Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Vulnerability Advisor
for Your Images (& Instances)
Canturk Isci
IBM Research, NY
@canturkisci
SAD-7286
Sun Feb 21, 11:00 ...
Please Note:
2
• IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without ...
- Provide unmatched deep, seamless visibility for our users
- Drive operational insights to solve real-world pain points (...
Seamless: Built-in Monitoring & Logging for Containers
”Users do not have to do anything to get this visibility. It is alr...
Container Cloud
App
Cont
.App
Cont
.App
Cont
.App
Cont
.
Cool!
Happy User:
Effortless, painless
visibility in user world
m...
Key Advantages
Key Advantages
Container Cloud
App
Cont
.App
Cont
.App
Cont
.App
Cont
.
Why Built-in Monitoring
magicmagic
...
Deep Visibility: What We Actually Collect (and Annotate)
- OS Info
- Processes
- Disk Info
- Metrics
- Network Info
- Pack...
Deep Visibility  Operational Insights/Analytics  Solve Real Problems
- OS Info
- Processes
- Disk Info
- Metrics
- Netwo...
Deep Visibility  Operational Insights/Analytics  Solve Real Problems
- OS Info
- Processes
- Disk Info
- Metrics
- Netwo...
Vulnerability Advisor: User Stories
How can I identify my vulnerable/non-compliant images
before they go live?
How can I d...
Vulnerability Advisor for Your Images
Annotators
(Vuln, Compl, Passwd,
Config, SW, Notif,…)
Data Pipeline Index (Data)
Img...
Vulnerability Advisor for Your Images and Instances
Annotators
(Vuln, Compl, Passwd,
Config, SW, Notif,…)
Data Pipeline In...
DEMO TIME
This Session
This Session
 Vulnerability Advisor, Policy Mgr
 Go to Bluemix Catalog
 See VA Image Status
(Saf...
Getting Started: Let’s Go to London
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Login to Bluemix London
(...
Deployment Status
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Login to Bluemix London
(https://console.eu...
Deployment Status
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Login to Bluemix London
(https://console.eu...
Deployment Status
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Login to Bluemix London
(https://console.eu...
Create View
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Login to Bluemix London
(https://console.eu-gb.bl...
Vulnerability Advisor Report
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Login to Bluemix London
(https:/...
Vulnerability Advisor Report
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Login to Bluemix London
(https:/...
Policy Manager and Deployment Impact
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Login to Bluemix London
...
Policy Manager and Deployment Impact
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Login to Bluemix London
...
Policy Override
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Login to Bluemix London
(https://console.eu-g...
Also: One-stop Shop “Michael View” for the Purists
Also: Don’t Feel Vulnerable on the Go 
Notices and Disclaimers
26
Copyright © 2016 by International Business Machines Corporation (IBM). No part of this document...
Notices and Disclaimers Con’t.
27
Information concerning non-IBM products was obtained from the suppliers of those product...
Thank You
Your Feedback is Important!
Access the InterConnect 2016 Conference Attendee Portal to complete your
session sur...
Upcoming SlideShare
Loading in …5
×

