S Automating security compliance for physical, virtual, cloud, and container environments

Similar documents
Automating Security and Compliance for Hybrid Environments

RED HAT CLOUDFORMS. Chris Saunders Cloud Solutions

CREATING A CLOUD STRONGHOLD: Strategies and Methods to Manage and Secure Your Cloud

Automating, Securing, and Managing Cox Automotive's (AutoTrader) Big Data Infrastructure

L105190: Proactive Security Compliance Automation with CloudForms, Satellite, OpenSCAP, Insights, and Ansible Tower

FISMA COMPLIANCE FOR CONTAINERIZED APPS

Ansible for Incident Response

Container Deployment and Security Best Practices

We have very limited time Won t cover extensive theory Won t cover writing SCAP policies - out of scope

RED HAT INSIGHTS. Security & Proactive Response with Insights

Public Cloud - Azure workshop

Practical OpenSCAP Security Standard Compliance and Reporting. Robin Price II Senior Solutions Architect Martin Preisler Senior Software Engineer

Red Hat Roadmap for Containers and DevOps

Secure Foundations: Why RHEL isn t just another Linux distribution

PUBLIC AND HYBRID CLOUD: BREAKING DOWN BARRIERS

Red Hat CloudForms Hybrid Cloud Management (CL220)

HOW TO MAKE THE CASE TO MANAGEMENT: PAYING FOR OPEN SOURCE

CoreOS and Red Hat. Reza Shafii Joe Fernandes Brandon Philips Clayton Coleman May 2018

Build an open hybrid cloud and paint it red and blue

Identity Management and Compliance in OpenShift

RED HAT OPENSHIFT A FOUNDATION FOR SUCCESSFUL DIGITAL TRANSFORMATION

Red Hat Cloud Infrastructure 1.1

Red Hat Insights Mitigate Risk & Proactively Manage Your Infrastructure

June 8th, 2017 Washington D.C. Security Compliance for modern infrastructures with OpenSCAP

TEN LAYERS OF CONTAINER SECURITY

OPENSTACK Building Block for Cloud. Ng Hwee Ming Principal Technologist (Telco) APAC Office of Technology

Red Hat Cloud Suite 1.1

INTRODUCING CONTAINER-NATIVE VIRTUALIZATION

Red Hat Container Catalog Consuming Container Images from Red Hat and its Ecosystem. Dirk Herrmann Product Owner Container Catalog May 2nd 2017

TRAINING AND CERTIFICATION UPDATE

The Evolution of Data Center Security, Risk and Compliance

The Road to Digital Transformation: Increase Agility Building and Managing Cloud Infrastructure. Albert Law Solution Architect Manager

SYMANTEC DATA CENTER SECURITY

WHEN CONTAINERS AND VIRTUALIZATION DO - AND DON T - WORK TOGETHER

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

Red Hat Containers Roadmap. Red Hat A panel of product directors

CyberPosture Intelligence for Your Hybrid Infrastructure

Red Hat Cloud Platforms with Dell EMC. Quentin Geldenhuys Emerging Technology Lead

Enabling Red Hat Virtualization for the Hybrid Cloud

THE AUTOMATED ENTERPRISE

ENTERPRISE-GRADE MANAGEMENT FOR OPENSTACK WITH RED HAT CLOUDFORMS

Learn. Connect. Explore.

Backup strategies for Stateful Containers in OpenShift Using Gluster based Container-Native Storage

AWS Reference Design Document

A Greybeard's Worst Nightmare

ACCELERATE APPLICATION DELIVERY WITH OPENSHIFT. Siamak Sadeghianfar Sr Technical Marketing Manager, April 2016

Delivering Red Hat OpenShift at Ease on Red Hat OpenStack and RHV

Cyber Security Awareness for SmallSat Ground Networks

Building a government cloud Concepts and Solutions

SUBSCRIPTION OVERVIEW

DEPLOYING NFV: BEST PRACTICES

KEYNOTE How open source and hybrid cloud brought Microsoft and Red Hat together

RED HAT CONTAINER CATALOG

White Paper Server. Five Reasons for Choosing SUSE Manager

PROFESSIONAL SERVICES (Solution Brief)

4 Ways Your Organization Can Be Hacked

Open Hybrid Cloud & Red Hat Products Announcements

How-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018

VMWARE PIVOTAL CONTAINER SERVICE

Reinvent Your 2013 Security Management Strategy

What s New in Red Hat OpenShift Container Platform 3.4. Torben Jäger Red Hat Solution Architect

Optimizing Infrastructure Management with Predictive Analytics: The Red Hat Insights Approach

