A Highly Complex Ecosystem Security challenges of container opera3ons
More informationHow-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018
How-to Guide: Tenable Nessus for Microsoft Azure Last Updated: April 03, 2018 Table of Contents How-to Guide: Tenable Nessus for Microsoft Azure 1 Introduction 3 Auditing the Microsoft Azure Cloud Environment
More informationCyber Hygiene: Uncool but necessary. Automate Endpoint Patching to Mitigate Security Risks
Cyber Hygiene: Uncool but necessary Automate Endpoint Patching to Mitigate Security Risks 1 Overview If you analyze any of the recent published attacks, two patterns emerge, 1. 80-90% of the attacks exploit
More informationWHITEPAPER. Security overview. podio.com
WHITEPAPER Security overview Podio security White Paper 2 Podio, a cloud service brought to you by Citrix, provides a secure collaborative work platform for team and project management. Podio features
More informationGUIDE. MetaDefender Kiosk Deployment Guide
GUIDE MetaDefender Kiosk Deployment Guide 1 SECTION 1.0 Recommended Deployment of MetaDefender Kiosk(s) OPSWAT s MetaDefender Kiosk product is deployed by organizations to scan portable media and detect
More informationZero to Microservices in 5 minutes using Docker Containers. Mathew Lodge Weaveworks
Zero to Microservices in 5 minutes using Docker Containers Mathew Lodge (@mathewlodge) Weaveworks (@weaveworks) https://www.weave.works/ 2 Going faster with software delivery is now a business issue Software
More information