SlideShare a Scribd company logo

A Discussion of Automated Infrastructure Security with a Practical Example

DevOps.com
DevOps.com

This document discusses how DevOps teams can integrate security into their continuous delivery pipelines to enable faster deployment without security roadblocks. It provides an example of how a company called Acme Incorporated improved their process by having their Security Operations team work directly with Development and Operations teams. The new process plans security policies upfront, automates security checks into the pipeline using a lightweight agent, and monitors workloads continuously to find and address issues quickly without traditional security approval bottlenecks. This allows autonomous and near real-time deployment while still maintaining security and compliance.

Software
1 of 30
Download to read offline
DevOps.com and CloudPassage Continuous Infrastructure Compliance W. Jenks Gibbons | November 2, 2017
Is security a roadblock for continuous delivery? © 2017 CloudPassage2
© 2017 CloudPassage3 Traditional security tools Plan Code Build Test Release Deploy Operate security gate
© 2017 CloudPassage4 Re-align security to modern IT delivery security guardrails Plan Code Build Test Release Deploy Operate
© 2017 CloudPassage5 Continuous Security - DevSecOps PLAN • Map out types of systems • Design security policies • Define policy groups PEOPLE CREATE • Insert agent via CI build scripts, Gold Master images, etc. AUTOMATION PRE-PROD • Tag production artifacts with proper policy groups AUTOMATION CONFIGURE • Apply runtime policies • SVA, CSM, SAM • Firewall, authentication • FIM, LIDS AUTOMATION MONITOR • Monitor production • Security events to SIEM • Audit data to GRC • Metrics to reporting • Visualize traffic and connections • Scope new vulnerabilities AUTOMATION & PEOPLE VERIFY • Verify security of builds • SVA, CSM, SAM • Generate FIM baselines AUTOMATION
Case Study Acme Incorporated: Current State • Development and Operations: understand the needs of the business units • Development and Operations: work together on their area of responsibility independently of other teams • Continuous Integration / Continuous Delivery (CICD) • Deliver features multiple times a day • Delivery does not require external approval • Deployment requires Security Operations approval © 2017 CloudPassage Confidential6
Case Study Acme Incorporated: Current Problem • Individual teams are unable to deploy at the at the speed of the business units • Security is blocking deployment • Examples: • Security must confirm there are no vulnerabilities in the image (5 day SLA) • Security must confirm the image is configured to meet compliance requirements (5 day SLA) • Security must create an image baseline for file integrity monitoring (5 day SLA) • Firewall changes for new workloads (5 day SLA) © 2017 CloudPassage Confidential7
Case Study Acme Incorporated: Current Problem • Delivery: many times a day • Delivery team: autonomous • Deployment team: autonomous • Deployment approval: multiple teams • Deployment approval: more than 5x the time to deliver and deploy © 2017 CloudPassage Confidential8
© 2017 CloudPassage9 DevOps delivery pipeline – before security automation PEOPLE Code Done AUTOMATION TOOL CHAIN
© 2017 CloudPassage10 DevOps delivery pipeline – before security automation Hours
Case Study Acme Incorporated: Solution • Add a Security Operations team member to the Development and Operations feature teams • Add security to the pipeline © 2017 CloudPassage Confidential11
Case Study Acme Incorporated: Solution - Plan • Development, Operations and Security Operations are now working together in autonomous feature teams • OS image – the teams will work together to design and create a known “golden” image for each platform • Workloads (e.g. VMs, hosts, servers) are are grouped together: • Jenkins Master • Jenkins Slaves • Git • Web • DB • PCI complaint • HIPAA compliant © 2017 CloudPassage Confidential12
Case Study Acme Incorporated: Solution - Plan • Groups are assigned security policies: • Software Vulnerability Assessment (SVA) • Configuration Security Monitoring (CSM) • File Integrity Monitoring (FIM) • Microsegmentation • Log-based Intrusion Detection (LIDS) © 2017 CloudPassage Confidential13
Case Study Acme Incorporated: Solution - Create • Enable automated workload security by integrating it into the pipeline • Install a small security agent on the workload. • Ansible • Chef • PowerShell • Puppet • “bake” into image • Ensure the agent works • in any environment • at any scale • on demand • and offers a broad range of controls © 2017 CloudPassage Confidential14
Case Study Acme Incorporated: Solution - Pre-Production • When workloads boot • Tag the workload with the proper group • Security policies applied automatically • Security simply goes along for the ride © 2017 CloudPassage Confidential15
Case Study Acme Incorporated: Solution – Verify • Security verification is built into the CICD Pipeline • During CI • Code analysis • Unit, smoke, functional … tests • Workload security tests • SVA scan • CSM scan • Success and failures are based on critical failures • Check results into Git – audit trail © 2017 CloudPassage Confidential16
Case Study Acme Incorporated: Solution – Verify • Workload security tests (cont.) • On fail • Kill instance • Fix issues • Check-in to kick-off CI - shorten feedback loop • On pass – deploy • take FIM baseline • move from a Pre-Production to a Production security group © 2017 CloudPassage Confidential17
Case Study Acme Incorporated: Solution – Monitor • Separate CI build job • At specified intervals • SVA scan • CSM scan • FIM scan • Any critical issues to Slack, JIRA, ServiceNow … © 2017 CloudPassage Confidential18
© 2017 CloudPassage19 DevOps delivery pipeline – after security automation Minutes
© 2017 CloudPassage20 DevOps delivery pipeline - after security automation PEOPLE Code Notify Done Source control Commit CI/CD master Trigger CI/CD slave Build Test Pass? CloudPassage Halo Scan Baseline Monitor Artifact registry Store Infrastructure Update Y N
© 2017 CloudPassage21 Practical Example • Git • Jenkins • Slack • Chef
© 2017 CloudPassage22 Check-In Developer makes a change to code, or to infrastructure (e.g. golden image)
© 2017 CloudPassage23 Jenkins A web-hook is then configured to kick off a build in Jenkins. This could be a code change or an infrastructure change.
© 2017 CloudPassage24 Slack Jenkins sends notifications to Slack – shorten the feedback loop.
© 2017 CloudPassage25 Jenkins, Chef, Test Kitchen, Security Tools • EC2 Test Kitchen – launch golden image • Chef – install lightweight security agent • Python – API calls to security tools python /home/jenkins/workload_security_analysis.py python /home/jenkins/deploy.py
© 2017 CloudPassage confidential26 Git – Audit Trail If the build succeeds or fails an audit report can be created and checked into Git.
© 2017 CloudPassage27 Patch – “Golden Image” Using the results of the workload security analysis from the audit report the golden image can be patched.
© 2017 CloudPassage28 Create New Golden Image and Check in as Code
© 2017 CloudPassage29 Notification, Audit Trail
W. Jenks Gibbons jgibbons@cloudpassage.com

Recommended

Integrating Security into your Development Pipeline
Integrating Security into your Development PipelineIntegrating Security into your Development Pipeline
Integrating Security into your Development Pipeline
DevOps.com
 
Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?
Cloud Native Rosenheim Meetup
 
Migrating to Cloud Native Solutions
Migrating to Cloud Native SolutionsMigrating to Cloud Native Solutions
Migrating to Cloud Native Solutions
inwin stack
 
Build CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesBuild CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation Slides
Amazon Web Services
 
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKSMigrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Weaveworks
 
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshData Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
NGINX, Inc.
 
Successfully Implementing DEV-SEC-OPS in the Cloud
Successfully Implementing DEV-SEC-OPS in the CloudSuccessfully Implementing DEV-SEC-OPS in the Cloud
Successfully Implementing DEV-SEC-OPS in the Cloud
Amazon Web Services
 
Policy as code what helm developers need to know about security
Policy as code what helm developers need to know about securityPolicy as code what helm developers need to know about security
Policy as code what helm developers need to know about security
LibbySchulze
 

Recommended

Integrating Security into your Development Pipeline
Integrating Security into your Development PipelineIntegrating Security into your Development Pipeline
Integrating Security into your Development Pipeline
DevOps.com
 
Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?
Cloud Native Rosenheim Meetup
 
Migrating to Cloud Native Solutions
Migrating to Cloud Native SolutionsMigrating to Cloud Native Solutions
Migrating to Cloud Native Solutions
inwin stack
 
Build CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesBuild CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation Slides
Amazon Web Services
 
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKSMigrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS
Weaveworks
 
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshData Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
NGINX, Inc.
 
Successfully Implementing DEV-SEC-OPS in the Cloud
Successfully Implementing DEV-SEC-OPS in the CloudSuccessfully Implementing DEV-SEC-OPS in the Cloud
Successfully Implementing DEV-SEC-OPS in the Cloud
Amazon Web Services
 
Policy as code what helm developers need to know about security
Policy as code what helm developers need to know about securityPolicy as code what helm developers need to know about security
Policy as code what helm developers need to know about security
LibbySchulze
 
NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX, Inc.
 
Use case: CloudStack and Ansible
Use case: CloudStack and AnsibleUse case: CloudStack and Ansible
Use case: CloudStack and Ansible
ShapeBlue
 
Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack
Deborah Schalm
 
Monitoring Your AWS EKS Environment with Datadog
Monitoring Your AWS EKS Environment with DatadogMonitoring Your AWS EKS Environment with Datadog
Monitoring Your AWS EKS Environment with Datadog
DevOps.com
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
ShapeBlue
 
NGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX DevSecOps Workshop
NGINX DevSecOps Workshop
NGINX, Inc.
 
ThoughtWorks Technology Radar Roadshow - Sydney
ThoughtWorks Technology Radar Roadshow - SydneyThoughtWorks Technology Radar Roadshow - Sydney
ThoughtWorks Technology Radar Roadshow - Sydney
Thoughtworks
 
ThoughtWorks Technology Radar Roadshow - Perth
ThoughtWorks Technology Radar Roadshow - PerthThoughtWorks Technology Radar Roadshow - Perth
ThoughtWorks Technology Radar Roadshow - Perth
Thoughtworks
 
Migrating from BIG-IP Deployment to NGINX ADC
Migrating from BIG-IP Deployment to NGINX ADCMigrating from BIG-IP Deployment to NGINX ADC
Migrating from BIG-IP Deployment to NGINX ADC
NGINX, Inc.
 
Resilient Microservices with Spring Cloud
Resilient Microservices with Spring CloudResilient Microservices with Spring Cloud
Resilient Microservices with Spring Cloud
VMware Tanzu
 
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controllerNGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
Katherine Bagood
 
Embacing service-level-objectives of your microservices in your Cl/CD
Embacing service-level-objectives of your microservices in your Cl/CDEmbacing service-level-objectives of your microservices in your Cl/CD
Embacing service-level-objectives of your microservices in your Cl/CD
Nebulaworks
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Olivia LaMar
 
Relevez les défis Kubernetes avec NGINX
Relevez les défis Kubernetes avec NGINXRelevez les défis Kubernetes avec NGINX
Relevez les défis Kubernetes avec NGINX
NGINX, Inc.
 
淺談WAF在AWS的架構
淺談WAF在AWS的架構淺談WAF在AWS的架構
淺談WAF在AWS的架構
4ndersonLin
 
Microservices and Container Management with NGINX Plus and Mesosphere DC/OS
Microservices and Container Management with NGINX Plus and Mesosphere DC/OSMicroservices and Container Management with NGINX Plus and Mesosphere DC/OS
Microservices and Container Management with NGINX Plus and Mesosphere DC/OS
NGINX, Inc.
 
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStackReal World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Nati Shalom
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com
 
NGINX: Back to Basics – APCJ
NGINX: Back to Basics – APCJNGINX: Back to Basics – APCJ
NGINX: Back to Basics – APCJ
NGINX, Inc.
 
Weaponizing Your DevOps Pipeline
Weaponizing Your DevOps PipelineWeaponizing Your DevOps Pipeline
Weaponizing Your DevOps Pipeline
Puma Security, LLC
 
Secure DevOps: A Puma's Tail
Secure DevOps: A Puma's TailSecure DevOps: A Puma's Tail
Secure DevOps: A Puma's Tail
Puma Security, LLC
 
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentationJustin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
TriNimbus
 

More Related Content

What's hot

NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX, Inc.
 
Use case: CloudStack and Ansible
Use case: CloudStack and AnsibleUse case: CloudStack and Ansible
Use case: CloudStack and Ansible
ShapeBlue
 
Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack
Deborah Schalm
 
Monitoring Your AWS EKS Environment with Datadog
Monitoring Your AWS EKS Environment with DatadogMonitoring Your AWS EKS Environment with Datadog
Monitoring Your AWS EKS Environment with Datadog
DevOps.com
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
ShapeBlue
 
NGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX DevSecOps Workshop
NGINX DevSecOps Workshop
NGINX, Inc.
 
ThoughtWorks Technology Radar Roadshow - Sydney
ThoughtWorks Technology Radar Roadshow - SydneyThoughtWorks Technology Radar Roadshow - Sydney
ThoughtWorks Technology Radar Roadshow - Sydney
Thoughtworks
 
ThoughtWorks Technology Radar Roadshow - Perth
ThoughtWorks Technology Radar Roadshow - PerthThoughtWorks Technology Radar Roadshow - Perth
ThoughtWorks Technology Radar Roadshow - Perth
Thoughtworks
 
Migrating from BIG-IP Deployment to NGINX ADC
Migrating from BIG-IP Deployment to NGINX ADCMigrating from BIG-IP Deployment to NGINX ADC
Migrating from BIG-IP Deployment to NGINX ADC
NGINX, Inc.
 
Resilient Microservices with Spring Cloud
Resilient Microservices with Spring CloudResilient Microservices with Spring Cloud
Resilient Microservices with Spring Cloud
VMware Tanzu
 
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controllerNGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
Katherine Bagood
 
Embacing service-level-objectives of your microservices in your Cl/CD
Embacing service-level-objectives of your microservices in your Cl/CDEmbacing service-level-objectives of your microservices in your Cl/CD
Embacing service-level-objectives of your microservices in your Cl/CD
Nebulaworks
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Olivia LaMar
 
Relevez les défis Kubernetes avec NGINX
Relevez les défis Kubernetes avec NGINXRelevez les défis Kubernetes avec NGINX
Relevez les défis Kubernetes avec NGINX
NGINX, Inc.
 
淺談WAF在AWS的架構
淺談WAF在AWS的架構淺談WAF在AWS的架構
淺談WAF在AWS的架構
4ndersonLin
 
Microservices and Container Management with NGINX Plus and Mesosphere DC/OS
Microservices and Container Management with NGINX Plus and Mesosphere DC/OSMicroservices and Container Management with NGINX Plus and Mesosphere DC/OS
Microservices and Container Management with NGINX Plus and Mesosphere DC/OS
NGINX, Inc.
 
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStackReal World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Nati Shalom
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com
 
NGINX: Back to Basics – APCJ
NGINX: Back to Basics – APCJNGINX: Back to Basics – APCJ
NGINX: Back to Basics – APCJ
NGINX, Inc.
 

What's hot (19)

NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale
 
Use case: CloudStack and Ansible
Use case: CloudStack and AnsibleUse case: CloudStack and Ansible
Use case: CloudStack and Ansible
 
Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack
 
Monitoring Your AWS EKS Environment with Datadog
Monitoring Your AWS EKS Environment with DatadogMonitoring Your AWS EKS Environment with Datadog
Monitoring Your AWS EKS Environment with Datadog
 
Securing your Cloud Environment v2
Securing your Cloud Environment v2Securing your Cloud Environment v2
Securing your Cloud Environment v2
 
NGINX DevSecOps Workshop
NGINX DevSecOps WorkshopNGINX DevSecOps Workshop
NGINX DevSecOps Workshop
 
ThoughtWorks Technology Radar Roadshow - Sydney
ThoughtWorks Technology Radar Roadshow - SydneyThoughtWorks Technology Radar Roadshow - Sydney
ThoughtWorks Technology Radar Roadshow - Sydney
 
ThoughtWorks Technology Radar Roadshow - Perth
ThoughtWorks Technology Radar Roadshow - PerthThoughtWorks Technology Radar Roadshow - Perth
ThoughtWorks Technology Radar Roadshow - Perth
 
Migrating from BIG-IP Deployment to NGINX ADC
Migrating from BIG-IP Deployment to NGINX ADCMigrating from BIG-IP Deployment to NGINX ADC
Migrating from BIG-IP Deployment to NGINX ADC
 
Resilient Microservices with Spring Cloud
Resilient Microservices with Spring CloudResilient Microservices with Spring Cloud
Resilient Microservices with Spring Cloud
 