CLOUD INFRASTRUCTURE ARCHITECTURE DESIGN

Applied SCAP: Automating Security Compliance and Remediation. Shawn Wells Maintainer, SCAP Security Guide 31-JULY-2014

DELIVERING TRUSTED CLOUDS How Intel and Red Hat integrated solutions for secure cloud computing

The Road to a Secure, Compliant Cloud

MOBILIZING AND SECURING RED HAT JBOSS BPM SUITE & BRMS

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

Vulnerability Management

Netwrix Auditor. Know Your Data. Protect What Matters. Roy Lopez Solutions Engineer

On Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor

VMware Hybrid Cloud Solution

Virtual Machine Encryption Security & Compliance in the Cloud

Simplify IT management

Data safety for digital business. Veritas Backup Exec WHITE PAPER. One solution for hybrid, physical, and virtual environments.

CHARTING THE FUTURE OF SOFTWARE DEFINED NETWORKING

Trust in the Cloud. Mike Foley RSA Virtualization Evangelist 2009/2010/ VMware Inc. All rights reserved

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

Love Containers, Love Devops, Love Openshift, Where's my business case?

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

Red Hat CloudForms 4.6

AGILE RELIABILITY WITH RED HAT IN THE CLOUDS YOUR SOFTWARE LIFECYCLE SPEEDUP RECIPE. Lutz Lange - Senior Solution Architect Red Hat

Container Security. Marc Skinner Principal Solutions Architect

LOG AGGREGATION. To better manage your Red Hat footprint. Miguel Pérez Colino Strategic Design Team - ISBU

(Em)Powering Open Hardware with Open Source Software

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Protect Your Organization from Cyber Attacks

Introduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS

A10 HARMONY CONTROLLER

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

OPENSTACK AGILITY. RED HAT RELIABILITY.

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Red Hat Gluster Storage Roadmap Past, Present & Future

Red Hat Virtualization

CLOUD WORKLOAD SECURITY

Unlocking the Power of the Cloud

Container Management : First Looks

RED HAT SATELLITE LIGHTNING TALKS. Sureshkumar Thirugnanasambandan Thomas McKay Rich Jerrido

A Security State of Mind: Container Security. Chris Van Tuin Chief Technologist, West

Goal 1: Maintain Security of ITS Enterprise Systems

Transcription:

S103174 - Automating security compliance for physical, virtual, cloud, and container environments Using Red Hat CloudForms, Red Hat Satellite, Red Hat Insights and Ansible Tower by Red Hat Lucy Huh Kerner Principal Technical Marketing Manager - Security, Red Hat May 4, 2017

Why automate security compliance?

81% of hacking-related breaches leveraged either stolen and/or weak passwords. 2017 Verizon Data Breach Investigations Report [http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017]

Let s manually ensure security compliance.. 3 ring binder of security checks and fixes that have to be done Very time consuming Highly prone to human error Tedious and boring Non-repudiable Not easy to do audits Not repeatable or sharable

Instead, what you want is... Centralized management of your entire heterogeneous infrastructure You can t control what you don t know about Automation, Automation, Automation Infrastructure and Security as code Repeatable, sharable, verifiable, easier to do compliance audits Hardened, Security compliant host at provisioning time Immutable Operating System: OS can t be changed by untrusted parties Automated monitoring and fixing of all systems for entire lifecycle Proactive vs Reactive security

What tools can I use to help me with all this?

Let s start with SCAP. But, what is SCAP? Security Content Automation Protocol Managed by National Institute of Standards and Technology (NIST) Standardized way of maintaining security of systems Vulnerability and configuration security baselines

Configuration and Vulnerability Scanner WHAT IS OpenSCAP? Ships FREE with RHEL and Satellite!!! NIST validated and certified SCAP scanner by Red Hat

SCAP Workbench GUI tool that serves as an SCAP scanner and provides tailoring functionality for SCAP content, but only scans a single machine

But I don t just have 1 machine... We have over 1000 linux hosts all living in different environments(vmware vcenter, Microsoft Azure, etc). How do we scan, report on, and remediate all of these systems? How do we provide a customized self service portal for users to provision a security compliant host at provisioning time while still having tight control over our entire infrastructure? How do we do ongoing automated security compliance and remediation for our entire heterogeneous infrastructure? How do I ensure that all the 200+ container images in our environment and all future container images that will enter our environment are free of vulnerabilities in an automated fashion?

The secret is to use a combination of..

Using Red Hat s management products + OpenSCAP, how do I: 1) 2) 3) 4) Create a security compliant host at provisioning time Automate ongoing security compliance Ensure governance and Control Do proactive vs reactive security with Red Hat Insights **All in a heterogeneous infrastructure with a mix of physical, virtual, cloud, and container environments **

Creating a security compliant host at provisioning time with Red Hat CloudForms and Ansible Tower

Unified Management with Red Hat CloudForms Service Management Compliance & Governance Efficiency & Optimization CONTAINERS Red Hat OpenShift Container Platform VIRTUALIZATION PRIVATE CLOUD VMware Microsoft Hyper-V Amazon Web Services Red Hat Openstack Platform Microsoft Azure Google Cloud Platform Red Hat Virtualization SOFTWARE DEFINED NETWORKING 15 PUBLIC CLOUD

CloudForms includes Ansible Inside (default automation for CloudForms)

DEMO #1

Creating a security compliant host at provisioning time 1. Push an order button in CloudForms which, behind the scenes will: Provision a VM in VmWare Register it with Satellite Make it compliant to the Defense Information Systems Agency(DISA) Security Technical Implementation Guide (STIG) 2. Do all this WITHOUT writing a single line of code and WITH multi-tenancy Users from different tenants have their own order buttons 3. Admin has tight control of entire heterogenous infrastructure and only allows certain people provision in Amazon vs VMWare based on tenancy, utilization, etc

Now, let s see this in action!

You can also create a security compliant host in RHEL 7.2, RHEL 7.3 + Satellite 6

Of course, can kickstart too or create security compliant host(s) using Satellite 6 as well vs RHEL GUI install.

Automating ongoing security compliance with Red Hat CloudForms, Satellite, OpenSCAP, and Ansible Tower

DEMO #2

Automate ongoing security compliance 1. Push a button on a VM in CloudForms and do an OpenSCAP scan on it for a chosen security profile (PCI-DSS, DISA STIG, Standard, etc or your custom profile) When the scan PASSES: i. Tag the VM as scap-compliant:<name of profile> When the scan FAILS: i. Tag the VM as scap-noncompliant:<name of profile> ii. Email owner of VM iii. Open a ticket in a ticketing system, such as ServiceNow with the name of the failed VM and all other details about VM(size, IP address,etc) 2. Create reports of ALL scap-compliant/non-compliant VMs based on security profile 3. Push a button to fix the VM based on security profile. Once that looks good, do the fix for ALL machines in my environment at the push of a button.

Now, let s see this in action!

The Power and Flexibility of the Red Hat CloudForms control/policy engine

DEMO #3

Power and Flexibility of the CloudForms control engine 1. Check to see if your VM is vulnerable to shellshock. If yes, then fix the VM using a button in CloudForms that launches an Ansible playbook to remediate the VM against the shellshock vulnerability. 2. In CloudForms, check to see if an Openshift container image has any severity high vulnerabilities. If yes, then Openshift will prevent that vulnerable image from ever running in Openshift again.

Now, let s see this in action!

Proactive Security and Automated Risk Management with Red Hat Insights

RED HAT MANAGEMENT Insights introduces automated risk management, reduces complexity, and allows you to FIX faster. AUTOMATE YOUR IT PROCESSES & DEPLOYMENTS PREVENT CRITICAL ISSUES BEFORE THEY OCCUR BUILD A TRUSTED & SECURE RED HAT ENVIRONMENT DELIVER SERVICES ACROSS YOUR HYBRID CLOUD Simple & powerful language Continuous Insights Manage the Red Hat Lifecycle Hybrid Cloud Management No agents to install Verified Knowledge Provision & Configure at Scale Self-Service Provisioning Scale with Ansible Tower Proactive Resolution Standardize Your Environment Policy-driven Compliance wnix - Red Hat Insights

DEMO #4

Proactive Security with Red Hat Insights 1. See the payload injection issue on your VM in Red Hat Insights from either Satellite or CloudForms. Upon fixing, notice that the issue no longer exists

Now, let s see this in action!

SUMMARY 1) 2) 3) 4) Create a security compliant host at provisioning time Automate ongoing security and compliance Ensure governance and Control Do proactive vs reactive security with Red Hat Insights All with FLEXIBILITY + CHOICE using a combination of OpenSCAP, Red Hat CloudForms, Red Hat Satellite, Ansible Tower, and Red Hat Insights

Lucy Kerner Principal Technical Product Marketing Manager - Security, Red Hat lkerner@redhat.com @LucyCloudBling plus.google.com/+redhat facebook.com/redhatinc linkedin.com/company/red-hat twitter.com/redhatnews youtube.com/user/redhatvideos

THANK YOU plus.google.com/+redhat facebook.com/redhatinc linkedin.com/company/red-hat twitter.com/redhatnews youtube.com/user/redhatvideos

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback