Successfully reported this slideshow.
Your SlideShare is downloading. ×

Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-Ari at Panorays

Loading in …3
×

Check these out next

1 of 39 Ad
1 of 39 Ad

Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-Ari at Panorays

Download to read offline

Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-Ari at Panorays fullstack tech radar day by Tikal

Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-Ari at Panorays fullstack tech radar day by Tikal

Advertisement
Advertisement

More Related Content

Similar to Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-Ari at Panorays (20)

Advertisement

More from Demi Ben-Ari (20)

Advertisement

Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-Ari at Panorays

  1. 1. Hacker vs Company, Cyber Security Automated with Kubernetes Demi Ben-Ari – VP R&D @ Panorays
  2. 2. About Me Demi Ben-Ari, Co-Founder & VP R&D @ Panorays ● Google Developer Expert ● Co-Founder of Communities: ○ “Big Things” - Big Data, Data Science, DevOps ○ Google Developer Group Cloud ○ Ofek Alumni Association In the Past: ● Sr. Data Engineer - Windward ● Team Leader & Sr. Java Software Engineer, Missile defence and Alert System - “Ofek” – IAF
  3. 3. Some important things ● What I’m not: Docker / Kubernetes / Security Expert ● What you won’t be after this talk: Docker / Kubernetes / Security Expert ● What you will be after this talk? ● Happier people (Because I’ve stopped talking) ● You’ll know what was our problem and our way of solution ● You’ll know where to search and learn more things ● The answer to the “What’s the meaning of life?” (42)
  4. 4. What is (Cyber) security? https://www.pinterest.com/mechlite/security-fails/ http://www.techeblog.com/index.php/tech-gadget/funny-security-cameras https://www.pinterest.com/pin/449585975275324132/
  5. 5. What is “Security”? ● Security is a Technology ● Security is an Action ● Security is a Process ● Risk Assessment Methods ● https://www.iso.org/standard/56742.html ● https://www.securityforum.org/
  6. 6. Resources Security VS
  7. 7. Assets, Security, Threats, Adversaries Risk = (Vulnerabilities X Threats X Consequences) PrivacyContent Identity Files Assets Tor VPN HTTPS Encryption 2FA HTTP Filter Patching WAFFirewall SSL / TLS SSH Security Threats Adversaries Vishing Phishsing Spying Adware Backdoors Adware Exploit Kits Spyware Viruses Malware Mass Surveillance Spies Nation-States Hackers Hackers Groups Crackers Colleagues Cyber Criminals Law Enforcement Ex-Partner Governments Pseudo Anonymity Anonymity
  8. 8. What do we do at Panorays?
  9. 9. How Do Hackers Get to Third Parties? Supplier Employees IT & Network Application - Confidential -12p. 52% by the Human Factor
  10. 10. The Problem
  11. 11. What’s the hardest problem in Software Engineering?
  12. 12. Naming Things
  13. 13. What’s the biggest problem in Software Engineering? ● Naming Things https://www.pinterest.com/pin/52424783138601042 /
  14. 14. Step #1 - Appoint a CNO ● Chief Naming Officer - your go to guy for all of the hardest problems
  15. 15. Step #2 - Define the problem and abstractions ● Parallelizm happening in the manner of a company (VMs being launched). ● Scan and evaluation process is not transparent. ● Server utilization is low. ● Had to build an internal orchestration system via Cron & Bash. ● (Think how fun is that…) ● How do you monitor all of this? ● Need to control it all via an easy API
  16. 16. Step #3 – Understand the people involved ● We had software engineers and security researchers on the team ● How do you integrate Dev – Sec – Ops? ● Creating a CI / CD pipeline? ● How do you make not software engineers deploy code to production?
  17. 17. https://www.coscale.com/hs-fs/hubfs/Blog_Pictures/2016_06/monolithic_vs_microservices.jpg
  18. 18. We’ve created a “Microlith”
  19. 19. In the beginning... #!/bin/bash
  20. 20. In the beginning...
  21. 21. In the beginning... 1st Job 2nd Job n-1 Job nth Job . . .
  22. 22. The Transporter a Dynamic Workflow Engine Built for Running Kubernetes Jobs According to a Predefined Workflow.
  23. 23. The Transporter ● Flexible and Efficient ● Parallel ● Automated { }
  24. 24. A bit about Kubernetes ● Greek for “Helmsman”; also the root of the words “governor” and “cybernetic”. ● Manages container clusters ● Inspired and informed by Google’s experience and an internal system (Borg) ● Supports multiple cloud and bare-metal environments ● 100% Open source, written in Go ● Manage applications, not Machines
  25. 25. Cattle vs. Pets CattlePet • Has a name • Is unique or rare • Personal Attention • If it gets ill, you make it better • Has a number • One is much like any other • Run as a group • If it gets ill, you make hamburgers
  26. 26. Kubernetes Terminology ● Deployment ● Service ● ReplicaSet ● Pod ● Volume ● Label ● Selector ● ConfigMap ● Secret ● DaemonSet ● Stateful Set ● Job ● Liveness Probe ● Readiness Probe
  27. 27. ● Jobs ● Phases ● Workflows The Deal is The Deal discover map fetch rate saveaggregate detect Parallel Sequential Sequential
  28. 28. Never Make a Promise You Can’t Keep ● Retries ● Schedule ● Timeouts The Transporter Q1 Worker1 ... Workern Task1 ... Taskn Q2
  29. 29. Almost Never Make a Promise You Can’t Keep ● Failure 1 ● Notifications
  30. 30. No Names ● UUID (([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?') Max Chars: 63 CompanyName JobName WorkflowId● Labels, Labels everywhere website__bot
  31. 31. So What’s On Our Cluster? ● The Transporter Service ● Workers Deployments ● Redis ● KubernetesJobs triggered by the transporter
  32. 32. What’s Next? ● Workflows Monitoring (Grafana and Dash dashboards) ● ConfigMap for Versions ● Asset level Parallelization~O(n_assets * jobslowest) ~O(jobslowest)x100-x1,000,000
  33. 33. Conclusions ● If you have a possibility -> Don’t implement distributed systems ● Kubernetes is a great container orchestration tool ● Installing it on bare metal is not that fun - but also possible ● “Perfect” is the enemy of “Working” / “Giving Value” ● Making non developers deploy to production seamlessly
  34. 34. Questions
  35. 35. Thank You

×