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controllerNGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
 
Embacing service-level-objectives of your microservices in your Cl/CD
Embacing service-level-objectives of your microservices in your Cl/CDEmbacing service-level-objectives of your microservices in your Cl/CD
Embacing service-level-objectives of your microservices in your Cl/CD
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
 
Relevez les défis Kubernetes avec NGINX
Relevez les défis Kubernetes avec NGINXRelevez les défis Kubernetes avec NGINX
Relevez les défis Kubernetes avec NGINX
 
淺談WAF在AWS的架構
淺談WAF在AWS的架構淺談WAF在AWS的架構
淺談WAF在AWS的架構
 
Microservices and Container Management with NGINX Plus and Mesosphere DC/OS
Microservices and Container Management with NGINX Plus and Mesosphere DC/OSMicroservices and Container Management with NGINX Plus and Mesosphere DC/OS
Microservices and Container Management with NGINX Plus and Mesosphere DC/OS
 
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStackReal World Example of Orchestrating Docker, Node JS, NFV on OpenStack
Real World Example of Orchestrating Docker, Node JS, NFV on OpenStack
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
NGINX: Back to Basics – APCJ
NGINX: Back to Basics – APCJNGINX: Back to Basics – APCJ
NGINX: Back to Basics – APCJ
 

Similar to A Discussion of Automated Infrastructure Security with a Practical Example

Weaponizing Your DevOps Pipeline
Weaponizing Your DevOps PipelineWeaponizing Your DevOps Pipeline
Weaponizing Your DevOps Pipeline
Puma Security, LLC
 
Secure DevOps: A Puma's Tail
Secure DevOps: A Puma's TailSecure DevOps: A Puma's Tail
Secure DevOps: A Puma's Tail
Puma Security, LLC
 
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentationJustin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
TriNimbus
 
Connecting Your SIEM Tool with Akamai Security Events
Connecting Your SIEM Tool with Akamai Security EventsConnecting Your SIEM Tool with Akamai Security Events
Connecting Your SIEM Tool with Akamai Security Events
Akamai Developers & Admins
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAutomating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps
Amazon Web Services
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
Deborah Schalm
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
DevOps.com
 
Image Scanning Best Practices for Containers and Kubernetes
Image Scanning Best Practices for Containers and KubernetesImage Scanning Best Practices for Containers and Kubernetes
Image Scanning Best Practices for Containers and Kubernetes
DevOps.com
 
How to Architect AWS for Mission-Critical Applications
How to Architect AWS for Mission-Critical ApplicationsHow to Architect AWS for Mission-Critical Applications
How to Architect AWS for Mission-Critical Applications
LogicworksNYC
 
DevSecOps: Key Controls to Modern Security Success
DevSecOps: Key Controls to Modern Security SuccessDevSecOps: Key Controls to Modern Security Success
DevSecOps: Key Controls to Modern Security Success
Puma Security, LLC
 
Automating security tests for Continuous Integration
Automating security tests for Continuous IntegrationAutomating security tests for Continuous Integration
Automating security tests for Continuous Integration
Stephen de Vries
 
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...
Amazon Web Services
 
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Amazon Web Services
 
Overcoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsOvercoming Security Challenges in DevOps
Overcoming Security Challenges in DevOps
Alert Logic
 
From Development to Deployment - Use Akamai to Facilitate Workflow Automation
From Development to Deployment - Use Akamai to Facilitate Workflow AutomationFrom Development to Deployment - Use Akamai to Facilitate Workflow Automation
From Development to Deployment - Use Akamai to Facilitate Workflow Automation
Akamai Developers & Admins
 
Continuous Delivery With Selenium Grid And Docker
Continuous Delivery With Selenium Grid And DockerContinuous Delivery With Selenium Grid And Docker
Continuous Delivery With Selenium Grid And Docker
Barbara Gonzalez
 
Java Agile ALM: OTAP and DevOps in the Cloud
Java Agile ALM: OTAP and DevOps in the CloudJava Agile ALM: OTAP and DevOps in the Cloud
Java Agile ALM: OTAP and DevOps in the Cloud
MongoDB
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
VMware Tanzu
 
AWS Webcast - Build Agile Applications in AWS Cloud for Government
AWS Webcast - Build Agile Applications in AWS Cloud for GovernmentAWS Webcast - Build Agile Applications in AWS Cloud for Government
AWS Webcast - Build Agile Applications in AWS Cloud for Government
Amazon Web Services
 
(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the Cloud(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the Cloud
Amazon Web Services
 

Similar to A Discussion of Automated Infrastructure Security with a Practical Example (20)

Weaponizing Your DevOps Pipeline
Weaponizing Your DevOps PipelineWeaponizing Your DevOps Pipeline
Weaponizing Your DevOps Pipeline
 
Secure DevOps: A Puma's Tail
Secure DevOps: A Puma's TailSecure DevOps: A Puma's Tail
Secure DevOps: A Puma's Tail
 
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentationJustin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
 
Connecting Your SIEM Tool with Akamai Security Events
Connecting Your SIEM Tool with Akamai Security EventsConnecting Your SIEM Tool with Akamai Security Events
Connecting Your SIEM Tool with Akamai Security Events
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAutomating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
 
Image Scanning Best Practices for Containers and Kubernetes
Image Scanning Best Practices for Containers and KubernetesImage Scanning Best Practices for Containers and Kubernetes
Image Scanning Best Practices for Containers and Kubernetes
 
How to Architect AWS for Mission-Critical Applications
How to Architect AWS for Mission-Critical ApplicationsHow to Architect AWS for Mission-Critical Applications
How to Architect AWS for Mission-Critical Applications
 
DevSecOps: Key Controls to Modern Security Success
DevSecOps: Key Controls to Modern Security SuccessDevSecOps: Key Controls to Modern Security Success
DevSecOps: Key Controls to Modern Security Success
 
Automating security tests for Continuous Integration
Automating security tests for Continuous IntegrationAutomating security tests for Continuous Integration
Automating security tests for Continuous Integration
 
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...
GPSWKS404-GPS Game Changing C2S Services To Transform Your Customers Speed To...
 
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
 
Overcoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsOvercoming Security Challenges in DevOps
Overcoming Security Challenges in DevOps
 
From Development to Deployment - Use Akamai to Facilitate Workflow Automation
From Development to Deployment - Use Akamai to Facilitate Workflow AutomationFrom Development to Deployment - Use Akamai to Facilitate Workflow Automation
From Development to Deployment - Use Akamai to Facilitate Workflow Automation
 
Continuous Delivery With Selenium Grid And Docker
Continuous Delivery With Selenium Grid And DockerContinuous Delivery With Selenium Grid And Docker
Continuous Delivery With Selenium Grid And Docker
 
Java Agile ALM: OTAP and DevOps in the Cloud
Java Agile ALM: OTAP and DevOps in the CloudJava Agile ALM: OTAP and DevOps in the Cloud
Java Agile ALM: OTAP and DevOps in the Cloud
 
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
Achieving DevSecOps Outcomes with Tanzu Advanced- May 25, 2021
 
AWS Webcast - Build Agile Applications in AWS Cloud for Government
AWS Webcast - Build Agile Applications in AWS Cloud for GovernmentAWS Webcast - Build Agile Applications in AWS Cloud for Government
AWS Webcast - Build Agile Applications in AWS Cloud for Government
 
(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the Cloud(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the Cloud
 

More from DevOps.com

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
DevOps.com
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
DevOps.com
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
DevOps.com
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the Cloud
DevOps.com
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions
DevOps.com
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware Resolution
DevOps.com
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
DevOps.com
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident Response
DevOps.com
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
DevOps.com
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
DevOps.com
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with Datadog
DevOps.com
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or Privately
DevOps.com
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
DevOps.com
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call Culture
DevOps.com
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021
DevOps.com
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
DevOps.com
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
DevOps.com
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
DevOps.com
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
DevOps.com
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
DevOps.com
 

More from DevOps.com (20)

Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareModernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source Software
 
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
 
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykNext Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and Snyk
 
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudVulnerability Discovery in the Cloud
Vulnerability Discovery in the Cloud
 
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and Predictions
 
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionA New Year’s Ransomware Resolution
A New Year’s Ransomware Resolution
 
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
 
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDon't Panic! Effective Incident Response
Don't Panic! Effective Incident Response
 
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureCreating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
 
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportRole Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
 
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogMonitoring Serverless Applications with Datadog
Monitoring Serverless Applications with Datadog
 
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDeliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or Privately
 
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalSecuring medical apps in the age of covid final
Securing medical apps in the age of covid final
 
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureHow to Build a Healthy On-Call Culture
How to Build a Healthy On-Call Culture
 
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021
 
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?
 
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsSecure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift Environments
 
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
 
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
 

Recently uploaded

Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
Donna Lenk
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
Matt Welsh
 
Pro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp BookPro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp Book
abdulrafaychaudhry
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
Enterprise Software Development with No Code Solutions.pptx
Enterprise Software Development with No Code Solutions.pptxEnterprise Software Development with No Code Solutions.pptx
Enterprise Software Development with No Code Solutions.pptx
QuickwayInfoSystems3
 
Introduction to Pygame (Lecture 7 Python Game Development)
Introduction to Pygame (Lecture 7 Python Game Development)Introduction to Pygame (Lecture 7 Python Game Development)
Introduction to Pygame (Lecture 7 Python Game Development)
abdulrafaychaudhry
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
informapgpstrackings
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Natan Silnitsky
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
Globus
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
e20449
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
Globus
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
abdulrafaychaudhry
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
Globus
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
Cyanic lab
 

Recently uploaded (20)

Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
 
Pro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp BookPro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp Book
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
Enterprise Software Development with No Code Solutions.pptx
Enterprise Software Development with No Code Solutions.pptxEnterprise Software Development with No Code Solutions.pptx
Enterprise Software Development with No Code Solutions.pptx
 
Introduction to Pygame (Lecture 7 Python Game Development)
Introduction to Pygame (Lecture 7 Python Game Development)Introduction to Pygame (Lecture 7 Python Game Development)
Introduction to Pygame (Lecture 7 Python Game Development)
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 

A Discussion of Automated Infrastructure Security with a Practical Example

  • 1. DevOps.com and CloudPassage Continuous Infrastructure Compliance W. Jenks Gibbons | November 2, 2017
  • 2. Is security a roadblock for continuous delivery? © 2017 CloudPassage2
  • 3. © 2017 CloudPassage3 Traditional security tools Plan Code Build Test Release Deploy Operate security gate
  • 4. © 2017 CloudPassage4 Re-align security to modern IT delivery security guardrails Plan Code Build Test Release Deploy Operate
  • 5. © 2017 CloudPassage5 Continuous Security - DevSecOps PLAN • Map out types of systems • Design security policies • Define policy groups PEOPLE CREATE • Insert agent via CI build scripts, Gold Master images, etc. AUTOMATION PRE-PROD • Tag production artifacts with proper policy groups AUTOMATION CONFIGURE • Apply runtime policies • SVA, CSM, SAM • Firewall, authentication • FIM, LIDS AUTOMATION MONITOR • Monitor production • Security events to SIEM • Audit data to GRC • Metrics to reporting • Visualize traffic and connections • Scope new vulnerabilities AUTOMATION & PEOPLE VERIFY • Verify security of builds • SVA, CSM, SAM • Generate FIM baselines AUTOMATION
  • 6. Case Study Acme Incorporated: Current State • Development and Operations: understand the needs of the business units • Development and Operations: work together on their area of responsibility independently of other teams • Continuous Integration / Continuous Delivery (CICD) • Deliver features multiple times a day • Delivery does not require external approval • Deployment requires Security Operations approval © 2017 CloudPassage Confidential6
  • 7. Case Study Acme Incorporated: Current Problem • Individual teams are unable to deploy at the at the speed of the business units • Security is blocking deployment • Examples: • Security must confirm there are no vulnerabilities in the image (5 day SLA) • Security must confirm the image is configured to meet compliance requirements (5 day SLA) • Security must create an image baseline for file integrity monitoring (5 day SLA) • Firewall changes for new workloads (5 day SLA) © 2017 CloudPassage Confidential7
  • 8. Case Study Acme Incorporated: Current Problem • Delivery: many times a day • Delivery team: autonomous • Deployment team: autonomous • Deployment approval: multiple teams • Deployment approval: more than 5x the time to deliver and deploy © 2017 CloudPassage Confidential8
  • 9. © 2017 CloudPassage9 DevOps delivery pipeline – before security automation PEOPLE Code Done AUTOMATION TOOL CHAIN
  • 10. © 2017 CloudPassage10 DevOps delivery pipeline – before security automation Hours
  • 11. Case Study Acme Incorporated: Solution • Add a Security Operations team member to the Development and Operations feature teams • Add security to the pipeline © 2017 CloudPassage Confidential11
  • 12. Case Study Acme Incorporated: Solution - Plan • Development, Operations and Security Operations are now working together in autonomous feature teams • OS image – the teams will work together to design and create a known “golden” image for each platform • Workloads (e.g. VMs, hosts, servers) are are grouped together: • Jenkins Master • Jenkins Slaves • Git • Web • DB • PCI complaint • HIPAA compliant © 2017 CloudPassage Confidential12
  • 13. Case Study Acme Incorporated: Solution - Plan • Groups are assigned security policies: • Software Vulnerability Assessment (SVA) • Configuration Security Monitoring (CSM) • File Integrity Monitoring (FIM) • Microsegmentation • Log-based Intrusion Detection (LIDS) © 2017 CloudPassage Confidential13
  • 14. Case Study Acme Incorporated: Solution - Create • Enable automated workload security by integrating it into the pipeline • Install a small security agent on the workload. • Ansible • Chef • PowerShell • Puppet • “bake” into image • Ensure the agent works • in any environment • at any scale • on demand • and offers a broad range of controls © 2017 CloudPassage Confidential14
  • 15. Case Study Acme Incorporated: Solution - Pre-Production • When workloads boot • Tag the workload with the proper group • Security policies applied automatically • Security simply goes along for the ride © 2017 CloudPassage Confidential15
  • 16. Case Study Acme Incorporated: Solution – Verify • Security verification is built into the CICD Pipeline • During CI • Code analysis • Unit, smoke, functional … tests • Workload security tests • SVA scan • CSM scan • Success and failures are based on critical failures • Check results into Git – audit trail © 2017 CloudPassage Confidential16
  • 17. Case Study Acme Incorporated: Solution – Verify • Workload security tests (cont.) • On fail • Kill instance • Fix issues • Check-in to kick-off CI - shorten feedback loop • On pass – deploy • take FIM baseline • move from a Pre-Production to a Production security group © 2017 CloudPassage Confidential17
  • 18. Case Study Acme Incorporated: Solution – Monitor • Separate CI build job • At specified intervals • SVA scan • CSM scan • FIM scan • Any critical issues to Slack, JIRA, ServiceNow … © 2017 CloudPassage Confidential18
  • 19. © 2017 CloudPassage19 DevOps delivery pipeline – after security automation Minutes
  • 20. © 2017 CloudPassage20 DevOps delivery pipeline - after security automation PEOPLE Code Notify Done Source control Commit CI/CD master Trigger CI/CD slave Build Test Pass? CloudPassage Halo Scan Baseline Monitor Artifact registry Store Infrastructure Update Y N
  • 21. © 2017 CloudPassage21 Practical Example • Git • Jenkins • Slack • Chef
  • 22. © 2017 CloudPassage22 Check-In Developer makes a change to code, or to infrastructure (e.g. golden image)
  • 23. © 2017 CloudPassage23 Jenkins A web-hook is then configured to kick off a build in Jenkins. This could be a code change or an infrastructure change.
  • 24. © 2017 CloudPassage24 Slack Jenkins sends notifications to Slack – shorten the feedback loop.
  • 25. © 2017 CloudPassage25 Jenkins, Chef, Test Kitchen, Security Tools • EC2 Test Kitchen – launch golden image • Chef – install lightweight security agent • Python – API calls to security tools python /home/jenkins/workload_security_analysis.py python /home/jenkins/deploy.py
  • 26. © 2017 CloudPassage confidential26 Git – Audit Trail If the build succeeds or fails an audit report can be created and checked into Git.
  • 27. © 2017 CloudPassage27 Patch – “Golden Image” Using the results of the workload security analysis from the audit report the golden image can be patched.
  • 28. © 2017 CloudPassage28 Create New Golden Image and Check in as Code