Unify DevOps and SecOps: Security Without Friction

Similar documents
Automating Security Practices for the DevOps Revolution

A DEVOPS STATE OF MIND. Chris Van Tuin Chief Technologist, West

CLOUD WORKLOAD SECURITY

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

CNA1699BU Running Docker on your Existing Infrastructure with vsphere Integrated Containers Martijn Baecke Patrick Daigle VMworld 2017 Content: Not fo

VMworld 2017 Content: Not for publication #CNA1699BE CONFIDENTIAL 2

Going cloud-native with Kubernetes and Pivotal

A DEVOPS STATE OF MIND. Chris Van Tuin Chief Technologist, West

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES

Alexandre Menezes Cloud Solution Architect

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Qualys Cloud Platform

Practical Guide to Platform as a Service.

DEPLOY MODERN APPS WITH KUBERNETES AS A SERVICE

CyberPosture Intelligence for Your Hybrid Infrastructure

DEPLOY MODERN APPS WITH KUBERNETES AS A SERVICE

Industry-leading Application PaaS Platform

Cloud & container monitoring , Lars Michelsen Check_MK Conference #4

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

The ADC Guide to Managing Hybrid (IT and DevOps) Application Delivery

Development. Architecture QA. Operations

Qualys Cloud Platform

I keep hearing about DevOps What is it?

YOUR APPLICATION S JOURNEY TO THE CLOUD. What s the best way to get cloud native capabilities for your existing applications?

Closing the Hybrid Cloud Security Gap with Cavirin

VMware Hybrid Cloud Solution

Go Faster: Containers, Platforms and the Path to Better Software Development (Including Live Demo)

Container in Production : Openshift 구축사례로 이해하는 PaaS. Jongjin Lim Specialist Solution Architect, AppDev

DevSecOps Why Aren t You Doing It? Brian Liceaga, CISSP 1

Day One Success for DevSecOps and Automation on Azure

SUSE s vision for agile software development and deployment in the Software Defined Datacenter

Modern Database Architectures Demand Modern Data Security Measures

Open Source Networking Software Case studies and Roundtable. Arpit Joshipura GM, Networking

Logging, Monitoring, and Alerting

Agile CI/CD with Jenkins and/at ZeroStack. Kiran Bondalapati CTO, Co-Founder & Jenkins Admin ZeroStack, Inc. (

ebook ADVANCED LOAD BALANCING IN THE CLOUD 5 WAYS TO SIMPLIFY THE CHAOS

Amir Zipory Senior Solutions Architect, Redhat Israel, Greece & Cyprus

Cisco Tetration Analytics

CONFIDENTLY INTEGRATE VMWARE CLOUD ON AWS WITH INTELLIGENT OPERATIONS

Microsoft Security Management

Deployment Patterns using Docker and Chef

Container Adoption for NFV Challenges & Opportunities. Sriram Natarajan, T-Labs Silicon Valley Innovation Center

How to Keep UP Through Digital Transformation with Next-Generation App Development

Data Protection Modernization: Meeting the Challenges of a Changing IT Landscape

HARNESSING THE HYBRID CLOUD TO DRIVE GREATER BUSINESS AGILITY

CSV-W14 - BUILDING AND ADOPTING A CLOUD-NATIVE SECURITY PROGRAM

API, DEVOPS & MICROSERVICES

Hitachi Enterprise Cloud Container Platform

Red Hat Roadmap for Containers and DevOps

How to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud

The Data Explosion. A Guide to Oracle s Data-Management Cloud Services

Azure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region

Enterprise Cloud One OS. One Click.

ALIENVAULT USM FOR AWS SOLUTION GUIDE

DATA SHEET AlienVault USM Anywhere Powerful Threat Detection and Incident Response for All Your Critical Infrastructure

The four forces of Cloud Native

The Three Data Challenges

A DEVOPS STATE OF MIND WITH DOCKER AND KUBERNETES. Chris Van Tuin Chief Technologist, West

BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology

Murray Goldschmidt. Chief Operating Officer Sense of Security Pty Ltd. Micro Services, Containers and Serverless PaaS Web Apps? How safe are you?

Containerization Dockers / Mesospere. Arno Keller HPE

Suman Sourav Director DevSecOps, Vantage Point Security. OWASP Indonesia Day 2017

DevOps Tooling from AWS

How Verizon boosted product delivery with Dynatrace Software Intelligence

Sunil Shah SECURE, FLEXIBLE CONTINUOUS DELIVERY PIPELINES WITH GITLAB AND DC/OS Mesosphere, Inc. All Rights Reserved.

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Deploying and Operating Cloud Native.NET apps

Regaining Our Lost Visibility

2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

The ADC Guide to Managing Hybrid (IT and DevOps) Application Delivery. Citrix.com ebook Align Cloud Strategy to Business Goals 1

ENTERPRISE-GRADE MANAGEMENT FOR OPENSTACK WITH RED HAT CLOUDFORMS

Containers Infrastructure for Advanced Management. Federico Simoncelli Associate Manager, Red Hat October 2016

PSOACI Tetration Overview. Mike Herbert

DEVOPSIFYING NETWORK SECURITY. An AlgoSec Technical Whitepaper

Orchestrating the Continuous Delivery Process

Think Small to Scale Big

La plateforme Cloud d Entreprise. Découvrez la vision et la stratégie de Nutanix.

The intelligence of hyper-converged infrastructure. Your Right Mix Solution

Portnox CORE. On-Premise. Technology Introduction AT A GLANCE. Solution Overview

Docker Universal Control Plane Deploy and Manage On-Premises, Your Dockerized Distributed Applications

Vulnerability Management

AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs

Running MarkLogic in Containers (Both Docker and Kubernetes)

Learn. Connect. Explore.

Private Cloud Public Cloud Edge. Consistent Infrastructure & Consistent Operations

The Why, What, and How of Cisco Tetration

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

AWS Reference Design Document

5 reasons why choosing Apache Cassandra is planning for a multi-cloud future

5 Steps to Government IT Modernization

AGILE RELIABILITY WITH RED HAT IN THE CLOUDS YOUR SOFTWARE LIFECYCLE SPEEDUP RECIPE. Lutz Lange - Senior Solution Architect Red Hat

Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and

WHITE PAPER. RedHat OpenShift Container Platform. Benefits: Abstract. 1.1 Introduction

TEN LAYERS OF CONTAINER SECURITY. Kirsten Newcomer Security Strategist

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

2018 Report The State of Securing Cloud Workloads

Accelerate your Azure Hybrid Cloud Business with HPE. Ken Won, HPE Director, Cloud Product Marketing

Multicloud is the New Normal Cloud enables Digital Transformation (DX), but more clouds bring more challenges

CHARTING THE FUTURE OF SOFTWARE DEFINED NETWORKING

Transcription:

SANS Secure DevOps Summit Unify DevOps and SecOps: Security Without Friction Matt Alderman, CISSP Chief Strategy & Marketing Officer Layered Insight @maldermania

Technology Trend #1: Infrastructure Migrates to the Cloud

Technology Trend #2: IoT Accelerates Edge Computing

Technology Trend #3: Applications are the Future

The People Challenge DevOps Benefits Agility Velocity (Production, Market, Improvement, and Innovation) Optimization (Productivity, Costs, and Competitiveness) DevOps Challenges Not Understanding Security Automating to Enhance Agility Starting with Technology Solutions

The People Challenge SecOps Wants Inventory Of Authorized and Unauthorized Software Compliance with Policies and Regulations Security Assessment, Monitoring, and Remediation SecOps Challenges Adjusting to Speed Security s Changing Role Legacy Solutions Limit Visibility and Control

The People Challenge DevOps SecOps SPEED? AGILITY? PORTABILITY? INVENTORY? COMPLIANCE? SECURITY?

The People Solution: Unify DevOps and SecOps DevOps ized Applications SecOps SPEED? AGILITY? PORTABILITY? INVENTORY? COMPLIANCE? SECURITY? Unify DevOps and SecOps to provide complete visibility and control

The Technology Challenge 2016 Challenges 1. Shrinking infrastructure, as organizations continue migration to the cloud 2. s deployed within Virtual Machines 3. But organizations still have the overhead and costs of the hypervisor and virtual machines Application Engine Application Engine Application Engine Guest OS Guest OS Guest OS Hypervisor Host Operating System Kernel Infrastructure Infrastructure

The Technology Challenge 2017 Challenges 1. The orchestration battle ends with Kubernetes winning 80% of the market 2. But organizations struggle to scale their own Kubernetes clusters 3. Also, where do you put security without creating dependencies? Engine Engine Engine Guest OS Guest OS Guest OS Hypervisor Engine Host Operating System Kernel Infrastructure

The Technology Challenge 2018 Challenges 1. -as-a-service and Orchestration-as-a-Service adoption accelerate container adoption 2. Now where do you put security? as a Service Engine Host Operating System Kernel Infrastructure

The Three Approaches Approach #1: Kernel Plugin with Root Access Approach #2: Privileged with Root Access Approach #3: Native with User Access

The Three Approaches #1: Kernel Plugin Engine Operating System Kernel Infrastructure Challenges Has Root Privileges Lacks App Visibility Limits Portability

The Three Approaches #1: Kernel Plugin #2: Privileged Privilege Engine Engine Operating System Operating System Kernel Kernel Infrastructure Infrastructure Challenges Challenges Has Root Privileges Lacks App Visibility Limits Portability Requires Root Access Lacks Scalability Limits Portability

The Three Approaches #1: Kernel Plugin #2: Privileged #3: Native Privilege Secured Secured Secured Engine Engine Engine Kernel Operating System Kernel Operating System Zero-Touch Kernel Operating System Infrastructure Infrastructure Infrastructure Challenges Challenges Advantages Has Root Privileges Lacks App Visibility Limits Portability Requires Root Access Lacks Scalability Limits Portability No Root Privileges Scales Elastically Infinite Portability

The Technology Solution: Native Solution 1. Native injects sensors within the container image to monitor application, system, network, and file activity 2. Native protects the s independently of the underlying infrastructure as a Service Orchestration as a Service

The Process Challenge Insecure posted to registry Insecure container sent to Sec New container build with basic unit test New Post to registry Insecure Registry Insecure git commit git push Dev Sec sends Insecure to Dev for re-imaging Sec B u i l d S h i p R u n

The Process Solution: Security Without Friction Insecure posted to registry Instrumented inserted into registry Instrumented runs in observation mode on premise or in cloud Automated enforcement of Secured on premise or in cloud New container build with basic unit test New Post to registry Insecure Registry Copy of Original Instrumented Instrumented Secured Security Policy Enforcement git commit git push Pull container image from registry S t a t i c A n a l y s i s R u n t i m e A n a l y s i s R u n t i m e P r o t e c t i o n Software Inventory Security Assessment Compliance Enforcement Pass/Fail Inject Security Sensors for App, Sys, Network, and Storage Behavior Profiles Dev Any failed containers are returned to DevOps Scan Validate Instrument Security Policies Machine Learning Alerts Notifications Insight << FAIL PASS >> Failed Native Solution Sec DevOps SecOps A s s e s s m e n t / I n s t r u m e n t a t i o n T e s t / S t a g i n g P r o d u c t i o n B u i l d S h i p R u n

Conclusion & Call To Action People: Unify DevOps and SecOps 1. Do you have a formal DevOps team? 2. Are they developing with containers? 3. Are they deploying or preparing to deploy containers?

Conclusion & Call To Action Technology: Native Application Protection 1. Are you deploying on-premises or in the cloud? 2. Are you looking at CaaS/serverless infrastructure? 3. Do you want to future-proof security?

Conclusion & Call To Action Process: Security Without Friction 1. What is the current CI/CD process? 2. How do you embed security within the process? 3. How do you integrate with your exiting SecOps/SOC process?

Thank You Copyright 2018 Layered Insight. All rights reserved.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback