Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Hacker vs Company,
Cyber Security Automated with
Kubernetes
Demi Ben-Ari – VP R&D @ Panorays
About Me
Demi Ben-Ari, Co-Founder & VP R&D @ Panorays
● Google Developer Expert
● Co-Founder of Communities:
○ “Big Things...
Some important things
● What I’m not: Docker / Kubernetes / Security Expert
● What you won’t be after this talk: Docker / ...
What is (Cyber) security?
https://www.pinterest.com/mechlite/security-fails/ http://www.techeblog.com/index.php/tech-gadge...
What is “Security”?
● Security is a Technology
● Security is an Action
● Security is a Process
● Risk Assessment Methods
●...
Resources
Security
VS
Assets, Security, Threats, Adversaries
Risk = (Vulnerabilities X Threats X Consequences)
PrivacyContent
Identity
Files
Ass...
What do we do at Panorays?
How Do Hackers Get to Third Parties?
Supplier
Employees
IT & Network Application
- Confidential -12p.
52% by the
Human Fac...
The Problem
What’s the hardest problem in Software Engineering?
Naming Things
What’s the biggest problem in Software Engineering?
● Naming Things
https://www.pinterest.com/pin/52424783138601042
/
Step #1 - Appoint a CNO
● Chief Naming Officer - your go to guy for all of the hardest problems
Step #2 - Define the problem and abstractions
● Parallelizm happening in the manner of a company (VMs being launched).
● S...
Step #3 – Understand the people involved
● We had software engineers and security researchers on the team
● How do you int...
https://www.coscale.com/hs-fs/hubfs/Blog_Pictures/2016_06/monolithic_vs_microservices.jpg
We’ve created a “Microlith”
In the beginning...
#!/bin/bash
In the beginning...
In the beginning...
1st Job
2nd Job
n-1 Job
nth Job
.
.
.
The Transporter
a Dynamic Workflow Engine
Built for Running Kubernetes Jobs According to a Predefined Workflow.
The Transporter
● Flexible and Efficient
● Parallel
● Automated
{ }
A bit about Kubernetes
● Greek for “Helmsman”; also the root of the
words “governor” and “cybernetic”.
● Manages container...
Cattle vs. Pets
CattlePet
• Has a name
• Is unique or rare
• Personal Attention
• If it gets ill, you make it better
• Has...
Kubernetes Terminology
● Deployment
● Service
● ReplicaSet
● Pod
● Volume
● Label
● Selector
● ConfigMap
● Secret
● Daemon...
● Jobs
● Phases
● Workflows
The Deal is The Deal
discover
map
fetch
rate
saveaggregate
detect
Parallel
Sequential Sequenti...
Never Make a Promise You Can’t Keep
● Retries
● Schedule
● Timeouts
The Transporter
Q1
Worker1 ... Workern
Task1
...
Taskn...
Almost Never Make a Promise You Can’t Keep
● Failure
1
● Notifications
No Names
● UUID
(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?')
Max Chars: 63
CompanyName JobName WorkflowId● Labels, Labels...
So What’s On Our Cluster?
● The Transporter Service
● Workers Deployments
● Redis
● KubernetesJobs triggered by the
transp...
What’s Next?
● Workflows Monitoring (Grafana and Dash dashboards)
● ConfigMap for Versions
● Asset level Parallelization~O...
Conclusions
● If you have a possibility -> Don’t implement distributed systems
● Kubernetes is a great container orchestra...
Questions
Thank You
Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-Ari at Panorays
Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-Ari at Panorays
Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-Ari at Panorays
Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-Ari at Panorays
Upcoming SlideShare
Loading in …5
×
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

0

Share

Download to read offline

Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-Ari at Panorays

Download to read offline

Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-Ari at Panorays fullstack tech radar day by Tikal

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-Ari at Panorays

  1. 1. Hacker vs Company, Cyber Security Automated with Kubernetes Demi Ben-Ari – VP R&D @ Panorays
  2. 2. About Me Demi Ben-Ari, Co-Founder & VP R&D @ Panorays ● Google Developer Expert ● Co-Founder of Communities: ○ “Big Things” - Big Data, Data Science, DevOps ○ Google Developer Group Cloud ○ Ofek Alumni Association In the Past: ● Sr. Data Engineer - Windward ● Team Leader & Sr. Java Software Engineer, Missile defence and Alert System - “Ofek” – IAF
  3. 3. Some important things ● What I’m not: Docker / Kubernetes / Security Expert ● What you won’t be after this talk: Docker / Kubernetes / Security Expert ● What you will be after this talk? ● Happier people (Because I’ve stopped talking) ● You’ll know what was our problem and our way of solution ● You’ll know where to search and learn more things ● The answer to the “What’s the meaning of life?” (42)
  4. 4. What is (Cyber) security? https://www.pinterest.com/mechlite/security-fails/ http://www.techeblog.com/index.php/tech-gadget/funny-security-cameras https://www.pinterest.com/pin/449585975275324132/
  5. 5. What is “Security”? ● Security is a Technology ● Security is an Action ● Security is a Process ● Risk Assessment Methods ● https://www.iso.org/standard/56742.html ● https://www.securityforum.org/
  6. 6. Resources Security VS
  7. 7. Assets, Security, Threats, Adversaries Risk = (Vulnerabilities X Threats X Consequences) PrivacyContent Identity Files Assets Tor VPN HTTPS Encryption 2FA HTTP Filter Patching WAFFirewall SSL / TLS SSH Security Threats Adversaries Vishing Phishsing Spying Adware Backdoors Adware Exploit Kits Spyware Viruses Malware Mass Surveillance Spies Nation-States Hackers Hackers Groups Crackers Colleagues Cyber Criminals Law Enforcement Ex-Partner Governments Pseudo Anonymity Anonymity
  8. 8. What do we do at Panorays?
  9. 9. How Do Hackers Get to Third Parties? Supplier Employees IT & Network Application - Confidential -12p. 52% by the Human Factor
  10. 10. The Problem
  11. 11. What’s the hardest problem in Software Engineering?
  12. 12. Naming Things
  13. 13. What’s the biggest problem in Software Engineering? ● Naming Things https://www.pinterest.com/pin/52424783138601042 /
  14. 14. Step #1 - Appoint a CNO ● Chief Naming Officer - your go to guy for all of the hardest problems
  15. 15. Step #2 - Define the problem and abstractions ● Parallelizm happening in the manner of a company (VMs being launched). ● Scan and evaluation process is not transparent. ● Server utilization is low. ● Had to build an internal orchestration system via Cron & Bash. ● (Think how fun is that…) ● How do you monitor all of this? ● Need to control it all via an easy API
  16. 16. Step #3 – Understand the people involved ● We had software engineers and security researchers on the team ● How do you integrate Dev – Sec – Ops? ● Creating a CI / CD pipeline? ● How do you make not software engineers deploy code to production?
  17. 17. https://www.coscale.com/hs-fs/hubfs/Blog_Pictures/2016_06/monolithic_vs_microservices.jpg
  18. 18. We’ve created a “Microlith”
  19. 19. In the beginning... #!/bin/bash
  20. 20. In the beginning...
  21. 21. In the beginning... 1st Job 2nd Job n-1 Job nth Job . . .
  22. 22. The Transporter a Dynamic Workflow Engine Built for Running Kubernetes Jobs According to a Predefined Workflow.
  23. 23. The Transporter ● Flexible and Efficient ● Parallel ● Automated { }
  24. 24. A bit about Kubernetes ● Greek for “Helmsman”; also the root of the words “governor” and “cybernetic”. ● Manages container clusters ● Inspired and informed by Google’s experience and an internal system (Borg) ● Supports multiple cloud and bare-metal environments ● 100% Open source, written in Go ● Manage applications, not Machines
  25. 25. Cattle vs. Pets CattlePet • Has a name • Is unique or rare • Personal Attention • If it gets ill, you make it better • Has a number • One is much like any other • Run as a group • If it gets ill, you make hamburgers
  26. 26. Kubernetes Terminology ● Deployment ● Service ● ReplicaSet ● Pod ● Volume ● Label ● Selector ● ConfigMap ● Secret ● DaemonSet ● Stateful Set ● Job ● Liveness Probe ● Readiness Probe
  27. 27. ● Jobs ● Phases ● Workflows The Deal is The Deal discover map fetch rate saveaggregate detect Parallel Sequential Sequential
  28. 28. Never Make a Promise You Can’t Keep ● Retries ● Schedule ● Timeouts The Transporter Q1 Worker1 ... Workern Task1 ... Taskn Q2
  29. 29. Almost Never Make a Promise You Can’t Keep ● Failure 1 ● Notifications
  30. 30. No Names ● UUID (([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?') Max Chars: 63 CompanyName JobName WorkflowId● Labels, Labels everywhere website__bot
  31. 31. So What’s On Our Cluster? ● The Transporter Service ● Workers Deployments ● Redis ● KubernetesJobs triggered by the transporter
  32. 32. What’s Next? ● Workflows Monitoring (Grafana and Dash dashboards) ● ConfigMap for Versions ● Asset level Parallelization~O(n_assets * jobslowest) ~O(jobslowest)x100-x1,000,000
  33. 33. Conclusions ● If you have a possibility -> Don’t implement distributed systems ● Kubernetes is a great container orchestration tool ● Installing it on bare metal is not that fun - but also possible ● “Perfect” is the enemy of “Working” / “Giving Value” ● Making non developers deploy to production seamlessly
  34. 34. Questions
  35. 35. Thank You

Hacker vs company, Cloud Cyber Security Automated with Kubernetes - Demi Ben-Ari at Panorays fullstack tech radar day by Tikal

Views

Total views

169

On Slideshare

0

From embeds

0

Number of embeds

31

Actions

Downloads

5

Shares

0

Comments

0

Likes

0

×