FISMA COMPLIANCE FOR CONTAINERIZED APPS
|
|
- Leo Watkins
- 5 years ago
- Views:
Transcription
1 FISMA COMPLIANCE FOR CONTAINERIZED APPS Using Atomic Scan and OpenSCAP with containers Jason Callaway Red Hat Principal Solutions jasoncallaway.com
2 AGENDA Slides at FISMA compliance overview How to be FISMA compliant with Red Hat Enterprise Linux The container monkey wrench OpenSCAP Atomic Scan Ansible role How it all scales 2
3 IGNORE THE WHOLE CONTAINER THING FOR A MOMENT 3
4 E-Government Act of 2002 Federal Agencies CNSS ODNI DISA ICD 503 USGCB FISMA NIST OMB *STILL INCOMPLETE Circular A-130 NIST SP NIST SP FIPS CNSSI 1253 STIG OpenSCAP SSG DIACAP DoDRMF NVD SCAP NIST SP FIPS 140
5 FISMA COMPLIANCE OVERVIEW Making your life harder since RISK-BASED POLICY FOR COST-EFFECTIVE SECURITY USG, DoD, and IC users are legally obligated to comply More than just the technical implementation, calls for a comprehensive plan (SSP) developed using a Risk Management Framework NIST Special Publication defines the security control baselines Confidentiality Integrity Availability DISA STIG defines the nerd-knobs 5
6 NIST SP800-53R4 The source of your security controls 4 th revision ~1,500 controls Not all controls are technical Guys with guns controls Many broken down with enhancements More like ~1,700 CIA Triad (not the intelligence agency) overlays Agency-specific overlays Getting us closer to 7,000 data points to consider 6
7 SECURITY TECHNICAL IMPLEMENTATION GUIDE Your source of nerd knobs RHEL 7 STIG finally out of draft! Now shipped as an XCCDF XML document Can be visualized with STIGViewer Pet peeve: no TLS from DISA s download page I won t run this.jar outside a VM due to the site leaving me vulnerable to a MITM attack on the download DISA seems like a high-value target so I don t trust the.jar because it s unsigned Just because I m paranoid doesn t mean they re not out to get me 7
8 SYSTEM ADMINISTRATORS CRITICAL ROLE The FISMA buck stops with the SA Manual implementation of STIG settings is tedious and error prone Configuration drift impacts compliance 3 rd party auditing tools produce false-positives System Administrators need An automated way to apply the security configuration Continuous audition and compliance Canonical source of truth SOMEBODY S GOT TO TURN THOSE NERD KNOBS 8
9 THERE ARE TOOLS THAT CAN HELP 9
10 RHEL INSTALLER Security policy can be specified at install-time 10
11 DISA STIG VIEWER You can export an HTML or CSV STIG 11
12 SECURITY CONTENT AUTOMATION PROTOCOL Making security measurable Group of standards designed to automate management, assessment, and policy compliance Many components such as CVE, CCE, XCCDF, OVAL Open source implementation is OpenSCAP ( SCAP Workbench GUI RHEL STIG XCCDF profile shipped with SCAP Security Guide (SSG) 12
13 NATIVE SUPPORT IN SCAP WORKBENCH XCCDF isn t so bad now, is it? 13
14 RED HAT SECURITY API curl -X GET " python -m json.tool Still in beta Programmatic access to: CVRF CVE OVAL IAVA Hugely helpful for scripting [ { }, "cvelist": [ ], "CVE ", "CVE ", "CVE ", "CVE ", "CVE ", "CVE ", "CVE ", "CVE "number": "2017-A-0047", "resource_url": " "severity": "CAT II", "title": "Multiple Vulnerabilities in IBM Security AppScan Enterprise 14
15 ANSIBLE Python and YAML automation and CM framework Automate compliance with Ansible Ansible Core is FOSS and can be installed from EPEL Red Hat Gov GitHub has an role that you can use to apply STIG settings /ansible-role Configuration drift? No problem. Rerun the playbook for continuous compliance 15
16 LET S STIG A RHEL INSTANCE WITH ANSIBLE Demo available at 16
17 BACK TO CONTAINERS 17
18 CONTAINERS VS VMS Virtualization Virtual hardware boundaries Hypervisor One OS instance per VM IaaS paradigm 18
19 CONTAINERS VS VMS Containerization Horizontal segmentation Container API Single OS instance Multi-tenancy Bare metal, virtual, cloud 19
20 COMPLIANCE IN CONTAINERS So how do we do that when: There s no ssh (or shouldn t be) There s no GUI Many file systems are missing And it ha to be DevOps-y 20
