SECURING DOCKER: What You Need to Know
|
|
- Juniper Walton
- 5 years ago
- Views:
Transcription
1 SECURING DOCKER: What You Need to Know
2 EXECUTIVE SUMMARY This document provides an overview of the Docker technology and discusses some of the security risks attendant with Docker deployments. It provides steps for securing Docker deployments and looks at how Black Duck Hub can be deployed to help secure Docker applications in production settings. INTRODUCTION Industry s embrace of Docker, the virtual application container platform, is nothing short of astonishing. As recently as 2014, Docker containers were a novelty and almost unnoticed against mainstays like host and server and desktop virtualization. But, by the middle of 2015, a rapid shift from those legacy virtualization tools to Docker and other virtual containers was under way. As evidence: an August 2015 survey by the SaaS monitoring platform Datadog of 7,000 application hosting customers found a five-fold increase in the use of Docker in the preceding 12 months. Just as interesting: larger companies were the most likely to have tried and adopted Docker. The Datadog survey found Docker is being used to host a wide range of applications, including MongoDB, Elasticsearch and open source relational databases like MySQL and Postgres. A 2015 survey of 383 IT professionals by the open source software giant Red Hat found that 67 percent of respondents planned production roll-outs of Docker over the next two years targeted at cloud roles (50 percent) and for web and e-commerce software (56 percent). SECURING DOCKER DEPLOYMENTS WITH BLACK DUCK HUB But using Docker and other application containers does come with risks. Chief among those are exploitable software vulnerabilities in applications and application components deployed inside Docker containers. Without new tools to manage the security of Docker application contents and deployments, organizations risk exposing sensitive applications and data to attack. Black Duck Hub, Black Duck Software vulnerability scanning and mapping platform, is now capable of tracking and analyzing application source code within Docker containers, simplifying security and risk assessments in dynamic IT environments. AN OVERVIEW OF DOCKER What is Docker? Simply put: it is an open platform upon which application developers and system administrators can build, ship, and run distributed applications. Docker enables applications to be quickly assembled and deployed reliably. 2
3 Containers Docker containers comprise a file system, network stack and process space, and anything else needed to run an application, such as system tools and system libraries. Each Docker container includes the designated application and its dependencies, which will vary from application to application, but are identical across different copies of the same container. Docker Engine Beneath the application is the Docker Engine, a software layer that runs on top of the host operating system within every container. It is the component that ensures that applications will run in a stable operating environment regardless of the environment they are deployed within. Operating System Docker containers typically leverage some version of common operating systems including Linux distributions like Red Hat Enterprise Linux or Ubuntu, as well as later versions of Microsoft s Windows OS. Containers run as isolated processes in user space on the host operating system, sharing kernel resources with other containers. Host Environment Beneath the operating system is the host infrastructure. This may be the local environment of a developer laptop or desktops, virtual machines or bare metal hypervisors running in a production hosted environments like AWS and OpenStack. Docker Hub Finally, there is Docker Hub, a cloud-based registry service for sharing applications and automating Docker workflows. Docker Hub hosts public Docker images and provides services to help developers build and manage Docker environments. This software as a service (SaaS) application provides a range of features needed to find and manage images from both public and private Docker libraries, automate builds of new Docker images via integrations with GitHub or Bitbucket and to manage user access to image repositories. WHY DOCKER? Docker and application container technologies like it are the next step on the journey from physical, single-tenanted computing resources to more efficient, virtual, multi-tenanted infrastructure that can run in traditional IT environments and in the cloud. Among its other benefits, Docker is also ideally suited to so-called CI/CD or Continuous Integration/Continuous Delivery environments, which seek to accelerate development practices and streamline the path between development and production environments. 3
4 Docker allows software publishers to realize substantial efficiencies over traditional IT and even other virtualization technologies. A typical server can run a thousand or more Docker containers at native speeds. Application processes within Docker environments run directly on the host, but are kept isolated from other processes. CPU and memory, network, and disk I/O performance within a Docker container are virtually identical to what a developer would see running the application in a native environment. DOCKER DEPLOYMENTS: SOME THINGS TO CONSIDER For all their obvious benefits, containers do add complexity. They represent a new layer in the application stack that can serve as a source of exploitable vulnerabilities and risk for the application owner and hosting firm alike. The ease and speed with which Docker containers can be configured and launched can amplify mistakes, making it difficult to track and manage deployed applications within a dynamic, IT environment. To leverage the benefits that Docker and other application container technologies offer your organization must understand the possible risks that come with containers. Specifically: your Docker or application container deployment cannot proceed at the cost of security and visibility. Here are some things to consider: Container Certification and Provenance The provenance and integrity of Docker containers is a major concern for organizations that are migrating to the platform. Sixty percent of IT pros surveyed by Red Hat said that a lack of certification of containers was a challenge to adoption of the Docker platform. In essence, Docker relies on a circle of trust between publishers and container hosts, with trust determined at the point where an image is transferred from a registry server, like DockerHub or Red Hat s OpenShift, to a container host. Without supporting systems in place vetting the contents of container images, compromised or malicious container images that are offered via a repository like Docker Hub might be distributed to unsuspecting organizations. Registry servers like Docker Hub may offer administrators features that help to mitigate the risk of dodgy containers. For example, administrators may be able to leverage features within the registry to limit the types of container images they will allow into their network. In recent months, Docker has taken steps to provide additional layers of accountability. Docker Content Trust uses public key cryptography to allow publishers to sign Docker containers and vouch for the integrity of the code they contain. Aligned projects like Notary and The Update Framework (TUF) promise the same capabilities for non-trusted actors who wish to publish Docker images. 4
5 Vulnerabilities within Container Images Vouching for the provenance of containers is necessary but not sufficient to secure Docker deployments. Verifying the publisher of a container doesn t guarantee that the software application or supporting files within the downloaded container doesn t have flaws or exploitable vulnerabilities. Containers may well bundle outdated and insecure components, especially when the underlying operating system is not the most current version. Privately funded research suggests that security flaws in Docker images are not uncommon. A survey of images hosted on Docker Hub, a central repository for Docker developers to pull and push container images, found that more than 30 percent of official repositories contained images that were highly susceptible to attacks targeting known vulnerabilities such as Shellshock, HeartBleed, and Poodle. Forty percent of general images on Docker (images not explicitly verified by any authority) were found to contain known and exploitable security flaws. In other words: organizations that wish to leverage Docker must be able to both trust and verify. That is, they need to establish the bona fides of the publisher of the container they wish to use, and verify that the contents of that container won t introduce serious and exploitable security vulnerabilities into their environment that could put the enterprise at risk. Container Management Even when adequate precautions are put into verifying the provenance and security of containers at the time they are deployed, organizations must maintain vigilance of their deployed, containerized applications. Like any other applications, applications deployed within containers age. In the process, they may become vulnerable to newly discovered security vulnerabilities or other risks. Applications deployed within containers may contain data or configuration settings that are insecure or out of sync with your current applications or network environment. In one case, a prominent crowd-funding site pushed a Docker container for its web-based funding platform into production with a development debugger enabled. That gave attackers a ready avenue to run malicious code on the vulnerable system. The ease with which Docker application containers can be assembled from different technology layers and deployed means that vulnerabilities, misconfigurations or flaws in any one layer can easily be reproduced across multiple applications. USING CONTAINER SCANNING TO SECURE DOCKER DEPOLYMENTS With Docker being adopted by more organizations and reliance on the platform growing, more and better tools for securing container deployments have begun to emerge. 5
6 At one end of the chain of trust, initiatives like Docker Content Trust give publishers an easy way to vouch for the authenticity of containers they publish to web-based repositories like Docker- Hub. But organizations need to be able to assess the security of their containerized applications throughout their full lifecycle. Managing container security with Black Duck Hub. Black Duck Hub is a vital tool for managing the security of application containers throughout the full application lifecycle. Black Duck Hub allows organizations to identify and track vulnerable open source applications and components within their environment. Assessments draw on Black Duck s Knowledge- Base, which contains information on 1.1 million open source projects and detailed data on more than 100,000 known open source vulnerabilities across more than 350 billion lines of code. Through a partnership with Red Hat, Black Duck s ability to identify and inventory open source and proprietary code production environments is now being applied to containerized environments. Red Hat has launched Deep Container Inspection (DCI), an enterprise-focused offering that wraps container certification, policy and trust into an overall architecture for deploying and managing application containers. As part of DCI, Red Hat is partnering with Black Duck to give organizations a means of validating the contents of a container before, during, and after deployment. Integration of Black Duck Hub s vulnerability scanning and mapping capabilities enables Open- Shift customers to consume, develop, and run containerized applications with increased confidence and security, knowing that these applications contain code that has been independently validated and certified. The integration also provides a means to track the impact of newly disclosed vulnerabilities or changes related to container ageing that may bear on security and risk. WITH CONTAINERS: TRUST, VERIFY AND EMBRACE Container technologies like Docker promise to transform the way enterprises develop, deploy, and manage critical applications. But containers are no panacea. The same challenges around deploying and managing applications in native environments and virtual machines also impact container deployments. Yet the ease of use and flexibility of container platforms like Docker make it easier for administrators and IT pros to overlook long-standing practices that ensure the security of deployed applications. Surveys of information technology professionals suggest that enterprises and organizations of all sizes are embracing container platforms like Docker. But tools to ensure the security and integrity of those deployments are also needed. Applications deployed via container platforms like Docker must be certified prior to deployment to ensure that the code they contain originated with a known and trusted publisher. 6
7 But merely verifying the provenance of containerized application code is not enough. Security issues such as known and exploitable vulnerabilities in proprietary and open source application components pose a serious risk to enterprise data and IT assets. That s why organizations also need to assess the security of applications deployed in containers on an on-going basis. Black Duck Hub s application vulnerability scanning and mapping capability gives Docker customers the ability to identify vulnerabilities both before and after deployment and spot issues that arise as containerized applications age or become exposed to new security vulnerabilities and attacks. LEARN MORE: GET A FREE DEMO OF THE BLACK DUCK HUB With the Black Duck Hub, you can scan your applications and containers to identify the open source projects and versions they are using, even if your team has modified them. Leveraging the Black Duck KnowledgeBaseTM, the industry s most comprehensive registry of open source projects, the Hub gives you deep insights into open source projects including known vulnerabilities, license requirements, and project/community activity. Plus, it alerts you when any new vulnerabilities are identified for those projects and gives you tools to track and manage remediation activities. Find out what s in your code. Contact us for a free demo of the Black Duck Hub today. ABOUT BLACK DUCK SOFTWARE Organizations worldwide use Black Duck Software s industry-leading products to automate the processes of securing and managing open source software, eliminating the pain related to security vulnerabilities, license compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, Vancouver, London, Belfast, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit CONTACT To learn more, please contact: sales@blackducksoftware.com or Additional information is available at: 7
BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology
BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology ebook BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS
More informationOPEN SOURCE SECURITY ANALYSIS The State of Open Source Security in Commercial Applications
OPEN SOURCE SECURITY ANALYSIS The State of Open Source Security in Commercial Applications By Mike Pittenger, Vice President, Security Strategy Black Duck s On-Demand business conducts audits of customers
More informationAzure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region
Azure DevOps Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region What is DevOps? People. Process. Products. Build & Test Deploy DevOps is the union of people, process, and products to
More informationFROM VSTS TO AZURE DEVOPS
#DOH18 FROM VSTS TO AZURE DEVOPS People. Process. Products. Gaetano Paternò @tanopaterno info@gaetanopaterno.it 2 VSTS #DOH18 3 Azure DevOps Azure Boards (ex Work) Deliver value to your users faster using
More informationCisco Cloud Application Centric Infrastructure
Cisco Cloud Application Centric Infrastructure About Cisco cloud application centric infrastructure Cisco Cloud Application Centric Infrastructure (Cisco Cloud ACI) is a comprehensive solution for simplified
More informationSYMANTEC DATA CENTER SECURITY
SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information
More informationCloud Computing: Making the Right Choice for Your Organization
Cloud Computing: Making the Right Choice for Your Organization A decade ago, cloud computing was on the leading edge. Now, 95 percent of businesses use cloud technology, and Gartner says that by 2020,
More informationDATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure
DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure AlienVault USM Anywhere accelerates and centralizes threat detection, incident response,
More informationRed Hat Container Strategy Ahmed El-Rayess
Red Hat Container Strategy Ahmed El-Rayess I.T. Organiza,ons Under Pressure CONCRETE SHOES OF LEGACY AND RIGID PROCESSES CURRENT STATE Manual processes Inconsistent environments Dependency hell Legacy
More informationTraditional Security Solutions Have Reached Their Limit
Traditional Security Solutions Have Reached Their Limit CHALLENGE #1 They are reactive They force you to deal only with symptoms, rather than root causes. CHALLENGE #2 256 DAYS TO IDENTIFY A BREACH TRADITIONAL
More informationUnify DevOps and SecOps: Security Without Friction
SANS Secure DevOps Summit Unify DevOps and SecOps: Security Without Friction Matt Alderman, CISSP Chief Strategy & Marketing Officer Layered Insight @maldermania Technology Trend #1: Infrastructure Migrates
More informationeguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments
eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments Today s PCI compliance landscape is one of continuing change and scrutiny. Given the number
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationFive Essential Capabilities for Airtight Cloud Security
Five Essential Capabilities for Airtight Cloud Security SECURITY IN THE CLOUD REQUIRES NEW CAPABILITIES It is no secret; security and compliance are at the top of the list of concerns tied to cloud adoption.
More informationALIENVAULT USM FOR AWS SOLUTION GUIDE
ALIENVAULT USM FOR AWS SOLUTION GUIDE Summary AlienVault Unified Security Management (USM) for AWS is a unified security platform providing threat detection, incident response, and compliance management
More informationVulnerability Management
Vulnerability Management Modern Vulnerability Management The IT landscape today is changing and because of that, vulnerability management needs to change too. IT environments today are filled with both
More informationProviding a Rapid Response to Meltdown and Spectre for Hybrid IT. Industry: Computer Security and Operations Date: February 2018
Market Guide Providing a Rapid Response to Meltdown and Spectre for Hybrid IT Industry: Computer Security and Operations Date: February 2018 Meltdown and Spectre Exploits Vulnerabilities in Common Processors
More informationRSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief
RSA Solution Brief The RSA Solution for VMware View: Managing Securing the the Lifecycle Virtual of Desktop Encryption Environment Keys with RSA Key Manager RSA Solution Brief 1 According to the Open Security
More informationVMWARE PIVOTAL CONTAINER SERVICE
DATASHEET VMWARE PIVOTAL CONTAINER SERVICE AT A GLANCE VMware Pivotal Container Service (PKS) is a production-grade Kubernetes-based container solution equipped with advanced networking, a private container
More informationTripwire State of Cyber Hygiene Report
RESEARCH Tripwire State of Cyber Hygiene Report August 2018 FOUNDATIONAL CONTROLS FOR SECURITY, COMPLIANCE & IT OPERATIONS When a high-profile cyberattack grabs the headlines, your first instinct may be
More informationWHITE PAPER. RedHat OpenShift Container Platform. Benefits: Abstract. 1.1 Introduction
WHITE PAPER RedHat OpenShift Container Platform Abstract Benefits: Applications are designed around smaller independent components called microservices. Elastic resources: Scale up or down quickly and
More informationPaper. Delivering Strong Security in a Hyperconverged Data Center Environment
Paper Delivering Strong Security in a Hyperconverged Data Center Environment Introduction A new trend is emerging in data center technology that could dramatically change the way enterprises manage and
More informationAUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs
AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs WITH PALO ALTO NETWORKS AND REAN CLOUD 1 INTRODUCTION EXECUTIVE SUMMARY Organizations looking to provide developers with a free-range development environment
More informationTechnical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform
Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform Date: October, 2018 Author: Jack Poller, Sr. Analyst The Challenges Enterprise Strategy Group
More informationBUILDING the VIRtUAL enterprise
BUILDING the VIRTUAL ENTERPRISE A Red Hat WHITEPAPER www.redhat.com As an IT shop or business owner, your ability to meet the fluctuating needs of your business while balancing changing priorities, schedules,
More informationPortnox CORE. On-Premise. Technology Introduction AT A GLANCE. Solution Overview
Portnox CORE On-Premise Technology Introduction Portnox CORE provides a complete solution for Network Access Control (NAC) across wired, wireless, and virtual networks for enterprise managed, mobile and
More informationCONFIDENTLY INTEGRATE VMWARE CLOUD ON AWS WITH INTELLIGENT OPERATIONS
SOLUTION OVERVIEW CONFIDENTLY INTEGRATE VMWARE WITH INTELLIGENT OPERATIONS VMware Cloud TM on AWS brings VMware s enterprise class Software-Defined Data Center (SDDC) software to the AWS Cloud, with optimized
More informationENHANCE APPLICATION SCALABILITY AND AVAILABILITY WITH NGINX PLUS AND THE DIAMANTI BARE-METAL KUBERNETES PLATFORM
JOINT SOLUTION BRIEF ENHANCE APPLICATION SCALABILITY AND AVAILABILITY WITH NGINX PLUS AND THE DIAMANTI BARE-METAL KUBERNETES PLATFORM DIAMANTI PLATFORM AT A GLANCE Modern load balancers which deploy as
More informationAccelerating the Business Value of Virtualization
Accelerating the Business Value of Virtualization Maximizing virtualization is one of the important steps in the journey towards delivering dynamic, cloud-based services. By leveraging the partnership
More information4 Effective Tools for Docker Monitoring. By Ranvijay Jamwal
4 Effective Tools for Docker Monitoring By Ranvijay Jamwal CONTENT 1. The need for Container Technologies 2. Introduction to Docker 2.1. What is Docker? 2.2. Why is Docker popular? 2.3. How does a Docker
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationDesign and deliver cloud-based apps and data for flexible, on-demand IT
White Paper Design and deliver cloud-based apps and data for flexible, on-demand IT Design and deliver cloud-based apps and data for flexible, on-demand IT Discover the fastest and easiest way for IT to
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationFIVE REASONS YOU SHOULD RUN CONTAINERS ON BARE METAL, NOT VMS
WHITE PAPER FIVE REASONS YOU SHOULD RUN CONTAINERS ON BARE METAL, NOT VMS Over the past 15 years, server virtualization has become the preferred method of application deployment in the enterprise datacenter.
More informationMerging Enterprise Applications with Docker* Container Technology
Solution Brief NetApp Docker Volume Plugin* Intel Xeon Processors Intel Ethernet Converged Network Adapters Merging Enterprise Applications with Docker* Container Technology Enabling Scale-out Solutions
More informationCisco CloudCenter Use Case Summary
Cisco CloudCenter Use Case Summary Overview IT organizations often use multiple clouds to match the best application and infrastructure services with their business needs. It makes sense to have the freedom
More informationHow to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud
PRESENTED BY How to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud BIG-IP enables the enterprise to efficiently address security and performance when migrating to
More informationA DEVOPS STATE OF MIND WITH DOCKER AND KUBERNETES. Chris Van Tuin Chief Technologist, West
A DEVOPS STATE OF MIND WITH DOCKER AND KUBERNETES Chris Van Tuin Chief Technologist, West cvantuin@redhat.com Open Source V In short, software is eating the world. - Marc Andreessen, Wall Street Journal,
More informationA DEVOPS STATE OF MIND. Chris Van Tuin Chief Technologist, West
A DEVOPS STATE OF MIND Chris Van Tuin Chief Technologist, West cvantuin@redhat.com In short, software is eating the world. - Marc Andreessen, Wall Street Journal, August 2011 UBER, LYFT FALLOUT: TAXI
More informationA DEVOPS STATE OF MIND. Chris Van Tuin Chief Technologist, West
A DEVOPS STATE OF MIND Chris Van Tuin Chief Technologist, West cvantuin@redhat.com THE NEED FOR SPEED THE ACCELERATION OF APPLICATION DELIVERY FOR THE BUSINESS In short, software is eating the world. -
More informationThe importance of monitoring containers
The importance of monitoring containers The container achilles heel As the containerization market skyrockets, with DevOps and continuous delivery as its jet fuel, organizations are trading one set of
More informationRSA Solution Brief. The RSA Solution for Cloud Security and Compliance
The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance enables enduser organizations and service providers to orchestrate and visualize the security of their
More informationCisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY
Cisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY CASE STUDY ADOBE 2 About Adobe Adobe Systems provides digital media and marketing solutions to customers around the world including
More informationCloud Essentials for Architects using OpenStack
