Automating Security and Compliance for Hybrid Environments
|
|
- Alfred Edwards
- 5 years ago
- Views:
Transcription
1 Automating Security and Compliance for Hybrid Environments Lucy Kerner Security Global Technical Evangelist and Strategist, Red
2 COMMON SECURITY CHALLENGES Inconsistent Patching Change Whodunits Ops Secrets Management Application Sprawl Inconsistent Configurations Dev Security Server Sprawl Security is frequently the last to know! 2
3 SECURITY, COMPLIANCE, AND GOVERNANCE CHALLENGES IN A HYBRID ENVIRONMENT VIRTUALIZATION OS PUBLIC CLOUD CLOUD PRIVATE CLOUD CONTAINERS GROWING COMPLEXITY INTRODUCES RISK MANUALLY MONITORING SYSTEMS FOR SECURITY + COMPLIANCE BECOMES DIFFICULT VISIBILITY AND CONTROL (YOU CAN T CONTROL WHAT YOU CAN T SEE) MANAGING SECURITY POLICIES CONSISTENTLY USER SELF-SERVICE BUT WITH TIGHT CONTROL OVER ENTIRE ENVIRONMENT
4 WHY AUTOMATE SECURITY AND COMPLIANCE?
5 5 81% of hacking-related breaches leveraged either stolen and/or weak passwords Verizon Data Breach Investigations Report [
6 6 99% of the vulnerabilities exploited by the end of 2020 will continue to be ones known by security and IT professionals at the time of the incident Focus on the Biggest Security Threats, Not the Most Publicized Gartner, November 2017
7 7 LET S MANUALLY ENSURE SECURITY + COMPLIANCE... Very time consuming, tedious, boring Highly prone to human error Bad actions go undetected(no papertrail) Not easy to do audits Constant back and forth between Operations + Security teams Not repeatable, sharable, or verifiable
8 INSTEAD, WHAT YOU WANT IS... 8 Centralized management and visibility of your entire heterogeneous infrastructure Windows, Linux, Virtualization, Public/Private Cloud, Containers, Ticketing System, etc You can t control what you can t see Infrastructure and Security as code Repeatable, sharable, verifiable, easier to do compliance audits Make it easier to pass security audits Controlled visibility into the state of compliance of systems for the security team / security auditor Less back and forth between operations and security teams Proactive scanning and compliance to security baselines Security hardened and compliant host at provisioning time Consistency: Eliminate snowflake systems from the start Immutable Operating System: OS can t be changed by untrusted parties Automated proactive continuous monitoring and fixing of all systems in hybrid environment that are out of compliance for entire lifecycle Build security into your application pipeline. Automate as much as possible!
9 WHY AUTOMATION? 9 Save time and money Reduce risk and avoid expensive human errors Protection from security breaches Allows you to build security into your application pipeline from the beginning vs having security as an afterthought Ensure and enforce ongoing compliance from a consistent centralized place using a common, easy to learn automation language Create a compliant host or service at provisioning time Repeatable, sharable, verifiable, and easier to do compliance audits Continuous security, monitoring, and fixing of all systems in hybrid environment that are out of compliance for entire lifecycle Automation plays an essential role in system configuration management and DevSecOps
10 HOW CAN RED HAT HELP?
11 SECURITY MUST BE CONTINUOUS And integrated throughout the IT lifecycle Identify security requirements & governance models DESIGN BUILD Built-in from the start; not bolted-on Revise, update, remediate as the landscape changes ADAPT Security policy, process & procedures RUN Deploy to trusted platforms with enhanced security capabilities MANAGE Automate systems for security & compliance
12 SECURITY THROUGHOUT THE LIFECYCLE DESIGN BUILD RUN MANAGE ADAPT RED HAT SECURITY AD(ISORIES TESTED, CERTIFIED, STABLE, AND SUPPORTED OPEN SOURCE SOFT)ARE
13 13 SECURITY THROUGHOUT THE STACK
14 BUILT-IN SECURITY AUTOMATION WITH OpenSCAP NIST validated and certified Security Content Automation Protocol (SCAP) scanner by Red Hat Scans systems and containers for: known vulnerabilities = unpatched software compliance with security policies (PCI-DSS, US Gov baselines, etc) Ansible remediation playbooks provided (new with RHEL 7.5) Included in Red Hat Enterprise Linux base channel Red Hat natively ships NIST validated National Checklist content SCAP Workbench GUI front end tool for OpenSCAP that serves as an SCAP scanner Provides tailoring functionality for SCAP content Local scanning of a single machine