21 PROJECT ATOMIC Next generation container-optimized OS Runs only essential container services systemd etcd Open Container runtime Everything else is a container Whole-filesystem updates with rpm-ostree GUI management with Cockpit Same secure supply chain as RHEL 21
22 ATOMIC SCAN 22
23 USING ATOMIC SCAN Demo available at 23
24 HOW DOES THIS WORK AT SCALE? 24
25 CONTROL Scheduled and centralized jobs KNOWLEDGE Visibility and compliance DELEGATION Role-based access and self-service SIMPLE POWERFUL AGENTLESS Everyone speaks the same language Designed for multi-tier deployments Predictable, reliable, and secure AT ANSIBLE S CORE IS AN OPEN-SOURCE AUTOMATION ENGINE. 25
26 Ansible tower is an enterprise framework for controlling, securing and managing your Ansible automation with a UI and restful API. Role-based access control keeps environments secure, and teams efficient. Non-privileged users can safely deploy entire applications with push-button deployment access. All Ansible automations are centrally logged, ensuring complete auditability and compliance. 26
27 27
28 CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER ORCHESTRATION CLUSTER SERVICES NETWORKING STORAGE REGISTRY TELEMETRY SECURITY ATOMIC AUTOMATION ATOMIC COCKPIT CONTAINER RUNTIME & PACKAGING ATOMIC HOST RED HAT ENTERPRISE LINUX PHYSICAL INFRASTRUCTURE 28
29 CONTAINER CONTAINER CONTAINER CONTAINER OPENSHIFT SELF-SERVICE CONTAINER MIDDLEWARE + DATA SERVICES BUILD AUTOMATION SERVICE CATALOG DEPLOYMENT AUTOMATION OPENSHIFT APPLICATION LIFECYCLE MANAGEMENT CONTAINER ORCHESTRATION CLUSTER SERVICES NETWORKING STORAGE REGISTRY TELEMETRY SECURITY ATOMIC AUTOMATION ATOMIC COCKPIT CONTAINER RUNTIME & PACKAGING ATOMIC HOST RED HAT ENTERPRISE LINUX PHYSICAL INFRASTRUCTURE 29
30 30
31 OPEN SOURCE A&A BODY OF EVIDENCE 31
32 32
33 33
34 WHAT S IN THE COMPLIANCE GUIDE? 1. Reference Architecture (Security Concept of Operations (CONOPS)) 2. Security Controls Procedurally generated from the Security Control Traceability Matrix (SCTM) spreadsheet 3. Customer Responsibility Matrix (CRM) 4. Ansible Automation Note: Certification and Accreditation (C&A) terminology replaced by Assessment and Authorization (A&A) in new DoD Information Assurance Risk Management Framework (DIARMF) (cf. NIST SP800-37r1). 34
35 REFERENCE ARCHITECTURE 35
36 36
37 37
38 38
39 39
40 40
41 Role Description Number Responsible Organization A control that is satisfied by the hosting organization. This includes enterprise services such as LDAP, the Audit and Logging solution, etc. 423 IaaS OpenShift Landlord A control that is satisfied by the Organization s Infrastructure as a Service implementation. In the Security CONOPS reference architecture, this is AWS, or the Landlord s Landlord. Container Platform s implementation. This includes tools such as Ansible Tower and OpenSCAP OpenShift Tenant Controls that need to be implemented by the programs hosted on the OpenShift Container Platform. These controls are listed in the Customer Responsibility Matrix. Total unique controls All unique technical controls tracked by this guide
42 SECURITY CONTROLS 42
43 Workaround example: Banner JavaScript Actual OCP Web Console iframe 43
44 CUSTOMER RESPONSIBILITY MATRIX 44
45 45
46 46
47 47
48 QUESTIONS? 48
49 THANK YOU plus.google.com/+redhat facebook.com/redhatinc linkedin.com/company/red-hat twitter.com/redhatnews youtube.com/user/redhatvideos
S Automating security compliance for physical, virtual, cloud, and container environments
S103174 - Automating security compliance for physical, virtual, cloud, and container environments Using Red Hat CloudForms, Red Hat Satellite, Red Hat Insights and Ansible Tower by Red Hat Lucy Huh Kerner
More informationTEN LAYERS OF CONTAINER SECURITY
TEN LAYERS OF CONTAINER SECURITY Tim Hunt Kirsten Newcomer May 2017 ABOUT YOU Are you using containers? What s your role? Security professionals Developers / Architects Infrastructure / Ops Who considers
More informationCREATING A CLOUD STRONGHOLD: Strategies and Methods to Manage and Secure Your Cloud
CREATING A CLOUD STRONGHOLD: Strategies and Methods to Manage and Secure Your Cloud Ted Brunell Principal Solution Architect, DoD Programs tbrunell@redhat.com @DoDCloudGuy AGENDA Overview of Current Security
More informationPractical OpenSCAP Security Standard Compliance and Reporting. Robin Price II Senior Solutions Architect Martin Preisler Senior Software Engineer
Practical OpenSCAP Security Standard Compliance and Reporting Robin Price II Senior Solutions Architect Martin Preisler Senior Software Engineer INTRODUCTION AGENDA Review some slides Follow along demostration
More informationAutomating Security and Compliance for Hybrid Environments
Automating Security and Compliance for Hybrid Environments Lucy Kerner Security Global Technical Evangelist and Strategist, Red Hat lkerner@redhat.com @LucyCloudBling COMMON SECURITY CHALLENGES Inconsistent
More informationRed Hat Roadmap for Containers and DevOps
Red Hat Roadmap for Containers and DevOps Brian Gracely, Director of Strategy Diogenes Rettori, Principal Product Manager Red Hat September, 2016 Digital Transformation Requires an evolution in... 2 APPLICATIONS
More informationIdentity Management and Compliance in OpenShift
Identity Management and Compliance in OpenShift Or Use DevOps to Make Your Auditors and Suits Happy Marc Boorshtein CTO, Tremolo Security Ellen Newlands Senior Security Product Manager, Cloud Business
More informationJune 8th, 2017 Washington D.C. Security Compliance for modern infrastructures with OpenSCAP
June 8th, 2017 Washington D.C. Security Compliance for modern infrastructures with OpenSCAP Martin Preisler Software Engineer at Red Hat, Inc. mpreisle@redhat.com SECURITY COMPLIANCE configuration hardening
More informationContainer Deployment and Security Best Practices
Container Deployment and Security Best Practices How organizations are leveraging OpenShift, Quay, and Twistlock to deploy, manage, and secure a cloud native environment. John Morello CTO Twistlock Dirk
More informationL105190: Proactive Security Compliance Automation with CloudForms, Satellite, OpenSCAP, Insights, and Ansible Tower
L105190: Proactive Security Compliance Automation with CloudForms, Satellite, OpenSCAP, Insights, and Ansible Tower Lead Presenter: Lucy Kerner, Principal Technical Marketing Manager - Security, Red Hat
More informationAnsible for Incident Response
Ansible for Incident Response Brad Sollar Sr. Solutions Architect Jun 2018 Intro With the high rate of turnover inherent in military organizations, institutional knowledge can be easily lost such as network
More informationAGILE RELIABILITY WITH RED HAT IN THE CLOUDS YOUR SOFTWARE LIFECYCLE SPEEDUP RECIPE. Lutz Lange - Senior Solution Architect Red Hat
AGILE RELIABILITY WITH RED HAT IN THE CLOUDS YOUR SOFTWARE LIFECYCLE SPEEDUP RECIPE Lutz Lange - Senior Solution Architect Red Hat Digital Transformation It requires an evolution in. Applications Infrastructure
More informationThe Road to Digital Transformation: Increase Agility Building and Managing Cloud Infrastructure. Albert Law Solution Architect Manager
The Road to Digital Transformation: Increase Agility Building and Managing Cloud Infrastructure Albert Law Solution Architect Manager Agenda The Challenges and the trend Bridging the gap Next step 2 FROM
More informationRED HAT OPENSHIFT A FOUNDATION FOR SUCCESSFUL DIGITAL TRANSFORMATION
RED HAT OPENSHIFT A FOUNDATION FOR SUCCESSFUL DIGITAL TRANSFORMATION Stephanos D Bacon Product Portfolio Strategy, Application Platforms Stockholm, 13 September 2017 1 THE PATH TO DIGITAL LEADERSHIP IT
More informationA Greybeard's Worst Nightmare
A Greybeard's Worst Nightmare How Kubernetes and Containers are re-defining the Linux OS Daniel Riek, Red Hat April 2017 Greybeard Greybeards fight Balrogs. They hate systemd. They fork distributions.