20160221 va interconnect_pub

258 views

Published on

Vulnerability Advisor for Your Images (and Instances):
InterConnect 2016

Published in: Technology
  • Be the first to comment

  • Be the first to like this

20160221 va interconnect_pub

  1. 1. Vulnerability Advisor for Your Images (& Instances) Canturk Isci IBM Research, NY @canturkisci SAD-7286 Sun Feb 21, 11:00 AM Wed Feb 24, 4:00 PM
  2. 2. Please Note: 2 • IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. • Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. • The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. • The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. • Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
  3. 3. - Provide unmatched deep, seamless visibility for our users - Drive operational insights to solve real-world pain points (Security & Compliance) - Provide unmatched deep, seamless visibility for our users - Drive operational insights to solve real-world pain points (Security & Compliance) Built-in Monitoring & Analytics Designed for Cloud
  4. 4. Seamless: Built-in Monitoring & Logging for Containers ”Users do not have to do anything to get this visibility. It is already there by default” Container Cloud Docker Hosts App Cont .App Cont .App Cont .App Cont . Docker Hosts App Cont .App Cont .App Cont .App Cont . Docker Hosts App Cont .App Cont .App Cont .App Cont . Metrics & Logs Bus Multitenant Index Logmet Svc Provisioning Tenancy Info State Events  Built-in in every compute node, all geos  Enabled by default for all users in all prod  O(10K) metrics/s & logs/s Current State
  5. 5. Container Cloud App Cont .App Cont .App Cont .App Cont . Cool! Happy User: Effortless, painless visibility in user world magicmagic Seamless: Built-in Monitoring & Logging for Containers ”Users do not have to do anything to get this visibility. It is already there by default”
  6. 6. Key Advantages Key Advantages Container Cloud App Cont .App Cont .App Cont .App Cont . Why Built-in Monitoring magicmagic  Monitoring built into the platform not in end-user systems  No complexity to end user (They do nothing, all they see is the service)  No agents/credentials/access (nothing built into userworld)  Works out of the box  Makes data consumable (lower barrier to data collection and analytics)  Better Security for end user (No attack surface, in userworld)  Better Availability of monitoring (From birth to death, inspect even defunct guest)  Guest Agnostic (Build for platform, not each user distro)  Decoupled from user context (No overhead/side-effect concerns)  Monitoring done right for the processes of the Cloud OS
  7. 7. Deep Visibility: What We Actually Collect (and Annotate) - OS Info - Processes - Disk Info - Metrics - Network Info - Packages - Files - Config Info From Container/VM - Docker metadata (docker inspect) - CPU metrics (/cgroup/cpuacct/) - Memory metrics (/cgroup/memory) - Docker history Docker Runtime Config Annotator Vulnerability Annotator Compliance Annotator Password Annotator SW Annotator Licence Annotator - Audit Subsystem - Syscall Tracing - System Integrity Platform
  8. 8. Deep Visibility  Operational Insights/Analytics  Solve Real Problems - OS Info - Processes - Disk Info - Metrics - Network Info - Packages - Files - Config Info From Container/VM - Docker metadata (docker inspect) - CPU metrics (/cgroup/cpuacct/) - Memory metrics (/cgroup/memory) - Docker history Docker Runtime Config Annotator Vulnerability Annotator Compliance Annotator Password Annotator SW Annotator Licence Annotator - Audit Subsystem - Syscall Tracing - System Integrity Platform Index (Data) Vuln. & Compl. Analysis Secure Config Analysis Forensic Security & Compl. Pipeline Service Remediation Service
  9. 9. Deep Visibility  Operational Insights/Analytics  Solve Real Problems - OS Info - Processes - Disk Info - Metrics - Network Info - Packages - Files - Config Info From Container/VM - Docker metadata (docker inspect) - CPU metrics (/cgroup/cpuacct/) - Memory metrics (/cgroup/memory) - Docker history Docker Runtime Config Annotator Vulnerability Annotator Compliance Annotator Password Annotator SW Annotator Licence Annotator - Audit Subsystem - Syscall Tracing - System Integrity Platform Index (Data) Vuln. & Compl. Analysis Secure Config Analysis Forensic Security & Compl. Pipeline Service Remediation Service This Session: Vulnerability Advisor Also Now: Remediation Service
  10. 10. Vulnerability Advisor: User Stories How can I identify my vulnerable/non-compliant images before they go live? How can I detect and block systems with password access configurations and weak passwords? - OS Info - Processes - Disk Info - Metrics - Network Info - Packages - Files - Config Info From Container/VM - Docker metadata (docker inspect) - CPU metrics (/cgroup/cpuacct/) - Memory metrics (/cgroup/memory) - Docker history Docker Runtime Config Annotator Vulnerability Annotator Compliance Annotator Password Annotator SW Annotator Licence Annotator - Audit Subsystem - Syscall Tracing - System Integrity Platform
  11. 11. Vulnerability Advisor for Your Images Annotators (Vuln, Compl, Passwd, Config, SW, Notif,…) Data Pipeline Index (Data) ImgCrawlers OpAnalytics Data Pipeline Docker Hosts App Cont. App Cont. App Cont. App Cont. Docker Hosts App Cont. App Cont. App Cont. App Cont. App Cont. App Cont. App Cont. App Cont. Docker Hosts App VM App VM App VM App VM Docker Hosts App VM App VM App VM App VM App VM App VM App VM App VM Compute App Cont. App Cont. App Cont. App Cont. App Cont. App Cont. App Cont. App Cont. Logging, Monitoring, Alerting Metrics + state Logs + events Static state Vulnerability Advisor Container Image Registry Currently in Bluemix
  12. 12. Vulnerability Advisor for Your Images and Instances Annotators (Vuln, Compl, Passwd, Config, SW, Notif,…) Data Pipeline Index (Data) ImgCrawlers OpAnalytics Data Pipeline Docker Hosts App Cont. App Cont. App Cont. App Cont. Docker Hosts App Cont. App Cont. App Cont. App Cont. App Cont. App Cont. App Cont. App Cont. Docker Hosts App VM App VM App VM App VM Docker Hosts App VM App VM App VM App VM App VM App VM App VM App VM Compute App Cont. App Cont. App Cont. App Cont. App Cont. App Cont. App Cont. App Cont. Logging, Monitoring, Alerting Metrics + state Logs + events Static state Vulnerability Advisor Container Image Registry Live state Additional Image Repos Future Research
  13. 13. DEMO TIME This Session This Session  Vulnerability Advisor, Policy Mgr  Go to Bluemix Catalog  See VA Image Status (Safe, Caution, Blocked)  Go to Create View  Explore Status Details (Vulnerabilities, Policy Violations)  Browse Policy Manager (Policy Settings, Deployment Impact)  Change Org Policies  Override Policies (Don’t do it)  See Weak Password Discovery  Update Image in Local Dev  Fix Policy Violation Tomorrow Tomorrow  Built-in Monitoring & Logging  DeveloperWorks SmartBar Session Agentless System Crawler 4:00pm
  14. 14. Getting Started: Let’s Go to London Login to Bluemix London (https://console.eu-gb.bluemix.net/) Login to Bluemix London (https://console.eu-gb.bluemix.net/)
  15. 15. Deployment Status Login to Bluemix London (https://console.eu-gb.bluemix.net/) Login to Bluemix London (https://console.eu-gb.bluemix.net/) Go to Catalog and Look for Containers Hover over containers to see VA verdict: Safe to Deploy Go to Catalog and Look for Containers Hover over containers to see VA verdict: Safe to Deploy
  16. 16. Deployment Status Login to Bluemix London (https://console.eu-gb.bluemix.net/) Login to Bluemix London (https://console.eu-gb.bluemix.net/) Go to Catalog and Look for Containers Hover over containers to see VA verdict: Safe to Deploy | Deploy with Caution Go to Catalog and Look for Containers Hover over containers to see VA verdict: Safe to Deploy | Deploy with Caution
  17. 17. Deployment Status Login to Bluemix London (https://console.eu-gb.bluemix.net/) Login to Bluemix London (https://console.eu-gb.bluemix.net/) Go to Catalog and Look for Containers Hover over containers to see VA verdict: Safe to Deploy | Deploy with Caution | Blocked Go to Catalog and Look for Containers Hover over containers to see VA verdict: Safe to Deploy | Deploy with Caution | Blocked
  18. 18. Create View Login to Bluemix London (https://console.eu-gb.bluemix.net/) Login to Bluemix London (https://console.eu-gb.bluemix.net/) Go to Catalog and Look for Containers Hover over containers to see VA verdict: Safe to Deploy | Deploy with Caution | Blocked Go to Catalog and Look for Containers Hover over containers to see VA verdict: Safe to Deploy | Deploy with Caution | Blocked Click on Image to go to Create View See Verdict Details and Explore Options Click on Image to go to Create View See Verdict Details and Explore Options
  19. 19. Vulnerability Advisor Report Login to Bluemix London (https://console.eu-gb.bluemix.net/) Login to Bluemix London (https://console.eu-gb.bluemix.net/) Go to Catalog and Look for Containers Hover over containers to see VA verdict: Safe to Deploy | Deploy with Caution | Blocked Go to Catalog and Look for Containers Hover over containers to see VA verdict: Safe to Deploy | Deploy with Caution | Blocked Click on Image to go to Create View See Verdict Details and Explore Options Click on Image to go to Create View See Verdict Details and Explore Options View Vulnerability Advisor Report: Discovered Vulnerabilities | Policy Violations View Vulnerability Advisor Report: Discovered Vulnerabilities | Policy Violations