Cloud Essentials for Architects using OpenStack Course Overview Start Date 5th March 2015 Duration 2 Days Location Dublin Course Code SS15-13 Programme Overview Cloud Computing is gaining increasing attention
More informationWhy Enterprises Need to Optimize Their Data Centers
White Paper Why Enterprises Need to Optimize Their Data Centers Introduction IT executives have always faced challenges when it comes to delivering the IT services needed to support changing business goals
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationMcAfee epolicy Orchestrator
McAfee epolicy Orchestrator Centrally get, visualize, share, and act on security insights Security management requires cumbersome juggling between tools and data. This puts the adversary at an advantage
More informationWHITEPAPER. Embracing Containers & Microservices for future-proof application modernization
WHITEPAPER Embracing Containers & Microservices for future-proof application modernization The need for application modernization: Legacy applications are typically based on a monolithic design, which
More informationNext Generation Privilege Identity Management
White Paper Next Generation Privilege Identity Management Nowadays enterprise IT teams are focused on adopting and supporting newer devices, applications and platforms to address business needs and keep
More informationModelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer
Modelos de Negócio na Era das Clouds André Rodrigues, Cloud Systems Engineer Agenda Software and Cloud Changed the World Cisco s Cloud Vision&Strategy 5 Phase Cloud Plan Before Now From idea to production:
More informationTransforming Security from Defense in Depth to Comprehensive Security Assurance
Transforming Security from Defense in Depth to Comprehensive Security Assurance February 28, 2016 Revision #3 Table of Contents Introduction... 3 The problem: defense in depth is not working... 3 The new
More informationWhitepaper. Advanced Threat Hunting with Carbon Black Enterprise Response
Advanced Threat Hunting with Carbon Black Enterprise Response TABLE OF CONTENTS Overview Threat Hunting Defined Existing Challenges and Solutions Prioritize Endpoint Data Collection Over Detection Leverage
More informationThat Set the Foundation for the Private Cloud
for Choosing Virtualization Solutions That Set the Foundation for the Private Cloud solutions from work together to harmoniously manage physical and virtual environments, enabling the use of multiple hypervisors
More informationSecurity Challenges: Integrating Apple Computers into Windows Environments
Integrating Apple Computers into Windows Environments White Paper Parallels Mac Management for Microsoft SCCM 2018 Presented By: Table of Contents Environments... 3 Requirements for Managing Mac Natively
More informationThe threat landscape is constantly
A PLATFORM-INDEPENDENT APPROACH TO SECURE MICRO-SEGMENTATION Use Case Analysis The threat landscape is constantly evolving. Data centers running business-critical workloads need proactive security solutions
More informationClosing the Hybrid Cloud Security Gap with Cavirin
Enterprise Strategy Group Getting to the bigger truth. Solution Showcase Closing the Hybrid Cloud Security Gap with Cavirin Date: June 2018 Author: Doug Cahill, Senior Analyst Abstract: Most organizations
More informationGo Faster: Containers, Platforms and the Path to Better Software Development (Including Live Demo)
RED HAT DAYS VANCOUVER Go Faster: Containers, Platforms and the Path to Better Software Development (Including Live Demo) Paul Armstrong Principal Solutions Architect Gerald Nunn Senior Middleware Solutions
More informationTHE IMPACT OF SECURITY ON APPLICATION DEVELOPMENT. August prevoty.com. August 2015
THE IMPACT OF SECURITY ON APPLICATION DEVELOPMENT 2 EXECUTIVE SUMMARY The growth of enterprise-developed applications has made it easier for businesses to use technology to work more efficiently and productively.