More informationOperated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA
Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA Jovial about Joval LANL s latest SCAP Adventure Angelo Ortiz May 22, 2018 Operated by Los Alamos National Security,
More informationWHEN CONTAINERS AND VIRTUALIZATION DO - AND DON T - WORK TOGETHER
WHEN CONTAINERS AND VIRTUALIZATION DO - AND DON T - WORK TOGETHER Jeremy Eder, Sr Principal Performance Engineer LinuxCon/ContainerCon NA 2016 Agenda 2 Technology Trends Container and VM technical Overview
More informationGo Faster: Containers, Platforms and the Path to Better Software Development (Including Live Demo)
RED HAT DAYS VANCOUVER Go Faster: Containers, Platforms and the Path to Better Software Development (Including Live Demo) Paul Armstrong Principal Solutions Architect Gerald Nunn Senior Middleware Solutions
More informationApplied SCAP: Automating Security Compliance and Remediation. Shawn Wells Maintainer, SCAP Security Guide 31-JULY-2014
Applied SCAP: Automating Security Compliance and Remediation Shawn Wells Maintainer, SCAP Security Guide 31-JULY-2014 45 MINUTES, 3 GOALS (+15 MIN Q&A) 1. Detail Security Automation Technology + Initiatives
More informationRED HAT CLOUDFORMS. Chris Saunders Cloud Solutions
RED HAT CLOUDFORMS Chris Saunders Cloud Solutions Architect chrisb@redhat.com @canadianchris BUSINESS HAS CHANGED IN RESPONSE, IT OPERATIONS NEEDS TO CHANGE LINE OF BUSINESS Challenged to deliver services
More informationWe have very limited time Won t cover extensive theory Won t cover writing SCAP policies - out of scope
GOALS 2 Hands on demos of real world use-cases Check software flaws - vulnerabilities Check configuration flaws - weaknesses Customizing existing security policies Put machines into compliance - remediate
More informationContainer Security. Marc Skinner Principal Solutions Architect
Container Security Marc Skinner mskinner@redhat.com Principal Solutions Architect A bit about me... 2 Marc Skinner 10 years at Red Hat Live in Minneapolis, MN Married, 2 kids, 1 cat 1st time in Calgary
More informationHOW TO MAKE THE CASE TO MANAGEMENT: PAYING FOR OPEN SOURCE
HOW TO MAKE THE CASE TO MANAGEMENT: PAYING FOR OPEN SOURCE The Value of a Red Hat Subscription Jennifer LuPiba Principal Product Marketing Manager, Red Hat Enterprise Linux May 9, 2018 WHY ARE WE PAYING
More informationOPENSTACK Building Block for Cloud. Ng Hwee Ming Principal Technologist (Telco) APAC Office of Technology
OPENSTACK Building Block for Cloud Ng Hwee Ming Principal Technologist (Telco) APAC Office of Technology ABOUT RED HAT FROM COMMUNITY TO PRODUCT STABILIZ E INTEGRAT E PARTICIPATE INTEGRAT E STABILIZ E
More informationBackup strategies for Stateful Containers in OpenShift Using Gluster based Container-Native Storage
Backup strategies for Stateful Containers in OpenShift Using Gluster based Container-Native Storage Niels de Vos Senior Software Engineer Red Hat Storage Critical features for both Dev and Ops Self-Service
More informationTEN LAYERS OF CONTAINER SECURITY. Kirsten Newcomer Security Strategist
TEN LAYERS OF CONTAINER SECURITY Kirsten Newcomer Security Strategist WHAT ARE CONTAINERS? Containers change how we develop, deploy and manage applications INFRASTRUCTURE Sandboxed application processes
More informationRed Hat Containers Roadmap. Red Hat A panel of product directors
Red Hat Containers Roadmap Red Hat A panel of product directors Joe Fernandes Sr. Director Product Mgmt, Red Hat Rich Sharples Sr. Director of Product Mgmt, Red Hat Sayan Saha Sr. Manager of Product Mgmt,
More informationCoreOS and Red Hat. Reza Shafii Joe Fernandes Brandon Philips Clayton Coleman May 2018
CoreOS and Red Hat Reza Shafii Joe Fernandes Brandon Philips Clayton Coleman May 2018 Combining Industry Leading Container Solutions RED HAT QUAY REGISTRY ETCD PROMETHEUS RED HAT COREOS METERING & CHARGEBACK
More informationRed Hat Container Catalog Consuming Container Images from Red Hat and its Ecosystem. Dirk Herrmann Product Owner Container Catalog May 2nd 2017
Red Hat Container Catalog Consuming Container Images from Red Hat and its Ecosystem Dirk Herrmann Product Owner Container Catalog May 2nd 2017 The Value & New Challenges It s quick and easy to pull a Linux
More informationAutomating, Securing, and Managing Cox Automotive's (AutoTrader) Big Data Infrastructure
Automating, Securing, and Managing Cox Automotive's (AutoTrader) Big Data Infrastructure with Ansible, Insights, and Satellite Abdi Hersi, Senior Linux Engineer Cox Automotive Will Nix, Principal Technical
More informationIntroduction to AWS GoldBase
Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS October 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More informationSCAP Security Guide Questions / Answers. Contributor WorkShop Volume #2
SCAP Security Guide Questions / Answers Contributor WorkShop Volume #2 Ján Lieskovský January 2016 Agenda Introductory Notes Source Code / Repository Notes (Moved to Appendix for self-study) SCAP Security
More informationTenable SCAP Standards Declarations. June 4, 2015 (Revision 11)
Tenable SCAP Standards Declarations June 4, 2015 (Revision 11) Table of Contents Center for Internet Security (CIS)... 3 Common Criteria (NIAP)... 3 Common Vulnerability Enumeration (CVE)... 3 Common Configuration
More informationSCAP Security Guide Questions / Answers. Ján Lieskovský Contributor WorkShop November 2015
SCAP Security Guide Questions / Answers Ján Lieskovský Contributor WorkShop November 2015 Agenda Introductory Notes SSG Repository Structure Contributing To SSG Developer Workflow Introductory Notes SCAP
More informationWHITE PAPER. RedHat OpenShift Container Platform. Benefits: Abstract. 1.1 Introduction
WHITE PAPER RedHat OpenShift Container Platform Abstract Benefits: Applications are designed around smaller independent components called microservices. Elastic resources: Scale up or down quickly and
More informationPublic Cloud - Azure workshop
Public Cloud - Azure workshop Orchestrating and configuring workloads in Azure By Marco Berube February 2017 @mberube9 Agenda - Why Cloudforms and Ansible are great technologies to build a Service Catalog,
More informationLearn. Connect. Explore.
Learn. Connect. Explore. No More Storage Nightmares An Open Solution for Container Persistent Storage Learn. Connect. Explore. CONTAINERS vs VIRTUALIZATION Containers Abstracts OS Kernel Mostly Linux One
More informationSecurity oriented OpenShift within regulated environments
Security oriented within regulated environments Dawid Szymański - IT Architect, BZWBK Tomasz Cholewa - Lead Cloud Architect (RHCA), Mindbox Jarosław Stakun - Lead Solutions Architect, Red Hat 9th May 2018
More informationOpenShift Hyper-Converged Infrastructure Bare Metal Deployment with Containerized Gluster
OpenShift Hyper-Converged Infrastructure Bare Metal Deployment with Containerized Gluster Greg Hoelzer Sr. Container Application & Middleware Solution Architect January 2017 Minneapolis Red Hat Users Group
More informationPatching and Updating your VM SUSE Manager. Donald Vosburg, Sales Engineer, SUSE
Patching and Updating your VM SUSE Manager Donald Vosburg, Sales Engineer, SUSE dvosburg@suse.com Why should I care? I just clone my base VM image, and after that it is not my problem... Understand the
More informationMIS Week 9 Host Hardening
MIS 5214 Week 9 Host Hardening Agenda NIST Risk Management Framework A quick review Implementing controls Host hardening Security configuration checklist (w/disa STIG Viewer) NIST 800-53Ar4 How Controls
More informationRed Hat OpenShift Roadmap Q4 CY16 and H1 CY17 Releases. Lutz Lange Solution
Red Hat OpenShift Roadmap Q4 CY16 and H1 CY17 Releases Lutz Lange Solution Architect @AtomicContainer OpenShift Roadmap OpenShift Container Platform 3.2 Kubernetes 1.2 & Docker 1.9
More informationBuild an open hybrid cloud and paint it red and blue
Build an open hybrid cloud and paint it red and blue Khaled Elbedri Technical sales lead, Microsoft Ismail Dhaoui EMEA Senior Specialist Solutions Architect, Red Hat Tuesday, May 8, 2018 Agenda RH & MS
More informationPUBLIC AND HYBRID CLOUD: BREAKING DOWN BARRIERS
PUBLIC AND HYBRID CLOUD: BREAKING DOWN BARRIERS Jane R. Circle Manager, Red Hat Global Cloud Provider Program and Cloud Access Program June 28, 2016 WHAT WE'LL DISCUSS TODAY Hybrid clouds and multi-cloud
More informationMurray Goldschmidt. Chief Operating Officer Sense of Security Pty Ltd. Micro Services, Containers and Serverless PaaS Web Apps? How safe are you?
Murray Goldschmidt Chief Operating Officer Sense of Security Pty Ltd Micro Services, Containers and Serverless PaaS Web Apps? How safe are you? A G E N D A 1 2 3 Serverless, Microservices and Container
More informationINTRODUCING CONTAINER-NATIVE VIRTUALIZATION
INTRODUCING CONTAINER-NATIVE VIRTUALIZATION Cats and Dogs Living Together Stephen Gordon Principal Product Manager Red Hat Fabian Deutsch Manager, Software Engineering Red Hat sgordon@redhat.com / @xsgordon
More informationIntroduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS
Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS September 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More informationPractical OpenSCAP, Security Standard Compliance and Reporting Part 1: CLI (command-line)
Presenters: Robin Price II and Martin Preisler Abstract: OpenSCAP is a family of open source SCAP tools and content that help users create standard security checklists for enterprise systems. Natively
More informationRed Hat Atomic Details Dockah, Dockah, Dockah! Containerization as a shift of paradigm for the GNU/Linux OS
Red Hat Atomic Details Dockah, Dockah, Dockah! Containerization as a shift of paradigm for the GNU/Linux OS Daniel Riek Sr. Director Systems Design & Engineering In the beginning there was Stow... and
More informationSecurityCenter 5.0 SCAP Assessments. May 28, 2015 (Revision 2)
SecurityCenter 5.0 SCAP Assessments May 28, 2015 (Revision 2) Table of Contents Overview... 3 Standards and Conventions... 3 Abbreviations... 3 Simple Assessment Procedure... 4 XCCDF Certified vs. Lower-Tier
More informationContainer in Production : Openshift 구축사례로 이해하는 PaaS. Jongjin Lim Specialist Solution Architect, AppDev
Container in Production : Openshift 구축사례로 이해하는 PaaS Jongjin Lim Specialist Solution Architect, AppDev jonlim@redhat.com Agenda Why Containers? Solution : Red Hat Openshift Container Platform Enterprise
More informationACCELERATE APPLICATION DELIVERY WITH OPENSHIFT. Siamak Sadeghianfar Sr Technical Marketing Manager, April 2016
ACCELERATE APPLICATION DELIVERY WITH Siamak Sadeghianfar Sr Technical Marketing Manager, OpenShift @siamaks April 2016 IT Must Evolve to Stay Ahead of Demands WA CPU R RAM isc tar SI Jar vm dk MSI nic
More informationRED HAT INSIGHTS. Security & Proactive Response with Insights
RED HAT INSIGHTS Security & Proactive Response with Insights William Nix Principal Technical Marketing Manager Management Business Unit, Red Hat Insights WHY WE BUILT A NEW PRODUCT SECURITY IS RISK MANAGEMENT
More informationTRAINING AND CERTIFICATION UPDATE
TRAINING AND CERTIFICATION UPDATE Red Hat Enterprise User Group Twin Cities Steve Bonneville Manager, Curriculum Development / Red Hat November 11, 2015 RED HAT LEARNING SUBSCRIPTION One year access to
More informationNessus v6 SCAP Assessments. November 18, 2014 (Revision 1)
Nessus v6 SCAP Assessments November 18, 2014 (Revision 1) Table of Contents Overview... 3 Standards and Conventions... 3 Abbreviations... 3 Simple Assessment Procedure... 3 XCCDF Certified vs. Lower-Tier
More informationWhy Choose MS Azure?
Why Choose MS Azure? Bio Dave Williams Cloud Architect AWS and Azure Expertise Agenda How to choose a public cloud service provider Microsoft Azure Strengths: Identity & Azure Active Directory Infrastructure
More informationTaming your heterogeneous cloud with Red Hat OpenShift Container Platform.
Taming your heterogeneous cloud with Red Hat OpenShift Container Platform martin@redhat.com Business Problem: Building a Hybrid Cloud solution PartyCo Some Bare Metal machines Mostly Virtualised CosPlayUK
More informationMOBILIZING AND SECURING RED HAT JBOSS BPM SUITE & BRMS
MOBILIZING AND SECURING RED HAT JBOSS BPM SUITE & BRMS Maggie Hu - Sr. Middleware Specialist Solution Architect, Red Hat Ken Spokas - Technical Director, Vizuri Yossi Koren - Sr. Solution Architect, Middleware
More informationTEN LAYERS OF CONTAINER SECURITY
TEN LAYERS OF CONTAINER SECURITY A Deeper Dive 2 WHAT ARE CONTAINERS? It depends on who you ask... INFRASTRUCTURE APPLICATIONS Sandboxed application processes on a shared Linux OS kernel Simpler, lighter,
More informationS Implementing DevOps and Hybrid Cloud
S- Implementing DevOps and Hybrid Cloud Srihari Angaluri Lenovo Data Center Group Red Hat Summit // Outline DevOps and Containers Architectural Considerations Lenovo Cloud Technology Center Implementing
More informationCloud Essentials for Architects using OpenStack
Cloud Essentials for Architects using OpenStack Course Overview Start Date 5th March 2015 Duration 2 Days Location Dublin Course Code SS15-13 Programme Overview Cloud Computing is gaining increasing attention
More informationRed Hat Cloud security: Frameworks & enforcement. Kurt Seifried Security Response team April 16, 2014 v1.0
Red Hat Cloud security: Frameworks & enforcement Kurt Seifried Security Response team April 16, 2014 v1.0 Agenda A quick history of the future Cloud IT and Security it's all about operations Cloud security