15 15 Security Remediations with OpenSCAP and Ansible Ansible remediation playbooks provided (new with RHEL 7.5) Apply pre-generated Ansible playbook (provided by scap-security-guide) Generate a new playbook from a specific security profile (input) $ oscap xccdf generate fix --fix-type ansible --profile stig-rhel7-disa --output stig-rhel7-disa-profile.yml /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml Generate a playbook of fixes only (from completed scan report) $ oscap xccdf generate fix --fix-type ansible --result-id xccdf_org.open-scap_testresult_xccdf_org.ssgproject.content_profile_stig-rhel7-disa --output standard-playbook-result.yml results.xml
16 16 Scanning and Hardening/Remediating Containers with OpenSCAP Scan container for Unpatched software Scan container for Configuration compliance $ sudo atomic scan --scan_type configuration_compliance --scanner_args profile=stig-rhel7-disa,report rhel7:latest Remediate the container $ sudo atomic scan --scan_type configuration_compliance --scanner_args profile=stig-rhel7-disa,report --remediate rhel7:latest
17 MAKING AUDITORS HAPPY WITH OpenSCAP REPORTS
18 Automated Security and Compliance at scale across a hybrid environment with Red Hat
19 USING RED HAT TECHNOLOGY IN A HYBRID ENVIRONMENT, HOW CAN I: 1) Create a security compliant host at provisioning time 2) Do Continuous Monitoring and Security For both VMs and Containers a) Automate ongoing security compliance and remediations b) Enforce governance and control in an automated fashion c) Visibility and Control for operations teams i) Restricted visibility into environment for security teams d) Proactive Security and Automated Risk Management
20 Provisioning a security compliant host
21 21
22 22
23 23
24 24
25 25
26 26
27 27
28 Enforcing compliance with security policies in an automated fashion
29 29
30 30
31 31
32 32
33 33
34 34
35 35
36 36
37 37
38 38
39 39
40 40
41 41
42 42
43 43
44 44
45 45
46 46
47 47
48 48
49 Automated Security and Compliance with Red Hat Openshift
50 IMPROVING SECURITY WITH CONTAINERS AND OPENSHIFT In Security, consistency and repeatability is key. Adopting containers in a container platform will improve your security. US Courts US Citizen and Immigration Services Oak Ridge National Laboratory Internal Revenue Service US Government Panel, Openshift Commons Briefing December 2017 Journey of DevSecOps - US Department Homeland Security June 2017
51 IMPRO(ED SECURITY )ITH CONTAINERS Improved Patch Management Consistent & Secure Configurations Record of Changes Higher Dev Productivity More Security Built-In Faster, Easier Deployment for Ops Secrets Management Server Sprawl Application Sprawl 51
52 Security Benefits of Containerized Infrastructure Standard, hardened infrastructure Force applications to be in line with defined security policies Read-only containers = Application whitelisting Continually (re)deploying from known good source Standardized base container images No humans in production - SSH turned off Patching improvements Complete record of change Minimal OS Pipeline Integration moves security left Security gates: Nothing go to production unless all checks passed.
53 84% of open source projects do not fix known security defects. * 2017 State of the Software Supply Chain by Sonatype
54 54
55 RED HAT SUPPLY CHAIN SECURITY Community leadership Package selection Manual inspection Automated inspection Packaging guidelines Trusted builds Quality assurance Certifications Signing Distribution Support Security updates/patches Upstream Community projects Red Hat solutions Red Hat customers
56 Never {pass} defects to downstream work centers. * The Phoenix Project by George Spafford, Kevin Behr, and Gene Kim
57 AUTOMATE QUALITY
58 SOFTWARE SUPPLY CHAIN SECURITY POWERED BY RED HAT OPENSHIFT Trusted code repos CCB RAPID ATO REQ DEV UNIT TEST CODE QUAL SEC SCAN INT TEST QA UAT PROD -Jira -Trello -Che -JBDSguac -Cucumber -Arquillian -Junit -Sonarqube -Fortify -AtomicScan -Blackduck -Twistlock AUTOMATED QUALITY -Sysdig -Dynatrace CM CS OPENSHIFT SOFTWARE FACTORY
59 59
60 60
61 61
62 62
63 63
64 64
65 65
66 66
67 67
68 The last thing most managers think about is how to get a new product back if something goes wrong. * A Strategic Approach to Managing Product Recalls by N. Craig Smith, Robert J. Thomas, and John Quelch for HBR
69 SOFTWARE SUPPLY CHAIN SECURITY POWERED BY RED HAT OPENSHIFT Trusted code repos CCB RAPID ATO REQ DEV UNIT TEST CODE QUAL SEC SCAN INT TEST QA UAT PROD -Jira -Trello -Che -JBDSguac -Cucumber -Arquillian -Junit -Sonarqube -Fortify -AtomicScan -Blackduck -Twistlock AUTOMATED QUALITY -Sysdig -Dynatrace CM CS OPENSHIFT SOFTWARE FACTORY