More informationContainer Deployment and Security Best Practices
Container Deployment and Security Best Practices How organizations are leveraging OpenShift, Quay, and Twistlock to deploy, manage, and secure a cloud native environment. John Morello CTO Twistlock Dirk
More informationSTRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview
STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking
More informationSIEMLESS THREAT DETECTION FOR AWS
SOLUTION OVERVIEW: ALERT LOGIC FOR AMAZON WEB SERVICES (AWS) SIEMLESS THREAT DETECTION FOR AWS Few things are as important to your business as maintaining the security of your sensitive data. Protecting
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationebook ADVANCED LOAD BALANCING IN THE CLOUD 5 WAYS TO SIMPLIFY THE CHAOS
ebook ADVANCED LOAD BALANCING IN THE CLOUD 5 WAYS TO SIMPLIFY THE CHAOS Introduction Load balancing isn t just about managing traffic anymore. As your infrastructure expands to include applications in
More informationPractical Patch Compliance
Practical Patch Compliance Relieving IT Security Audit Pain, From the Data Center to the Desktop Microsoft s System Center Configuration Manager doesn t handle every aspect of Linux/UNIX and third-party
More informationOptimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution
DATASHEET Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution Features & Benefits Best-in-class VPN and vadc solutions A single point of access for all
More informationCLOUD WORKLOAD SECURITY
SOLUTION OVERVIEW CLOUD WORKLOAD SECURITY Bottom line: If you re in IT today, you re already in the cloud. As technology becomes an increasingly important element of business success, the adoption of highly
More informationSecuring the Modern Data Center with Trend Micro Deep Security
Advania Fall Conference Securing the Modern Data Center with Trend Micro Deep Security Okan Kalak, Senior Sales Engineer okan@trendmicro.no Infrastructure change Containers 1011 0100 0010 Serverless Public
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationCREATING A CLOUD STRONGHOLD: Strategies and Methods to Manage and Secure Your Cloud
CREATING A CLOUD STRONGHOLD: Strategies and Methods to Manage and Secure Your Cloud Ted Brunell Principal Solution Architect, DoD Programs tbrunell@redhat.com @DoDCloudGuy AGENDA Overview of Current Security
More informationThe McAfee MOVE Platform and Virtual Desktop Infrastructure
The McAfee MOVE Platform and Virtual Desktop Infrastructure Simplifying and accelerating security management for virtualized environments Table of Contents Wish List of Security Elements for Virtualized
More informationNetworking for a smarter data center: Getting it right
IBM Global Technology Services October 2011 Networking for a smarter data center: Getting it right Planning the network needed for a dynamic infrastructure 2 Networking for a smarter data center: Getting
More informationA Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface
A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface ORGANIZATION SNAPSHOT The level of visibility Tenable.io provides is phenomenal, something we just
More informationForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.
Real-time Visibility Network Access Control Endpoint Compliance Mobile Security ForeScout CounterACT Continuous Monitoring and Mitigation Rapid Threat Response Benefits Rethink IT Security Security Do
More informationSecurity: The Key to Affordable Unmanned Aircraft Systems
AN INTEL COMPANY Security: The Key to Affordable Unmanned Aircraft Systems By Alex Wilson, Director of Business Development, Aerospace and Defense WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY
More informationSOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM
RSA NETWITNESS EVOLVED SIEM OVERVIEW A SIEM is technology originally intended for compliance and log management. Later, as SIEMs became the aggregation points for security alerts, they began to be more
More informationDDoS MITIGATION BEST PRACTICES
DDoS MITIGATION BEST PRACTICES DDoS ATTACKS ARE INCREASING EXPONENTIALLY Organizations are becoming increasingly aware of the threat that Distributed Denial of Service (DDoS) attacks can pose. According
More informationA Methodology to Build Lasting, Intelligent Cybersecurity Programs
EBOOK Risk-Centric Cybersecurity Management : A Methodology to Build Lasting, Intelligent Cybersecurity Programs A Brinqa ebook Think InfoSec is ready to keep your enterprise secure through the next transformative
More informationDEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise
DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS Security Without Compromise CONTENTS INTRODUCTION 1 SECTION 1: STRETCHING BEYOND STATIC SECURITY 2 SECTION 2: NEW DEFENSES FOR CLOUD ENVIRONMENTS 5 SECTION
More informationJim Reavis CEO and Founder Cloud Security Alliance December 2017
CLOUD THREAT HUNTING Jim Reavis CEO and Founder Cloud Security Alliance December 2017 A B O U T T H E BUILDING SECURITY BEST PRACTICES FOR NEXT GENERATION IT C L O U D S E C U R I T Y A L L I A N C E GLOBAL,
More informationHybrid WAN Operations: Extend Network Monitoring Across SD-WAN and Legacy WAN Infrastructure
Hybrid WAN Operations: Extend Network Monitoring Across SD-WAN and Legacy WAN Infrastructure An ENTERPRISE MANAGEMENT ASSOCIATES (EMA ) White Paper Prepared for SevOne May 2017 IT & DATA MANAGEMENT RESEARCH,
More informationWindows 10 IoT Core Azure Connectivity and Security
Windows 10 IoT Core Azure Connectivity and Security Published July 27, 2016 Version 1.0 Table of Contents Introduction... 2 Device identities... 2 Building security into the platform... 3 Security as a
More informationSmart Data Center From Hitachi Vantara: Transform to an Agile, Learning Data Center
Smart Data Center From Hitachi Vantara: Transform to an Agile, Learning Data Center Leverage Analytics To Protect and Optimize Your Business Infrastructure SOLUTION PROFILE Managing a data center and the
More informationIT Consulting and Implementation Services
PORTFOLIO OVERVIEW IT Consulting and Implementation Services Helping IT Transform the Way Business Innovates and Operates 1 2 PORTFOLIO OVERVIEW IT Consulting and Implementation Services IT is moving from
More informationATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS
PARTNER BRIEF ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS INTRODUCTION Attivo Networks has partnered with McAfee to detect real-time in-network threats and to automate incident response
More informationUsing Threat Analytics to Protect Privileged Access and Prevent Breaches
Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers
More informationAchieving End-to-End Security in the Internet of Things (IoT)
Achieving End-to-End Security in the Internet of Things (IoT) Optimize Your IoT Services with Carrier-Grade Cellular IoT June 2016 Achieving End-to-End Security in the Internet of Things (IoT) Table of
More information<Partner Name> <Partner Product> RSA Ready Implementation Guide for. Rapid 7 Nexpose Enterprise 6.1
RSA Ready Implementation Guide for Rapid 7 Jeffrey Carlson, RSA Partner Engineering Last Modified: 04/11/2016 Solution Summary Rapid7 Nexpose Enterprise drives the collection
More informationHow Verizon boosted product delivery with Dynatrace Software Intelligence
How Verizon boosted product delivery with Dynatrace Software Intelligence 3x faster build and test cycles 2x faster deployments 33 percent faster revenue realization 50 percent reduction in issues 2019
More informationSecuring Your Amazon Web Services Virtual Networks
Securing Your Amazon Web Services s IPS security for public cloud deployments It s no surprise that public cloud infrastructure has experienced fast adoption. It is quick and easy to spin up a workload,
More informationSurvey Results: Virtual Insecurity
Best Practices SURVEY Survey Results: Virtual Insecurity May 2013 Executive Summary: Virtual Assets Could Bring Real Risk Virtualization technologies have reshaped how IT offers and delivers their services
More informationSix Sigma in the datacenter drives a zero-defects culture
Six Sigma in the datacenter drives a zero-defects culture Situation Like many IT organizations, Microsoft IT wants to keep its global infrastructure available at all times. Scope, scale, and an environment
More informationDATA SHEET RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE.
RSA NETWITNESS ENDPOINT DETECT UNKNOWN THREATS. REDUCE DWELL TIME. ACCELERATE RESPONSE. KEY CUSTOMER BENEFITS: Gain complete visibility into all endpoints, regardless of whether they are on or off the
More informationReducing the Cost of Incident Response
Reducing the Cost of Incident Response Introduction Cb Response is the most complete endpoint detection and response solution available to security teams who want a single platform for hunting threats,
More informationArchitectural overview Turbonomic accesses Cisco Tetration Analytics data through Representational State Transfer (REST) APIs. It uses telemetry data
Solution Overview Cisco Tetration Analytics and Turbonomic Solution Deploy intent-based networking for distributed applications. Highlights Provide performance assurance for distributed applications. Real-time
More informationZero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers
Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere How Okta enables a Zero Trust solution for our customers Okta Inc. 301 Brannan Street, Suite 300 San Francisco, CA 94107 info@okta.com
More informationTransformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018
Transformation in Technology Barbara Duck Chief Information Officer Investor Day 2018 Key Takeaways 1Transformation in Technology driving out cost, supporting a more technologyenabled business Our new
More informationEASILY DEPLOY AND SCALE KUBERNETES WITH RANCHER
EASILY DEPLOY AND SCALE KUBERNETES WITH RANCHER 2 WHY KUBERNETES? Kubernetes is an open-source container orchestrator for deploying and managing containerized applications. Building on 15 years of experience
More informationMICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER
TECHNICAL WHITE PAPER MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY Abstract Organizations are in search of ways to more efficiently and securely use IT resources to increase innovation and minimize cost.
More informationVeritas Provisioning Manager
Veritas Provisioning Manager Automated server provisioning, part of the Veritas Server Foundation suite, automates server provisioning and management from physical bare metal discovery and OS installation
More information