More informationSecure Foundations: Why RHEL isn t just another Linux distribution
Secure Foundations: Why RHEL isn t just another Linux distribution Lucy Kerner Principal Technical Product Marketing Manager - Security, Red Hat May 3, 2017 ONLY TWO OPERATING SYSTEMS MATTER WORLDWIDE
More informationWhat s New in Red Hat OpenShift Container Platform 3.4. Torben Jäger Red Hat Solution Architect
What s New in Red Hat OpenShift Container Platform 3.4 Torben Jäger Red Hat Solution Architect OpenShift Roadmap OpenShift Container Platform 3.2 Kubernetes 1.2 & Docker 1.9 Red Hat
More informationContainer Management : First Looks
Container Management : First Looks John Hardy Senior Principal Product Manager jhardy@redhat.com 25th June 2015 Itamar Heim Senior Director, Software Engineering itamar@redhat.com Disclaimer This information
More informationA Security State of Mind: Container Security. Chris Van Tuin Chief Technologist, West
A Security State of Mind: Container Security Chris Van Tuin Chief Technologist, West cvantuin@redhat.com AGENDA Why Linux Containers? CONTAINER What are Linux Containers? APP LIBS Container Security HOST
More informationCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,
More informationSecurity & Compliance in the AWS Cloud. Amazon Web Services
Security & Compliance in the AWS Cloud Amazon Web Services Our Culture Simple Security Controls Job Zero AWS Pace of Innovation AWS has been continually expanding its services to support virtually any
More informationAmir Zipory Senior Solutions Architect, Redhat Israel, Greece & Cyprus
Amir Zipory Senior Solutions Architect, Redhat Israel, Greece & Cyprus amirz@redhat.com TODAY'S IT CHALLENGES IT is under tremendous pressure from the organization to enable growth Need to accelerate,
More informationExpert Days SUSE Manager
Expert Days 2018 SUSE Manager SUSE Manager Best-in-class open source infrastructure management solution designed to help your enterprise DevOps and IT Operations teams to: Optimize operations while reducing
More informationDiscover SUSE Manager
White Paper SUSE Manager Discover SUSE Manager Table of Contents page Reduce Complexity and Administer All Your IT Assets in a Simple, Consistent Way...2 How SUSE Manager Works...5 User Interface...5 Conclusion...9
More informationThe IBM MobileFirst Platform
The IBM MobileFirst Platform Curtis Miles IBM MobileFirst Solution Architect April 14, 2015 What is the IBM MobileFirst Platform? A modular set " of libraries, tools, and runtimes " that help you " easily
More informationAutomated Out-of-Band management with Ansible and Redfish
Automated Out-of-Band management with Ansible and Redfish Jose Delarosa Senior Linux Engineer at Dell EMC Jake Jackson Product Field Engineer at Ansible by Red Hat May 2 nd, 2017 Who are we Jose De la
More informationSecurity & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web
Security & Compliance in the AWS Cloud Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web Services @awscloud www.cloudsec.com #CLOUDSEC Security & Compliance in the AWS Cloud TECHNICAL & BUSINESS
More informationBUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology
BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology ebook BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS
More informationRED HAT CONTAINER CATALOG
RED HAT CONTAINER CATALOG How we built it - what s in there - what s next Dirk Herrmann (Former Product Owner RHCC) Product Manager OpenShift Bonn, April 24th 2018 RHCC is NOT OpenShift Service Catalog
More informationManaging Your Privileged Identities: The Choke Point of Advanced Attacks
Managing Your Privileged Identities: The Choke Point of Advanced Attacks Shirief Nosseir EMEA Alliances Director Identity & API Management Tuesday, 16 May 2017 Agenda Why Privileged Access Management Why
More informationCLOUD WORKLOAD SECURITY
SOLUTION OVERVIEW CLOUD WORKLOAD SECURITY Bottom line: If you re in IT today, you re already in the cloud. As technology becomes an increasingly important element of business success, the adoption of highly
More informationRED HAT GLUSTER TECHSESSION CONTAINER NATIVE STORAGE OPENSHIFT + RHGS. MARCEL HERGAARDEN SR. SOLUTION ARCHITECT, RED HAT BENELUX April 2017
RED HAT GLUSTER TECHSESSION CONTAINER NATIVE STORAGE OPENSHIFT + RHGS MARCEL HERGAARDEN SR. SOLUTION ARCHITECT, RED HAT BENELUX April 2017 AGENDA Why OpenShift? The Journey So Far for OpenShift Storage
More informationOpen Source IoT. Eclipse IoT. Tim De Borger - Senior Solution Architect 13/06/2017
Open Source IoT Eclipse IoT Tim De Borger - tdeborge@redhat.com Senior Solution Architect 13/06/2017 Disclaimer The content set forth herein is Red Hat confidential information and does not constitute
More informationWHITE PAPER CONTINUOUS MONITORING INTRODUCTION & CONSIDERATIONS PART 2 OF 3
WHITE PAPER CONTINUOUS MONITORING INTRODUCTION & CONSIDERATIONS PART 2 OF 3 ABSTRACT This white paper is Part 2 in a three-part series of white papers on the sometimes daunting subject of continuous monitoring
More informationMicroservices with Red Hat. JBoss Fuse
Microservices with Red Hat Ruud Zwakenberg - ruud@redhat.com Senior Solutions Architect June 2017 JBoss Fuse and 3scale API Management Disclaimer The content set forth herein is Red Hat confidential information
More informationRed Hat Insights Mitigate Risk & Proactively Manage Your Infrastructure
Red Hat Insights Mitigate Risk & Proactively Manage Your Infrastructure William Nix Technical Product Marketing Manager Red Hat Management Business Unit Will Nix @ Red Hat Public Sector Information Systems
More informationSoftLayer Security and Compliance:
SoftLayer Security and Compliance: How security and compliance are implemented and managed Introduction Cloud computing generally gets a bad rap when security is discussed. However, most major cloud providers
More informationKubernetes Performance-Sensitive Application Platform
Kubernetes Performance-Sensitive Application Platform Defining patterns and technology to run critical, high performance line-of-business applications on Kubernetes Jeremy Eder, Derek Carr and Seth Jennings
More informationInformation Systems Security Requirements for Federal GIS Initiatives
Requirements for Federal GIS Initiatives Alan R. Butler, CDP Senior Project Manager Penobscot Bay Media, LLC 32 Washington Street, Suite 230 Camden, ME 04841 1 Federal GIS "We are at risk," advises the
More informationIEEE Sec Dev Conference
IEEE Sec Dev Conference #23, Improving Attention to Security in Software Design with Analytics and Cognitive Techniques Jim Whitmore (former) IBM Distinguished Engineer Carlisle, PA jjwhitmore@ieee.org
More informationFedRAMP: Understanding Agency and Cloud Provider Responsibilities
May 2013 Walter E. Washington Convention Center Washington, DC FedRAMP: Understanding Agency and Cloud Provider Responsibilities Matthew Goodrich, JD FedRAMP Program Manager US General Services Administration
More informationSECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry
SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below
More informationDocker and Oracle Everything You Wanted To Know
Docker and Oracle Everything You Wanted To Know June, 2017 Umesh Tanna Principal Technology Sales Consultant Oracle Sales Consulting Centers(SCC) Bangalore Safe Harbor Statement The following is intended
More informationRed Hat Enterprise Linux 6 Security Feature Overview. Steve Grubb Principal Engineer, Red Hat June 23, 2010
Red Hat Enterprise Linux 6 Security Feature Overview Steve Grubb Principal Engineer, Red Hat June 23, 2010 Overview Minimal Platform Install Libcap-ng OpenSCAP FIPS-140 Stronger Hashes Common Criteria
More informationGood Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy
Good Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy SESSION ID: CSV-W01 Bryan D. Payne Director of Security Research Nebula @bdpsecurity Cloud Security Today Cloud has lots of momentum
More informationOn Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor
On Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor Ugo Piazzalunga SafeNet Italy Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com
More informationMODERNIZING TRADITIONAL SECURITY:
GUIDE TO MODERNIZING TRADITIONAL SECURITY: The Advantages of Moving a Legacy Application to Containers The Leading Cloud Native Cybersecurity Platform Understanding Lift and Shift As containers become
More informationRed Hat CloudForms 4.6
Red Hat CloudForms 4.6 Scanning Container Images in CloudForms with OpenSCAP Configuring OpenSCAP in CloudForms for Scanning Container Images Last Updated: 2018-05-24 Red Hat CloudForms 4.6 Scanning Container
More informationAutomated Cyber Hardening of Mission Management Systems
Automated Cyber Hardening of Mission Management Systems Raytheon IIS Austin Garrett & Mike Worden January 9, 2018 Copyright 2017 Raytheon Company. All rights reserved. Published by The Aerospace Corporation
More informationData Center and Cloud Automation
Data Center and Cloud Automation Tanja Hess Systems Engineer September, 2014 AGENDA Challenges and Opportunities Manual vs. Automated IT Operations What problem are we trying to solve and how do we solve
More informationDefense Security Service Industrial Security Field Operations National Industrial Security Program (NISP) Authorization Office (NAO)
Defense Security Service Industrial Security Field Operations National Industrial Security Program (NISP) Authorization Office (NAO) Getting Started with the SCAP Compliance Checker and STIG Viewer Job
More informationSecuring Your Cloud Introduction Presentation
Securing Your Cloud Introduction Presentation Slides originally created by IBM Partial deck derived by Continental Resources, Inc. (ConRes) Security Division Revision March 17, 2017 1 IBM Security Today
More informationTHE STATE OF CONTAINERS
THE STATE OF CONTAINERS Engines & Runtimes in RHEL & OpenShift Scott McCarty Principal Technology Product Manager - Containers 10/15/2018 What if... I told you there is container innovation happening in
More information