Logging, Monitoring, and Alerting

Similar documents
[Docker] Containerization

DevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY

The four forces of Cloud Native

Deployment Patterns using Docker and Chef

Exam C Foundations of IBM Cloud Reference Architecture V5

Amir Zipory Senior Solutions Architect, Redhat Israel, Greece & Cyprus

Industry-leading Application PaaS Platform

Red Hat Atomic Details Dockah, Dockah, Dockah! Containerization as a shift of paradigm for the GNU/Linux OS

DevSecOps Why Aren t You Doing It? Brian Liceaga, CISSP 1

Kuber-what?! Learn about Kubernetes

IBM Bluemix compute capabilities IBM Corporation

Flip the Switch to Container-based Clouds

Merging Enterprise Applications with Docker* Container Technology

Title DC Automation: It s a MARVEL!

CLOUD WORKLOAD SECURITY

Top five Docker performance tips

Deploying and Operating Cloud Native.NET apps

Przyspiesz tworzenie aplikacji przy pomocy Openshift Container Platform. Jarosław Stakuń Senior Solution Architect/Red Hat CEE

Unify DevOps and SecOps: Security Without Friction

No Limits Cloud Introducing the HPE Helion Cloud Suite July 28, Copyright 2016 Vivit Worldwide

Murray Goldschmidt. Chief Operating Officer Sense of Security Pty Ltd. Micro Services, Containers and Serverless PaaS Web Apps? How safe are you?

개발자와운영자를위한 DevOps 플랫폼 OpenShift Container Platform. Hyunsoo Senior Solution Architect 07.Feb.2017

THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES

Qualys Cloud Platform

STATE OF MODERN APPLICATIONS IN THE CLOUD

Welcome to Docker Birthday # Docker Birthday events (list available at Docker.Party) RSVPs 600 mentors Big thanks to our global partners:

Microservices a security nightmare? GOTO Nights Zürich - March 3, 2016 Maximilian Container Solutions Switzerland

Docker and Security. September 28, 2017 VASCAN Michael Irwin

The Post-Cloud. Where Google, DevOps, and Docker Converge

Deploying and Operating Cloud Native.NET apps

Immutable Infrastructure

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

How to Put Your AF Server into a Container

Distributed Systems COMP 212. Lecture 18 Othon Michail

Docker II - Judgement Day

Docker and Splunk Development

Oracle Solaris Virtualization: From DevOps to Enterprise

Immutable Infrastructure

Learn. Connect. Explore.

Exploring Cloud Security, Operational Visibility & Elastic Datacenters. Kiran Mohandas Consulting Engineer

MODERNIZING TRADITIONAL SECURITY:

Cloud & container monitoring , Lars Michelsen Check_MK Conference #4

Docker and HPE Accelerate Digital Transformation to Enable Hybrid IT. Steven Follis Solutions Engineer Docker Inc.

API, DEVOPS & MICROSERVICES

Application Centric Microservices Ken Owens, CTO Cisco Intercloud Services. Redhat Summit 2015

OpenShift on Public & Private Clouds: AWS, Azure, Google, OpenStack

Think Small to Scale Big

Docker and Oracle Everything You Wanted To Know

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

NEXT GENERATION CLOUD SECURITY

Automating Security Practices for the DevOps Revolution

2013 Cisco and/or its affiliates. All rights reserved. 1

Practical Guide to Platform as a Service.

Architecting for the.

SQL Server inside a docker container. Christophe LAPORTE SQL Server MVP/MCM SQL Saturday 735 Helsinki 2018

CNA1699BU Running Docker on your Existing Infrastructure with vsphere Integrated Containers Martijn Baecke Patrick Daigle VMworld 2017 Content: Not fo

Cisco Tetration Analytics

InterSystems Cloud Manager & Containers for InterSystems Technologies. Luca Ravazzolo Product Manager

How to Keep UP Through Digital Transformation with Next-Generation App Development

Container in Production : Openshift 구축사례로 이해하는 PaaS. Jongjin Lim Specialist Solution Architect, AppDev

Containerizing GPU Applications with Docker for Scaling to the Cloud

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

CONTAINERS AND MICROSERVICES WITH CONTRAIL

VMworld 2017 Content: Not for publication #CNA1699BE CONFIDENTIAL 2

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

Introduction to Docker. Antonis Kalipetis Docker Athens Meetup

DevOps Course Content

SYMANTEC DATA CENTER SECURITY

Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and

Oracle Container Natve Applicaton Development Platorm. Edgars Ruņģis Cloud Soluton Architect

Sunil Shah SECURE, FLEXIBLE CONTINUOUS DELIVERY PIPELINES WITH GITLAB AND DC/OS Mesosphere, Inc. All Rights Reserved.