  20. 20. Vulnerability Advisor Report Login to Bluemix London (https://console.eu-gb.bluemix.net/) Login to Bluemix London (https://console.eu-gb.bluemix.net/) Go to Catalog and Look for Containers Hover over containers to see VA verdict: Safe to Deploy | Deploy with Caution | Blocked Go to Catalog and Look for Containers Hover over containers to see VA verdict: Safe to Deploy | Deploy with Caution | Blocked Click on Image to go to Create View See Verdict Details and Explore Options Click on Image to go to Create View See Verdict Details and Explore Options View Vulnerability Advisor Report: Discovered Vulnerabilities | Policy Violations View Vulnerability Advisor Report: Discovered Vulnerabilities | Policy Violations
  21. 21. Policy Manager and Deployment Impact Login to Bluemix London (https://console.eu-gb.bluemix.net/) Login to Bluemix London (https://console.eu-gb.bluemix.net/) Go to Catalog and Look for Containers Hover over containers to see VA verdict: Safe to Deploy | Deploy with Caution | Blocked Go to Catalog and Look for Containers Hover over containers to see VA verdict: Safe to Deploy | Deploy with Caution | Blocked Click on Image to go to Create View See Verdict Details and Explore Options Click on Image to go to Create View See Verdict Details and Explore Options View Vulnerability Advisor Report: Discovered Vulnerabilities | Policy Violations View Vulnerability Advisor Report: Discovered Vulnerabilities | Policy Violations Policy Manager and Deployment ImpactPolicy Manager and Deployment Impact
  22. 22. Policy Manager and Deployment Impact Login to Bluemix London (https://console.eu-gb.bluemix.net/) Login to Bluemix London (https://console.eu-gb.bluemix.net/) Go to Catalog and Look for Containers Hover over containers to see VA verdict: Safe to Deploy | Deploy with Caution | Blocked Go to Catalog and Look for Containers Hover over containers to see VA verdict: Safe to Deploy | Deploy with Caution | Blocked Click on Image to go to Create View See Verdict Details and Explore Options Click on Image to go to Create View See Verdict Details and Explore Options View Vulnerability Advisor Report: Discovered Vulnerabilities | Policy Violations View Vulnerability Advisor Report: Discovered Vulnerabilities | Policy Violations Policy Manager and Deployment Impact Change Org Policy and Observe Impact Policy Manager and Deployment Impact Change Org Policy and Observe Impact
  23. 23. Policy Override Login to Bluemix London (https://console.eu-gb.bluemix.net/) Login to Bluemix London (https://console.eu-gb.bluemix.net/) Go to Catalog and Look for Containers Hover over containers to see VA verdict: Safe to Deploy | Deploy with Caution | Blocked Go to Catalog and Look for Containers Hover over containers to see VA verdict: Safe to Deploy | Deploy with Caution | Blocked Click on Image to go to Create View See Verdict Details and Explore Options Click on Image to go to Create View See Verdict Details and Explore Options View Vulnerability Advisor Report: Discovered Vulnerabilities | Policy Violations View Vulnerability Advisor Report: Discovered Vulnerabilities | Policy Violations Policy Manager and Deployment Impact Change Org Policy and Observe Impact Policy Manager and Deployment Impact Change Org Policy and Observe Impact Create View > Click One-time Override Name your risky container and deploy Create View > Click One-time Override Name your risky container and deploy
  24. 24. Also: One-stop Shop “Michael View” for the Purists
  25. 25. Also: Don’t Feel Vulnerable on the Go 
  26. 26. Notices and Disclaimers 26 Copyright © 2016 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law
  27. 27. Notices and Disclaimers Con’t. 27 Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained h erein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®, FileNet®, Global Business Services ®, Global Technology Services ®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli®, Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.
  28. 28. Thank You Your Feedback is Important! Access the InterConnect 2016 Conference Attendee Portal to complete your session surveys from your smartphone, laptop or conference kiosk. SAD-7286 : IBM Research Day Demo: Vulnerability Advisor for Your Images (and Instances) @canturkisci

×