70 If you have three days to patch out a CVE in prod, can you?
71 Patch SOFTWARE SUPPLY CHAIN SECURITY POWERED BY RED HAT OPENSHIFT Trusted code repos CCB RAPID ATO REQ DEV UNIT TEST CODE QUAL SEC SCAN INT TEST QA UAT PROD -Jira -Trello -Che -JBDSguac -Cucumber -Arquillian -Junit -Sonarqube -Fortify -AtomicScan -Blackduck -Twistlock AUTOMATED QUALITY -Sysdig -Dynatrace CM CS OPENSHIFT SOFTWARE FACTORY
72 Patch SOFTWARE SUPPLY CHAIN SECURITY POWERED BY RED HAT OPENSHIFT Trusted code repos CCB RAPID ATO REQ DEV UNIT TEST CODE QUAL SEC SCAN INT TEST QA UAT PROD -Jira -Trello -Che -JBDSguac -Cucumber -Arquillian -Junit -Sonarqube -Fortify -AtomicScan -Blackduck -Twistlock AUTOMATED QUALITY -Sysdig -Dynatrace CM CS OPENSHIFT SOFTWARE FACTORY
73 Patch SOFTWARE SUPPLY CHAIN SECURITY POWERED BY RED HAT OPENSHIFT Trusted code repos CCB RAPID ATO REQ DEV UNIT TEST CODE QUAL SEC SCAN INT TEST QA UAT PROD -Jira -Trello -Che -JBDSguac -Cucumber -Arquillian -Junit -Sonarqube -Fortify -AtomicScan -Blackduck -Twistlock AUTOMATED QUALITY -Sysdig -Dynatrace CM CS OPENSHIFT SOFTWARE FACTORY
74 This is DevSecOps
75 DEV(SEC)OPS Everything as code Application monitoring Automate everything Control Planes vs Data Planes Continuous Integration/Delivery Rebuild vs. Repair Application is always releasable Delivery pipeline GENERAL DISTRIBUTION
76 76 GENERAL DISTRIBUTION
77 77 GENERAL DISTRIBUTION
78 BRINGING IT ALL TOGETHER Self-Service Service Catalog (Language Runtimes, Middleware, Databases) Build Automation Deployment Automation OpenShift Application Lifecycle Management (CI/CD) Container Orchestration & Cluster Management (Kubernetes) Networking Storage Registry Logs & Metrics Infrastructure Automation & Cockpit Enterprise Container Host RHEL Container Runtime & Packaging SELinux and SCC Security CONTROL DEFEND EXTEND Ansible / CloudForms Red Hat Enterprise Linux
79 CONTROL Container Content Container Registry CI/CD Pipeline Deployment Policies DEFEND Container Platform Network Isolation Container Host Multi-tenancy Storage Audit & Logging API Management EXTEND Security Ecosystem 79
80 THE SECURITY ECOSYSTEM For enhanced security, or to meet existing policies, integrate with enterprise security tools, such as Network Security Identity and Access management / Privileged Access Management External Certificate Authorities External (aults / Key Management solutions Container content scanners & vulnerability management tools Container runtime analysis tools Security Information and Event Monitoring SIEM And use open source & open standards More about OpenShift Primed Partners 80
81 Automate ongoing security compliance and remediations
82 82
83 83
84 84
85 85
86 86
87 87
88 88
89 89
90 90
91 91
92 92
93 Proactive Security and Automated Risk Management with Red Hat Insights
94 94
95 95
96 96
97 97
98 98
99 99
100 100
101 101
102 102
103 103
104 104
105 USING RED HAT TECHNOLOGY YOU TOO CAN: 1) Create a security compliant host at provisioning time 2) Do Continuous Monitoring and Security For both VMs and Containers a) Automate ongoing security compliance and remediations b) Enforce governance and control in an automated fashion c) Visibility and Control for operations teams i) Restricted visibility into environment for security teams d) Proactive Security and Automated Risk Management All with FLEXIBILITY + CHOICE using a combination of OpenShift, OpenSCAP, Red Hat CloudForms, Red Hat Satellite, Red Hat Ansible Automation, and Red Hat Insights
106
107 Can I try these demos hands on? This lab environment is hosted online on the Red Hat Product Demo System (RHPDS) Accessible by Red Hat Partners and Red Hat Employees. Red Hat customers, please work with your Red Hat account team who can access and provision this lab environment for you. Security and Compliance Automation Lab doc: /documentation/readme.adoc Ansible playbooks used in lab/demo environment: iance Also, Ansible remediation playbooks for SCAP profiles available directly in RHEL 7.5 Red Hat Enterprise Linux Security Technologies Lab doc: cumentation/readme.adoc
108 RED HAT SUMMIT 2018 Many security sessions, including this session, were recorded and are now on YouTube! (isit: 108
109 THANK YOU plus.google.com/+redhat facebook.com/redhatinc linkedin.com/company/red-hat twitter.com/redhatnews youtube.com/user/redhat(ideos
S Automating security compliance for physical, virtual, cloud, and container environments
S103174 - Automating security compliance for physical, virtual, cloud, and container environments Using Red Hat CloudForms, Red Hat Satellite, Red Hat Insights and Ansible Tower by Red Hat Lucy Huh Kerner
More informationTEN LAYERS OF CONTAINER SECURITY. Kirsten Newcomer Security Strategist
TEN LAYERS OF CONTAINER SECURITY Kirsten Newcomer Security Strategist WHAT ARE CONTAINERS? Containers change how we develop, deploy and manage applications INFRASTRUCTURE Sandboxed application processes
More informationTEN LAYERS OF CONTAINER SECURITY
TEN LAYERS OF CONTAINER SECURITY Tim Hunt Kirsten Newcomer May 2017 ABOUT YOU Are you using containers? What s your role? Security professionals Developers / Architects Infrastructure / Ops Who considers
More informationContainer Deployment and Security Best Practices
Container Deployment and Security Best Practices How organizations are leveraging OpenShift, Quay, and Twistlock to deploy, manage, and secure a cloud native environment. John Morello CTO Twistlock Dirk
More informationFISMA COMPLIANCE FOR CONTAINERIZED APPS
FISMA COMPLIANCE FOR CONTAINERIZED APPS Using Atomic Scan and OpenSCAP with containers Jason Callaway Red Hat Principal Solutions Architect jcallawa@redhat.com @jasoncallaway jasoncallaway.com AGENDA Slides
More informationRED HAT OPENSHIFT A FOUNDATION FOR SUCCESSFUL DIGITAL TRANSFORMATION
RED HAT OPENSHIFT A FOUNDATION FOR SUCCESSFUL DIGITAL TRANSFORMATION Stephanos D Bacon Product Portfolio Strategy, Application Platforms Stockholm, 13 September 2017 1 THE PATH TO DIGITAL LEADERSHIP IT
More informationAutomating, Securing, and Managing Cox Automotive's (AutoTrader) Big Data Infrastructure
Automating, Securing, and Managing Cox Automotive's (AutoTrader) Big Data Infrastructure with Ansible, Insights, and Satellite Abdi Hersi, Senior Linux Engineer Cox Automotive Will Nix, Principal Technical
More informationRed Hat Roadmap for Containers and DevOps
Red Hat Roadmap for Containers and DevOps Brian Gracely, Director of Strategy Diogenes Rettori, Principal Product Manager Red Hat September, 2016 Digital Transformation Requires an evolution in... 2 APPLICATIONS
More informationJune 8th, 2017 Washington D.C. Security Compliance for modern infrastructures with OpenSCAP
June 8th, 2017 Washington D.C. Security Compliance for modern infrastructures with OpenSCAP Martin Preisler Software Engineer at Red Hat, Inc. mpreisle@redhat.com SECURITY COMPLIANCE configuration hardening
More informationWe have very limited time Won t cover extensive theory Won t cover writing SCAP policies - out of scope
GOALS 2 Hands on demos of real world use-cases Check software flaws - vulnerabilities Check configuration flaws - weaknesses Customizing existing security policies Put machines into compliance - remediate
More informationSecure Foundations: Why RHEL isn t just another Linux distribution
Secure Foundations: Why RHEL isn t just another Linux distribution Lucy Kerner Principal Technical Product Marketing Manager - Security, Red Hat May 3, 2017 ONLY TWO OPERATING SYSTEMS MATTER WORLDWIDE
More informationCREATING A CLOUD STRONGHOLD: Strategies and Methods to Manage and Secure Your Cloud
CREATING A CLOUD STRONGHOLD: Strategies and Methods to Manage and Secure Your Cloud Ted Brunell Principal Solution Architect, DoD Programs tbrunell@redhat.com @DoDCloudGuy AGENDA Overview of Current Security
More informationPractical OpenSCAP Security Standard Compliance and Reporting. Robin Price II Senior Solutions Architect Martin Preisler Senior Software Engineer
Practical OpenSCAP Security Standard Compliance and Reporting Robin Price II Senior Solutions Architect Martin Preisler Senior Software Engineer INTRODUCTION AGENDA Review some slides Follow along demostration
More informationHOW TO MAKE THE CASE TO MANAGEMENT: PAYING FOR OPEN SOURCE
HOW TO MAKE THE CASE TO MANAGEMENT: PAYING FOR OPEN SOURCE The Value of a Red Hat Subscription Jennifer LuPiba Principal Product Marketing Manager, Red Hat Enterprise Linux May 9, 2018 WHY ARE WE PAYING
More informationL105190: Proactive Security Compliance Automation with CloudForms, Satellite, OpenSCAP, Insights, and Ansible Tower
L105190: Proactive Security Compliance Automation with CloudForms, Satellite, OpenSCAP, Insights, and Ansible Tower Lead Presenter: Lucy Kerner, Principal Technical Marketing Manager - Security, Red Hat
More informationTaming your heterogeneous cloud with Red Hat OpenShift Container Platform.
Taming your heterogeneous cloud with Red Hat OpenShift Container Platform martin@redhat.com Business Problem: Building a Hybrid Cloud solution PartyCo Some Bare Metal machines Mostly Virtualised CosPlayUK
More informationGo Faster: Containers, Platforms and the Path to Better Software Development (Including Live Demo)
RED HAT DAYS VANCOUVER Go Faster: Containers, Platforms and the Path to Better Software Development (Including Live Demo) Paul Armstrong Principal Solutions Architect Gerald Nunn Senior Middleware Solutions
More informationOPENSTACK Building Block for Cloud. Ng Hwee Ming Principal Technologist (Telco) APAC Office of Technology
OPENSTACK Building Block for Cloud Ng Hwee Ming Principal Technologist (Telco) APAC Office of Technology ABOUT RED HAT FROM COMMUNITY TO PRODUCT STABILIZ E INTEGRAT E PARTICIPATE INTEGRAT E STABILIZ E
More informationAnsible for Incident Response
Ansible for Incident Response Brad Sollar Sr. Solutions Architect Jun 2018 Intro With the high rate of turnover inherent in military organizations, institutional knowledge can be easily lost such as network
More informationAutomating Security Practices for the DevOps Revolution
Automating Security Practices for the DevOps Revolution Hari Srinivasan Director Product Management, Cloud and Virtualization Security Qualys Inc. 1 Qualys, Inc. 2018 Agenda Transformation of today s IT
More informationAGILE RELIABILITY WITH RED HAT IN THE CLOUDS YOUR SOFTWARE LIFECYCLE SPEEDUP RECIPE. Lutz Lange - Senior Solution Architect Red Hat
AGILE RELIABILITY WITH RED HAT IN THE CLOUDS YOUR SOFTWARE LIFECYCLE SPEEDUP RECIPE Lutz Lange - Senior Solution Architect Red Hat Digital Transformation It requires an evolution in. Applications Infrastructure
More informationRED HAT CLOUDFORMS. Chris Saunders Cloud Solutions
RED HAT CLOUDFORMS Chris Saunders Cloud Solutions Architect chrisb@redhat.com @canadianchris BUSINESS HAS CHANGED IN RESPONSE, IT OPERATIONS NEEDS TO CHANGE LINE OF BUSINESS Challenged to deliver services
More informationBackup strategies for Stateful Containers in OpenShift Using Gluster based Container-Native Storage
Backup strategies for Stateful Containers in OpenShift Using Gluster based Container-Native Storage Niels de Vos Senior Software Engineer Red Hat Storage Critical features for both Dev and Ops Self-Service
More informationCLOUD WORKLOAD SECURITY
SOLUTION OVERVIEW CLOUD WORKLOAD SECURITY Bottom line: If you re in IT today, you re already in the cloud. As technology becomes an increasingly important element of business success, the adoption of highly
More informationA Greybeard's Worst Nightmare
A Greybeard's Worst Nightmare How Kubernetes and Containers are re-defining the Linux OS Daniel Riek, Red Hat April 2017 Greybeard Greybeards fight Balrogs. They hate systemd. They fork distributions.
More informationBUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology
BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology ebook BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS
More informationACCELERATE APPLICATION DELIVERY WITH OPENSHIFT. Siamak Sadeghianfar Sr Technical Marketing Manager, April 2016
ACCELERATE APPLICATION DELIVERY WITH Siamak Sadeghianfar Sr Technical Marketing Manager, OpenShift @siamaks April 2016 IT Must Evolve to Stay Ahead of Demands WA CPU R RAM isc tar SI Jar vm dk MSI nic
More informationCoreOS and Red Hat. Reza Shafii Joe Fernandes Brandon Philips Clayton Coleman May 2018
CoreOS and Red Hat Reza Shafii Joe Fernandes Brandon Philips Clayton Coleman May 2018 Combining Industry Leading Container Solutions RED HAT QUAY REGISTRY ETCD PROMETHEUS RED HAT COREOS METERING & CHARGEBACK
More informationRED HAT INSIGHTS. Security & Proactive Response with Insights
RED HAT INSIGHTS Security & Proactive Response with Insights William Nix Principal Technical Marketing Manager Management Business Unit, Red Hat Insights WHY WE BUILT A NEW PRODUCT SECURITY IS RISK MANAGEMENT
More informationTRAINING AND CERTIFICATION UPDATE
TRAINING AND CERTIFICATION UPDATE Red Hat Enterprise User Group Twin Cities Steve Bonneville Manager, Curriculum Development / Red Hat November 11, 2015 RED HAT LEARNING SUBSCRIPTION One year access to
More informationContainer in Production : Openshift 구축사례로 이해하는 PaaS. Jongjin Lim Specialist Solution Architect, AppDev
Container in Production : Openshift 구축사례로 이해하는 PaaS Jongjin Lim Specialist Solution Architect, AppDev jonlim@redhat.com Agenda Why Containers? Solution : Red Hat Openshift Container Platform Enterprise
More informationRed Hat Containers Roadmap. Red Hat A panel of product directors
Red Hat Containers Roadmap Red Hat A panel of product directors Joe Fernandes Sr. Director Product Mgmt, Red Hat Rich Sharples Sr. Director of Product Mgmt, Red Hat Sayan Saha Sr. Manager of Product Mgmt,
More informationRED HAT CONTAINER CATALOG
RED HAT CONTAINER CATALOG How we built it - what s in there - what s next Dirk Herrmann (Former Product Owner RHCC) Product Manager OpenShift Bonn, April 24th 2018 RHCC is NOT OpenShift Service Catalog
More informationAmir Zipory Senior Solutions Architect, Redhat Israel, Greece & Cyprus
Amir Zipory Senior Solutions Architect, Redhat Israel, Greece & Cyprus amirz@redhat.com TODAY'S IT CHALLENGES IT is under tremendous pressure from the organization to enable growth Need to accelerate,
More informationSecurity oriented OpenShift within regulated environments
Security oriented within regulated environments Dawid Szymański - IT Architect, BZWBK Tomasz Cholewa - Lead Cloud Architect (RHCA), Mindbox Jarosław Stakun - Lead Solutions Architect, Red Hat 9th May 2018
More informationCloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.
George Gerchow, Sumo Logic Chief Information Security Officer Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops. Agenda Sumo Security
More informationDocker Universal Control Plane Deploy and Manage On-Premises, Your Dockerized Distributed Applications
Technical Brief Docker Universal Control Plane Deploy and Manage On-Premises, Your Dockerized Distributed Applications As application teams deploy their Dockerized applications into production environments,
More informationEVERYTHING AS CODE A Journey into IT Automation and Standardization. Raphaël Pinson
EVERYTHING AS CODE A Journey into IT Automation and Standardization Raphaël Pinson Who am I? Raphaël Pinson aka Raphink Infrastructure Developer & Trainer Automation (Puppet, Augeas, Docker) Lausanne,
More informationTEN LAYERS OF CONTAINER SECURITY
TEN LAYERS OF CONTAINER SECURITY A Deeper Dive 2 WHAT ARE CONTAINERS? It depends on who you ask... INFRASTRUCTURE APPLICATIONS Sandboxed application processes on a shared Linux OS kernel Simpler, lighter,
More informationPUBLIC AND HYBRID CLOUD: BREAKING DOWN BARRIERS
PUBLIC AND HYBRID CLOUD: BREAKING DOWN BARRIERS Jane R. Circle Manager, Red Hat Global Cloud Provider Program and Cloud Access Program June 28, 2016 WHAT WE'LL DISCUSS TODAY Hybrid clouds and multi-cloud
More informationTHE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES
SESSION ID: STR-R14 THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES Doug Cahill Group Director and Senior Analyst Enterprise Strategy Group @dougcahill WHO IS THIS GUY? Topics The Composition
More informationContainers Infrastructure for Advanced Management. Federico Simoncelli Associate Manager, Red Hat October 2016
Containers Infrastructure for Advanced Management Federico Simoncelli Associate Manager, Red Hat October 2016 About Me Kubernetes Decoupling problems to hand out to different teams Layer of abstraction
More informationIdentity Management and Compliance in OpenShift
Identity Management and Compliance in OpenShift Or Use DevOps to Make Your Auditors and Suits Happy Marc Boorshtein CTO, Tremolo Security Ellen Newlands Senior Security Product Manager, Cloud Business
More informationRed Hat OpenShift Roadmap Q4 CY16 and H1 CY17 Releases. Lutz Lange Solution
Red Hat OpenShift Roadmap Q4 CY16 and H1 CY17 Releases Lutz Lange Solution Architect @AtomicContainer OpenShift Roadmap OpenShift Container Platform 3.2 Kubernetes 1.2 & Docker 1.9
More informationContainer Management : First Looks
Container Management : First Looks John Hardy Senior Principal Product Manager jhardy@redhat.com 25th June 2015 Itamar Heim Senior Director, Software Engineering itamar@redhat.com Disclaimer This information
More informationA DEVOPS STATE OF MIND WITH DOCKER AND KUBERNETES. Chris Van Tuin Chief Technologist, West
A DEVOPS STATE OF MIND WITH DOCKER AND KUBERNETES Chris Van Tuin Chief Technologist, West cvantuin@redhat.com Open Source V In short, software is eating the world. - Marc Andreessen, Wall Street Journal,
More informationTHE STATE OF CONTAINERS
THE STATE OF CONTAINERS Engines & Runtimes in RHEL & OpenShift Scott McCarty Principal Technology Product Manager - Containers 10/15/2018 What if... I told you there is container innovation happening in
More informationA Security State of Mind: Container Security. Chris Van Tuin Chief Technologist, West
A Security State of Mind: Container Security Chris Van Tuin Chief Technologist, West cvantuin@redhat.com AGENDA Why Linux Containers? CONTAINER What are Linux Containers? APP LIBS Container Security HOST
More informationBuild an open hybrid cloud and paint it red and blue
Build an open hybrid cloud and paint it red and blue Khaled Elbedri Technical sales lead, Microsoft Ismail Dhaoui EMEA Senior Specialist Solutions Architect, Red Hat Tuesday, May 8, 2018 Agenda RH & MS
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More informationWHEN CONTAINERS AND VIRTUALIZATION DO - AND DON T - WORK TOGETHER
WHEN CONTAINERS AND VIRTUALIZATION DO - AND DON T - WORK TOGETHER Jeremy Eder, Sr Principal Performance Engineer LinuxCon/ContainerCon NA 2016 Agenda 2 Technology Trends Container and VM technical Overview
More informationApplied SCAP: Automating Security Compliance and Remediation. Shawn Wells Maintainer, SCAP Security Guide 31-JULY-2014
Applied SCAP: Automating Security Compliance and Remediation Shawn Wells Maintainer, SCAP Security Guide 31-JULY-2014 45 MINUTES, 3 GOALS (+15 MIN Q&A) 1. Detail Security Automation Technology + Initiatives
More informationRed Hat Cloud Platforms with Dell EMC. Quentin Geldenhuys Emerging Technology Lead
Red Hat Cloud Platforms with Dell EMC Quentin Geldenhuys Emerging Technology Lead qgeldenhuys@redhat.com Red Hat Mission To be the catalyst in communities of customers, contributors, and partners creating
More informationMODERNIZING TRADITIONAL SECURITY:
GUIDE TO MODERNIZING TRADITIONAL SECURITY: The Advantages of Moving a Legacy Application to Containers The Leading Cloud Native Cybersecurity Platform Understanding Lift and Shift As containers become
More informationEnabling Red Hat Virtualization for the Hybrid Cloud
Enabling Red Hat Virtualization for the Hybrid Cloud RHV 4 integration with CloudForms and Ansible Scott Herold Director, Product Management - Virtualization Business Red Hat Forum Israel November 2016
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationWeaving Security into Every Application
Weaving Security into Every Application Paul Fox AVP Technology AT&T 2018 TM Forum 1 Cyber Security Accelerating Threat Telecom Breaches 300,000 Number of complaints filed with the FBI Internet Crime Complaint
More informationA DEVOPS STATE OF MIND. Chris Van Tuin Chief Technologist, West
A DEVOPS STATE OF MIND Chris Van Tuin Chief Technologist, West cvantuin@redhat.com THE NEED FOR SPEED THE ACCELERATION OF APPLICATION DELIVERY FOR THE BUSINESS In short, software is eating the world. -
More informationHOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE
#RSAC SESSION ID: SPO3-T07 HOW CLOUD, MOBILITY AND SHIFTING APP ARCHITECTURES WILL TRANSFORM SECURITY: GAINING THE HOME-COURT ADVANTAGE Tom Corn Senior Vice President/GM Security Products VMware @therealtomcorn
More informationConverged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products
Converged security Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products Increased risk and wasted resources Gartner estimates more than $1B in
More informationReinvent Your 2013 Security Management Strategy
Reinvent Your 2013 Security Management Strategy Laurent Boutet 18 septembre 2013 Phone:+33 6 25 34 12 01 Email:laurent.boutet@skyboxsecurity.com www.skyboxsecurity.com What are Your Key Objectives for
More informationOvercoming the Challenges of Automating Security in a DevOps Environment
SESSION ID: LAB-W02 Overcoming the Challenges of Automating Security in a DevOps Environment Murray Goldschmidt Chief Operating Officer Sense of Security @ITsecurityAU Michael McKinnon Director, Commercial
More informationPractical OpenSCAP, Security Standard Compliance and Reporting Part 1: CLI (command-line)
Presenters: Robin Price II and Martin Preisler Abstract: OpenSCAP is a family of open source SCAP tools and content that help users create standard security checklists for enterprise systems. Natively
More informationI keep hearing about DevOps What is it?
DevOps & OpenShift I keep hearing about DevOps What is it? FOR MANY ORGANIZATIONS, WHAT IS I.T. LIKE TODAY? WATERFALL AND SILOS Application Version X DEVELOPMENT OPERATIONS IT OPS IS UNDER PRESSURE ENVIRONMENT
More informationMicroservices with Red Hat. JBoss Fuse
Microservices with Red Hat Ruud Zwakenberg - ruud@redhat.com Senior Solutions Architect June 2017 JBoss Fuse and 3scale API Management Disclaimer The content set forth herein is Red Hat confidential information
More informationOpenshift: Key to modern DevOps
Azure days 28/02/2018 Openshift: Key to modern DevOps Jiří Kolář Solution Architect CZ/SK/CEE jkolar@redhat.com PROBLEM: DEVELOPERS I.T. OPERATIONS THE SOLUTION DEVELOPERS I.T. OPERATIONS GENERAL DISTRIBUTION
More informationRed Hat Container Catalog Consuming Container Images from Red Hat and its Ecosystem. Dirk Herrmann Product Owner Container Catalog May 2nd 2017
Red Hat Container Catalog Consuming Container Images from Red Hat and its Ecosystem Dirk Herrmann Product Owner Container Catalog May 2nd 2017 The Value & New Challenges It s quick and easy to pull a Linux
More informationAccelerate at DevOps Speed With Openshift v3. Alessandro Vozza & Samuel Terburg Red Hat
Accelerate at DevOps Speed With Openshift v3 Alessandro Vozza & Samuel Terburg Red Hat IT (R)Evolution Red Hat Brings It All Together What is Kubernetes Open source container cluster manager Inspired by
More informationDevOps, Security, and Compliance WORKING IN UNISON
DevOps, Security, and Compliance WORKING IN UNISON I like. About me Elizabeth Lawler Co-Founder & CEO Machine identity and access management at scale Mapping compliance requirements to next generation
More informationGrowth of Docker hub pulls
millions 6000 Growth of Docker hub pulls 5000 5000 4000 3000 2000 2000 1000 300 800 1200 0 May-15 Jun-15 Jul-15 Aug-15 Sep-15 2016 A Highly Complex Ecosystem Security challenges of container opera3ons
More informationGoing cloud-native with Kubernetes and Pivotal
Going cloud-native with Kubernetes and Pivotal A guide to Pivotal Container Service (PKS) by role Fast, low-risk enterprise-grade Kubernetes has arrived With Pivotal Container Service (PKS), organizations
More informationRED HAT'S CONTAINER STRATEGY. Lars Herrmann General Manager, RHEL, RHEV and Containers June 24, 2015
RED HAT'S CONTAINER STRATEGY Lars Herrmann General Manager, RHEL, RHEV and Containers June 24, 2015 1 DEVELOPMENT VS I.T. OPERATIONS DEVELOPER IT OPERATIONS 2 DEVELOPERS WANT TO GO FAST DEVELOPER 3 HOW
More informationKEYNOTE How open source and hybrid cloud brought Microsoft and Red Hat together
TABLE OF CONTENTS TABLE OF CONTENTS KEYNOTE How open source and hybrid cloud brought Microsoft and Red Hat together TRACK 1 - BUILDING AND SECURING YOUR INFRASTRUCTURE FOR TODAY AND TOMORROW SESSION 1:
More informationSecurity as Code: The Time is Now. Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS
Security as Code: The Time is Now Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS Introduction Business is moving faster to the cloud, and DevOps is accelerating scale and pushing automation
More informationACCENTURE & RED HAT ACCENTURE CLOUD INNOVATION CENTER
ACCENTURE & RED HAT ACCENTURE CLOUD INNOVATION CENTER HYBRID CLOUD MANAGEMENT & OPTIMIZATION DEVOPS FOR INFRASTRUCTURE SERVICES ACCENTURE CLOUD INNOVATION CENTER PUSHING CUSTOM CLOUD SOLUTIONS TO THE MAX.
More informationAccelerate your Software Delivery Lifecycle with IBM Development and Test Environment Services
Accelerate your Software Delivery Lifecycle with IBM Development and Test Environment Services DevOps Best Practices for High-Performing Enterprises Enterprise capability for continuous software delivery
More informationRed Hat Cloud security: Frameworks & enforcement. Kurt Seifried Security Response team April 16, 2014 v1.0
Red Hat Cloud security: Frameworks & enforcement Kurt Seifried Security Response team April 16, 2014 v1.0 Agenda A quick history of the future Cloud IT and Security it's all about operations Cloud security
More informationBuilding a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.
Building a Secure and Compliant Cloud Infrastructure Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc. Why Are We Here? Expanded Enterprise Data access anywhere, anytime
More informationWill your application be secure enough when Robots produce code for you?
SESSION ID: ASD-W02 Will your application be secure enough when Robots produce code for you? Hasan Yasar Technical Manager, Faculty Member SEI CMU @securelifecycle With the speed of DevOps It is me! I
More informationVulnerability Management
Vulnerability Management Modern Vulnerability Management The IT landscape today is changing and because of that, vulnerability management needs to change too. IT environments today are filled with both
More informationDocker and Oracle Everything You Wanted To Know
Docker and Oracle Everything You Wanted To Know June, 2017 Umesh Tanna Principal Technology Sales Consultant Oracle Sales Consulting Centers(SCC) Bangalore Safe Harbor Statement The following is intended
More informationCOMPLIANCE AUTOMATION BRIDGING THE GAP BETWEEN DEVELOPMENT AND INFORMATION SECURITY
COMPLIANCE AUTOMATION BRIDGING THE GAP BETWEEN DEVELOPMENT AND INFORMATION SECURITY Published January, 2018 : BRIDGING THE GAP BETWEEN DEVELOPMENT AND INFORMATION SECURITY Speed is nothing without control.
More informationWHITE PAPER. RedHat OpenShift Container Platform. Benefits: Abstract. 1.1 Introduction
WHITE PAPER RedHat OpenShift Container Platform Abstract Benefits: Applications are designed around smaller independent components called microservices. Elastic resources: Scale up or down quickly and
More informationAdopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security
Adopting Modern Practices for Improved Cloud Security Cox Automotive - Enterprise Risk & Security 1 About Cox Automotive Cox Automotive is a leading provider of products and services that span the automotive
More informationLogging, Monitoring, and Alerting
Logging, Monitoring, and Alerting Logs are a part of daily life in the DevOps world In security, we focus on particular logs to detect security anomalies and for forensic capabilities A basic logging pipeline
More informationTrust in the Cloud. Mike Foley RSA Virtualization Evangelist 2009/2010/ VMware Inc. All rights reserved
Trust in the Cloud Mike Foley RSA Virtualization Evangelist 2009/2010/2011 1 2010 VMware Inc. All rights reserved Agenda How do you solve for Trust = Visibility + Control? What s needed to build a Trusted
More informationRed Hat Atomic Details Dockah, Dockah, Dockah! Containerization as a shift of paradigm for the GNU/Linux OS
Red Hat Atomic Details Dockah, Dockah, Dockah! Containerization as a shift of paradigm for the GNU/Linux OS Daniel Riek Sr. Director Systems Design & Engineering In the beginning there was Stow... and
More informationSUSE s vision for agile software development and deployment in the Software Defined Datacenter
From Git to Cloud SUSE s vision for agile software development and deployment in the Software Defined Datacenter Joachim Werner Senior Product Manager joe@suse.com Peter Chadwick Director Product Management
More informationAWS Reference Design Document
AWS Reference Design Document Contents Overview... 1 Amazon Web Services (AWS), Public Cloud and the New Security Challenges... 1 Security at the Speed of DevOps... 2 Securing East-West and North-South
More informationINTRODUCING CONTAINER-NATIVE VIRTUALIZATION
INTRODUCING CONTAINER-NATIVE VIRTUALIZATION Cats and Dogs Living Together Stephen Gordon Principal Product Manager Red Hat Fabian Deutsch Manager, Software Engineering Red Hat sgordon@redhat.com / @xsgordon
More informationQualys Cloud Platform
18 QUALYS SECURITY CONFERENCE 2018 Qualys Cloud Platform Looking Under the Hood: What Makes Our Cloud Platform so Scalable and Powerful Dilip Bachwani Vice President, Engineering, Qualys, Inc. Cloud Platform
More informationThe Evolution of Data Center Security, Risk and Compliance
#SymVisionEmea #SymVisionEmea The Evolution of Data Center Security, Risk and Compliance Taha Karim / Patrice Payen The Adoption Curve Virtualization is being stalled due to concerns around Security and
More informationSecuring Your Cloud Introduction Presentation
Securing Your Cloud Introduction Presentation Slides originally created by IBM Partial deck derived by Continental Resources, Inc. (ConRes) Security Division Revision March 17, 2017 1 IBM Security Today
More informationAzure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region
Azure DevOps Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region What is DevOps? People. Process. Products. Build & Test Deploy DevOps is the union of people, process, and products to
More informationPROFESSIONAL SERVICES (Solution Brief)
(Solution Brief) The most effective way for organizations to reduce the cost of maintaining enterprise security and improve security postures is to automate and optimize information security. Vanguard
More informationSecuring DevOps, RMF and STIG
Securing DevOps, RMF and STIG Scott Snowden Sameer Kamani May 2017 San Diego Federal Fortify Users Group DevOps definition and principles DevOps (a clipped compound of development and operations) is a
More informationOptimizing Infrastructure Management with Predictive Analytics: The Red Hat Insights Approach
White Paper Optimizing Infrastructure Management with Predictive Analytics: The Red Hat Insights Approach Sponsored by: Red Hat Tim Grieser January 2018 IN THIS WHITE PAPER This IDC White Paper discusses
More informationS Implementing DevOps and Hybrid Cloud
S- Implementing DevOps and Hybrid Cloud Srihari Angaluri Lenovo Data Center Group Red Hat Summit // Outline DevOps and Containers Architectural Considerations Lenovo Cloud Technology Center Implementing
More informationBrochure. Security. Fortify on Demand Dynamic Application Security Testing
Brochure Security Fortify on Demand Dynamic Application Security Testing Brochure Fortify on Demand Application Security as a Service Dynamic Application Security Testing Fortify on Demand delivers application
More information