WHITEPAPER. Embracing Containers & Microservices for future-proof application modernization

Security as Code: The Time is Now. Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS

Table of Contents 1.1. Introduction. Overview of vsphere Integrated Containers 1.2

Secure Kubernetes Container Workloads

When (and how) to move applications from VMware to Cisco Metacloud

our container journey

Overcoming the Challenges of Automating Security in a DevOps Environment

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Lecture 09: VMs and VCS head in the clouds

The age of orchestration

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Kubernetes made easy with Docker EE. Patrick van der Bleek Sr. Solutions Engineer NEMEA

The threat landscape is constantly

Elizabeth Lawler CEO & Co-Founder Conjur,

Service Mesh and Microservices Networking

A DEVOPS STATE OF MIND WITH DOCKER AND KUBERNETES. Chris Van Tuin Chief Technologist, West

Red Hat Roadmap for Containers and DevOps

The Road to Istio: How IBM, Google and Lyft Joined Forces to Simplify Microservices

How to re-invent your IT Architecture. André Christ, Co-CEO LeanIX

Development. Architecture QA. Operations

ADC im Cloud - Zeitalter

Introduction to virtualisation, hardware, cloud, containers, unikernels, microkernels. and everything else

Knative: Building serverless platforms on top of Kubernetes

Con$nuous Deployment with Docker Andrew Aslinger. Oct

Actifio Test Data Management

A CONTAINERIZED TESTING STRATEGY

Running MarkLogic in Containers (Both Docker and Kubernetes)

Table of Contents 1.1. Overview. Containers, Docker, Registries vsphere Integrated Containers Engine

From development to production

Transcription:

Logging, Monitoring, and Alerting Logs are a part of daily life in the DevOps world In security, we focus on particular logs to detect security anomalies and for forensic capabilities A basic logging pipeline can be shared between Developers, Operations, and Security teams: Log Aggregation: Used to ingest logs from systems, applications, network components, etc. Long Term Storage: Filesystem which retains logs for an extended period of time. Good for forensics or breach investigation. Short Term Storage: Filesystem or DB which stores logs to be queried quickly and easily. Alerting: Anomaly detection system which is responsible for sending alerts to teams when a deviation occurs 76

Logging and Monitoring Pipeline IaaS Long Term Storage Log Aggregation Short Term Storage Query Interface Anomaly Alerting System DevSecOps 77

Infrastructure as Code 78

Building Infrastructure Is your infrastructure Self documenting? Version controlled? Capable of continuous delivery? Integration tested? Immutable? Remember: It s all software" 79

Immutable Infrastructure Immutable infrastructure is compromised of components which are replaced during deployment rather than being updated in place 80

Security and Immutable Infrastructure An immutable infrastructure starts with a Golden in a version catalog Security teams have a central location to validate images as compliant and enforce OS hardening policies No more guesswork what is installed Automation can flag security anomalies vs. human intervention Tags help teams wrangle infrastructure Push Security to the Left 81

Simple Immutable Infrastructure Version Catalog OS Packages 0.2 Instance 1 0.2 Instance 2 0.2 Container Latest Code Instance n 0.2 82

Proving Immutability Version Catalog OS Packages SHA1(_) 0.2 96c5 07e4bb Instance 1 0.2 96c5 07e4bb Instance 2 0.2 Container Latest Code 96c5 07e4bb Instance n 0.2 83

Shellshock? Version Catalog OS Packages 0.2 Instance 1 0.2 Instance 2 0.2 Container Latest Code Instance n 0.2 84

Shellshock? Version Catalog OS Packages 0.3 Instance 1 0.3 Instance 2 0.3 Container Latest Code Emergency Patch! Instance n 0.3 85

Cattle, not pets. 86

Security Wins Security team now has insight into the entire system Infrastructure is auditable and version controlled, just like source code Patching can be applied programmatically with a high level of certainty Alerting can be built for changes to specific areas of the infrastructure A new firewall rule is created or deleted Administrative user is created New VPC rolled out Testing can occur much earlier in the pipeline 87

Infrastructure as Code - Terraform 88

Infrastructure as Code K8s 89

Chaos Testing 90

Brief Introduction to Containers 91

Containers, Containers, Containers, Containers 92

Software Deployment is Changing Massive shift toward cloud computing Increased demand for application and infrastructure portability across environments Avoid vendor lock in when possible Increase in microservices Process AKA Security loosely coupled services Process Isolation 93

Modern Applications Breaking monolithic applications into smaller services offers several advantages: - Scale independently - Stateless - High Availability - API-Driven - Faster iteration times Process Security Process Isolation 94

Issues with Modern Applications Organizations often operate in an Ops vs. Dev vs. Sec world Applications and microservices are written in a variety of languages and frameworks Applications need to run Process on different Security technology stacks: Virtual Machines Windows Server Bare Metal Servers Cloud Environments On-Prem Environments Developer Laptops Process Isolation 95

Application Operating System Physical Server Physical Host

Application Operating System Physical Server One application per server Slow deployment times Low resource utilization Scaling challenges Migration challenges $$$ Difficult to replicate locally

Physical Server VM VM VM App App App Guest OS Guest OS Guest OS VM Hypervisor Host Operating System

VM App Guest OS Physical Server VM App Guest OS Hypervisor Host Operating System VM App Guest OS One physical server and multiple applications Each application runs in a Virtual Machine Better resource utilization Easier to scale VMs live in the Cloud Still requires complete guest Operating Systems Application portability not guaranteed

Physical Server Container Container Container App 1 App 2 App 3 Bins Libs Bins Libs Bins Libs Container Docker (CRI) Host Operating System

Container App 1 Bins Libs Physical Server Container App 2 Bins Libs Docker (Container Runtime) Host Operating System Container App 3 Bins Libs Containers are an application layer construct VMs allow us to convert one physical machine into many servers No Operating System to boot (fast!) Most portable out of all options Less OS overhead using shared kernel model

Physical Server Containers VM 1 VM 2 VM 3 and VMs Container Container Container App 1 App 2 App 3 Bins/Libs Bins/Libs Bins/Libs are Happy Docker Docker Docker Hypervisor Host Operating System Together

It's been a pleasure. jmesta@manicode.com Jimmy Mesta Secure Coding Instructor www.manicode.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback