[Write Date : 2022.07.27]
[Written by James.yoo]
The purpose is to understand the future technology of the digital society that is changing due to the pandemic society. Among them, the overview, use cases, preparations, and considerations for Cybersecurity Mesh listed in Garter TOP 10 were considered.
If you want to know the changed society of the future, you should read it.
The practical DevSecOps course is designed to help individuals and organisations in implementing DevSecOps practices, to achieve massive scale in security. This course is divided into 13 chapters, each chapter will have theory, followed by demos and any limitations we need to keep in my mind while implementing them.
More details here - https://www.practical-devsecops.com/
A talk given at Docker London on Wednesday, July 20th, 2016. This talk is a fast-paced overview of the potential threats faced when containerizing applications, married to a quick run-through of the "security toolbox" available in the Docker engine via Linux kernel capabilities and features enabled by OCI's libcontainer/runc and Docker.
A video recording of this talk is available here: https://skillsmatter.com/skillscasts/8551-container-security
데브시스터즈의 Cookie Run: OvenBreak 에 적용된 Kubernetes 기반 다중 개발 서버 환경 구축 시스템에 대한 발표입니다.
Container orchestration 기반 개발 환경 구축 시스템의 필요성과, 왜 Kubernetes를 선택했는지, Kubernetes의 개념과 유용한 기능들을 다룹니다. 아울러 구축한 시스템에 대한 데모와, 작업했던 항목들에 대해 리뷰합니다.
*NDC17 발표에서는 데모 동영상을 사용했으나, 슬라이드 캡쳐로 대신합니다.
The practical DevSecOps course is designed to help individuals and organisations in implementing DevSecOps practices, to achieve massive scale in security. This course is divided into 13 chapters, each chapter will have theory, followed by demos and any limitations we need to keep in my mind while implementing them.
More details here - https://www.practical-devsecops.com/
A talk given at Docker London on Wednesday, July 20th, 2016. This talk is a fast-paced overview of the potential threats faced when containerizing applications, married to a quick run-through of the "security toolbox" available in the Docker engine via Linux kernel capabilities and features enabled by OCI's libcontainer/runc and Docker.
A video recording of this talk is available here: https://skillsmatter.com/skillscasts/8551-container-security
데브시스터즈의 Cookie Run: OvenBreak 에 적용된 Kubernetes 기반 다중 개발 서버 환경 구축 시스템에 대한 발표입니다.
Container orchestration 기반 개발 환경 구축 시스템의 필요성과, 왜 Kubernetes를 선택했는지, Kubernetes의 개념과 유용한 기능들을 다룹니다. 아울러 구축한 시스템에 대한 데모와, 작업했던 항목들에 대해 리뷰합니다.
*NDC17 발표에서는 데모 동영상을 사용했으나, 슬라이드 캡쳐로 대신합니다.
Security teams are often seen as roadblocks to rapid development or operations implementations, slowing down production code pushes. As a result, security organizations will likely have to change so they can fully support and facilitate cloud operations.
This presentation will explain how DevOps and information security can co-exist through the application of a new approach referred to as DevSecOps.
DevSecOps nada mais é a união dos benefícios da cultura DevOps com práticas e processos da segurança da informação, um dos grandes desafios desta nova onda é como de fato implementar e automatizar ferramentas de segurança dentro do ciclo de desenvolvimento de software até o momento do deploy. A palestra tem uma abordagem prática e teórica de soluções automatizadas com Docker e Jenkins para incrementar segurança desde a integração contínua (CI) até a entrega contínua (CD), soluções que também permitem o monitoramento automatizado de vulnerabilidades em redes e sites.
In the world of DevSecOps as you may predict we have three teams working together. Development, the Security team and Operations.
The “Sec” of DevSecOps introduces changes into the following:
• Engineering
• Operations
• Data Science
• Compliance
Network Architecture review in context of Information security helps to understand how to actually review the components of network with respect to best practices.
[Container 기반의 DevOps] Cloud Native
열린기술공방에서 처음으로 런칭한 교육 프로그램의 트렌드 세션 자료입니다. 급변하는 환경에 맞춘 SW를 개발하고 배포하기 위해, 빠른 의사결정을 할 수 있는 환경과 프로세스가 더욱 중요해지고 있는데요. 기업들에게 왜 클라우드 네이티브 전략이 필수적인지에 대해 소개한 자료입니다.
열린기술공방의 교육 과정을 통해 Kubernetes위에서 동작하는 Application의 빌드부터 배포까지의 과정을 한 눈에 확인하실 수 있습니다.
Are you looking to build Cloud-based application using DevOps methodlogy but worried that the traditional security methods may not adapt to the modern development techniques? Azure Secure DevOps Kit
DevSecOps (short for development, security, and operations) is a development practice that integrates security initiatives at every stage of the software development lifecycle to deliver robust and secure applications.
Software Bills of Materials (SBOMs) seem to have come out of now where. One day, no one has ever heard of them, and the next day many people ask why you don’t have one. SBOMs are a new and soon-to-be-necessary need for communicating your software composition to 3rd parties. Let’s dispel some myths and lay out a clear path for when and why you may need an SBOM, and how you’ll need to engage with one.
Given at DevOpsDays Tampa Bay, 2022: https://devopsdays.org/events/2022-tampa/program/bill-bensing-t1
Security will always be our top priority. Agile deployment methods require a set of dynamic built-in security controls that keep pace with innovation and scale. In this session we will utilise the power of automation with the AWS platform to increase the agility of developers while maintaining a strong security posture.
Speaker: David Faulkner, Senior Technical Account Manager, Amazon Web Services
Container Security Deep Dive & Kubernetes Aqua Security
Container Security Deep Dive & Kubernetes by Tsvi Korren, Director of Technical Services at Aqua.
Container security best practices and implications in a Kubernetes environment. Tsvi will cover security for your containerized applications from development, through build, ship, and run, and as a result, how to make your entire Kubernetes deployment more secure.
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
The cybersecurity landscape is rapidly evolving, with new threats and threat actors emerging, and traditional security operations centers (SOCs) need to be augmented accordingly. This session will detail the journey of du in building and continually enhancing its SOC, physically and philosophically, to best deal with attack detection (offensively and defensively) and response.
(Source: RSA Conference USA 2017)
Prometheus is predominantly used for monitoring backend services. In this talk I present a technique for monitoring client-side rich client web apps with Prometheus. Presented at KubeCon Berlin 2017.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Security teams are often seen as roadblocks to rapid development or operations implementations, slowing down production code pushes. As a result, security organizations will likely have to change so they can fully support and facilitate cloud operations.
This presentation will explain how DevOps and information security can co-exist through the application of a new approach referred to as DevSecOps.
DevSecOps nada mais é a união dos benefícios da cultura DevOps com práticas e processos da segurança da informação, um dos grandes desafios desta nova onda é como de fato implementar e automatizar ferramentas de segurança dentro do ciclo de desenvolvimento de software até o momento do deploy. A palestra tem uma abordagem prática e teórica de soluções automatizadas com Docker e Jenkins para incrementar segurança desde a integração contínua (CI) até a entrega contínua (CD), soluções que também permitem o monitoramento automatizado de vulnerabilidades em redes e sites.
In the world of DevSecOps as you may predict we have three teams working together. Development, the Security team and Operations.
The “Sec” of DevSecOps introduces changes into the following:
• Engineering
• Operations
• Data Science
• Compliance
Network Architecture review in context of Information security helps to understand how to actually review the components of network with respect to best practices.
[Container 기반의 DevOps] Cloud Native
열린기술공방에서 처음으로 런칭한 교육 프로그램의 트렌드 세션 자료입니다. 급변하는 환경에 맞춘 SW를 개발하고 배포하기 위해, 빠른 의사결정을 할 수 있는 환경과 프로세스가 더욱 중요해지고 있는데요. 기업들에게 왜 클라우드 네이티브 전략이 필수적인지에 대해 소개한 자료입니다.
열린기술공방의 교육 과정을 통해 Kubernetes위에서 동작하는 Application의 빌드부터 배포까지의 과정을 한 눈에 확인하실 수 있습니다.
Are you looking to build Cloud-based application using DevOps methodlogy but worried that the traditional security methods may not adapt to the modern development techniques? Azure Secure DevOps Kit
DevSecOps (short for development, security, and operations) is a development practice that integrates security initiatives at every stage of the software development lifecycle to deliver robust and secure applications.
Software Bills of Materials (SBOMs) seem to have come out of now where. One day, no one has ever heard of them, and the next day many people ask why you don’t have one. SBOMs are a new and soon-to-be-necessary need for communicating your software composition to 3rd parties. Let’s dispel some myths and lay out a clear path for when and why you may need an SBOM, and how you’ll need to engage with one.
Given at DevOpsDays Tampa Bay, 2022: https://devopsdays.org/events/2022-tampa/program/bill-bensing-t1
Security will always be our top priority. Agile deployment methods require a set of dynamic built-in security controls that keep pace with innovation and scale. In this session we will utilise the power of automation with the AWS platform to increase the agility of developers while maintaining a strong security posture.
Speaker: David Faulkner, Senior Technical Account Manager, Amazon Web Services
Container Security Deep Dive & Kubernetes Aqua Security
Container Security Deep Dive & Kubernetes by Tsvi Korren, Director of Technical Services at Aqua.
Container security best practices and implications in a Kubernetes environment. Tsvi will cover security for your containerized applications from development, through build, ship, and run, and as a result, how to make your entire Kubernetes deployment more secure.
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
The cybersecurity landscape is rapidly evolving, with new threats and threat actors emerging, and traditional security operations centers (SOCs) need to be augmented accordingly. This session will detail the journey of du in building and continually enhancing its SOC, physically and philosophically, to best deal with attack detection (offensively and defensively) and response.
(Source: RSA Conference USA 2017)
Prometheus is predominantly used for monitoring backend services. In this talk I present a technique for monitoring client-side rich client web apps with Prometheus. Presented at KubeCon Berlin 2017.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
This presentation provides an overview of the NIST SP 500-299 NIST Cloud Computing Security Reference Architecture. It includes a brief description of the Cloud Computing Architecture, its services along with the required Risk Management activities.
Cloud Security using NIST guidelines, using NIST Cloud Computing Security Reference Architecture
(NIST SP 500-299), NIST Cloud
Computing Reference Architecture (NIST SP 500-292), NIST's Guide for Applying the Risk Management Framework to Federal Information Systems (NIST SP 800-37)
The session will be focusing how cloud-native security platform can continuously discovers workloads, identifies risk, and enforces security policies in any multi-cloud environment. Additionally it will also cover the Automated policy generation through agent-less security controls makes protecting data and applications the easiest thing to do in the cloud.
The Speaker of the session will be Dr. Ratinder Paul Singh Ahuja, Founder and Chief Research and Development Officer, Shield X, USA
Dr. Ratinder leads ShieldX and its mission as its central pivot point. Drawing from a career as a successful serial entrepreneur and corporate leader, he brings his unique blend of business acumen, industry network and deep technical knowledge.
At his previous start-ups, Internet Junction, Webstacks and Reconnex he served as Chief Technology Officer and Vice President of the Mobile and Network Security Business Units. His knowledge of innovation and emerging trends in networking, network security, and data-loss prevention are derived from years of industry experience. Dr. Ahuja holds a BS in Electronics & Electrical Engineering from Thapar University, in India, and a Masters and Ph.D. in Computer Engineering from Iowa State University. Dr. Ahuja has been granted 61 patents for security-based technologies, and has presented in many public forums, including the Content Protection Summit, IC3, IEEE Computer Society, McAfee FOCUS, and the Cloud Expo.
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresIJRES Journal
Virtualization continues to take center stage at IT industry, yet many organizations are finding it difficult to secure virtualized environments. Security is a critical component in the growing IT system surrounding virtualization. Many organizations find the security challenges associated with virtualization to be a major hurdle, companies of all kinds across all industries are looking towards addressing business and security needs in the virtual infrastructure. There are many research work done before about how to check the compliance status of the cloud platform, not of the virtual machines running on the platform. This paper proposes the security framework for multiple heterogeneous virtual machines which assess the compliance security of the virtual machines. In this paper we make use of REST APIs, using which we create remote session on the virtual machines and fetch the machine values which will be parsed to get the required values for assessment.
Network security is a dynamic art, with dangers appearing as fast as black hats can exploit vulnerabilities. While there are basic “golden rules” which can make life difficult for the bad guys, it remains a challenge to keep networks secure. John Chambers, Executive Chairman of Cisco, famously said “there are two types of companies: those that have been hacked, and those who don’t know they have been hacked”. The question for most organizations isn’t if they’re going to be breached, but how quickly they can isolate and mitigate the threat. In this paper, we’ll examine best practices for effective cybersecurity – from both a proactive (access hardening) and reactive (threat isolation and mitigation) perspective. We’ll address how network automation can help minimize cyberattacks by closing vulnerability gaps and how it can improve incident response times in the event of a cyberthreat. Finally, we’ll lay a vision for continuous network security, to explore how machine-to-machine automation may deliver an auto-securing and self-healing network.
Go to www.esgjrconsultinginc.com
Toward Continuous Cybersecurity With Network AutomationKen Flott
Network security is a dynamic art, with dangers appearing as
fast as black hats can exploit vulnerabilities. While there are
basic “golden rules” which can make life difficult for the bad
guys, it remains a challenge to keep networks secure. John
Chambers, Executive Chairman of Cisco, famously said “there
are two types of companies: those that have been hacked, and
those who don’t know they have been hacked”. The question
for most organizations isn’t if they’re going to be breached, but
how quickly they can isolate and mitigate the threat.
In this paper, we’ll examine best practices for effective
cybersecurity – from both a proactive (access hardening)
and reactive (threat isolation and mitigation) perspective.
We’ll address how network automation can help minimize
cyberattacks by closing vulnerability gaps and how it can
improve incident response times in the event of a cyberthreat.
Finally, we’ll lay a vision for continuous network security, to
explore how machine-to-machine automation may deliver an
auto-securing and self-healing network.
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...cscpconf
Deployment of using cloud services as a new approach to keep people's platforms, Infrastructure and applications has become an important issue in the world of communications technology. This is a very useful paradigm for humans to obtain their essential needs simpler, faster ,more flexible, and safer than before. But there are many concerns about this system challenge. Security is the most important challenge for cloud systems. In this paper we design and explain the procedure of implementation of a new method for cloud services based on multi clouds on our platform which supplies security and privacy more than other clouds. We introduce some confidentiality and security methods in each layer to have a secure access to requirements. The architecture of our method and the implementation of method on our selected platform for each layer are introduced in this paper.
Design and implement a new cloud security method based on multi clouds on ope...csandit
Deployment of using cloud services as a new approach to keep people's platforms,
Infrastructure and applications has become an important issue in the world of communications
technology. This is a very useful paradigm for humans to obtain their essential needs simpler,
faster ,more flexible, and safer than before. But there are many concerns about this system
challenge. Security is the most important challenge for cloud systems. In this paper we design
and explain the procedure of implementation of a new method for cloud services based on multi
clouds on our platform which supplies security and privacy more than other clouds. We
introduce some confidentiality and security methods in each layer to have a secure access to
requirements. The architecture of our method and the implementation of method on our selected
platform for each layer are introduced in this paper.
Digitalization has transformed the way business’s function. With the evolution of technologies, attackers are also evolving. They are finding innovative and more invasive ways to attack organizations. Due to this, the organization's security operations center (SOC) is expected to be
more agile and dynamic in detecting and responding to attacks. Most organizations' security operations and incident response teams are overworked due to high volumes of security threats and alerts that they need to manage every day.
Today, in the world of communication, connected systems is growing at a rapid pace. To accommodate this growth the need for computational power and storage is also increasing at a similar rate. Companies are investing a large amount of resources in buying, maintaining and ensuring availability of the system to their customers. To mitigate these issues, cloud computing is playing a major role [1]. The underlying concept of cloud computing dates back to the ‘50s but the term entering into widespread usage can be traced to 2006 when Amazon.com announced the Elastic Compute Cloud. In this paper, we will discuss about cloud security approaches. We have used the term “CloudDrain” to define data leakage in case of security compromise.
Cloud Computing intends a trend in computing model arises many security issues in all levels such as: network, application, data and host.
These models put up different challenges in security
Depending on consumers, models QOS(quality of service) requirements. Privacy, authentication, secre-cy are main concern for both consumers and cloud providers. IaaS serves as base for other models, if the security in this model is uncertain; it will affect the other models too. This paper delivers a examine the countermeasures and exposures. As a research we project security Assessment and improvement in Iaas layer.
[Write Date : 2022.1.19]
[Written by James.yoo]
You must have come across the term metaverse a lot.
In order to do business through the metaverse in the future,
Please take a look at the same content.
It would be good to think about the security, privacy, and stability of Metaverse.
메타버스라는 용어를 많이 접해보셨을 겁니다.
앞으로의 메타버스를 통한 비지니스를 하기위해 다음과
같은 내용을 꼭 살펴보시길 바랍니다.
메타버스의 보안, 개인정보, 안정성에 대한 고민을 꼭 하시면 좋을거 같습니다.
[4th revolution] new technology security education material] android security...james yoo
Interest in mobile security is increasing due to the development of the future environment. Through the diagnostic criteria of mobile security, we have made the diagnostic case for beginners to study and study. I hope it helps many people.
In the era of the 4th industrial revolution, the mobile era is approaching. Therefore, when open banking is activated, those who research security and IT need basic knowledge to conduct a mobile diagnosis. That's why we basically want to share an environment that can be diagnosed without a smartphone.
Privacy and security in a hyper connected worldjames yoo
We looked at important key elements of information security and personal information to look around the year, introduced the security threats that threatened in 2018, and summarized future considerations.
스테가노그래피(Steganography)는 데이터 은폐 기술 중 하나이며, 데이터를 다른 데이터에 삽입하는 기술 혹은 그 연구를 가리킨다. 스테가노 그래피 실습을 통해 좀더 초보자의 이해를 돕기위해 작성하였습니다.
Steganography is one of the data concealment techniques, and refers to the technique of inserting data into other data or its research.
It was written to help beginner's understanding more through steganography practice.
3년전에 서울지역내의 모 구청에서 발표했던 자료 입니다.
시간이 어느정도 지났지만, 유용한 자료가 되실거 같아 공개합니다.
그때, 영상이 플레이가 안되어 연기를 한 기억이 아직도 생생하네요.
반응은 정말 대박~~~ 이였죠...
여러분도 만들어 보시길.....
참고로, 그 장표는 없습니다.
Before 3years, I went to go district office to presented 30 min for office staff members.
after i finished speech, all people was clapping to me.
Thank you, read it.
[2015년 11월 18일]
CISSP korea 협회에서 발표했던 사물인터넷주제로 발표를 진행했었는데요.
관련 자료 이오니 시간되실때 보시면 좋을거 같습니다.
영화를 통한 보안 이야기라고 생각하시고 편안히 보시면 좋을거 같네요.
[2015.11.18]
I was presented at the The CISSP korea chapter in seoul.
the title of name is internet of things with you future.
I hope this helped.
How do you think Internet of Things technology will change in the future?
i lecture special cissp korea chapter for 40 min.
contect title of name is Internet of thing with your future.
have a nice day~~~
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
6. Cybersecurity Mesh Overview?
우리는 이제..
'치즈를 옮기고' 클라우드, 사물 인터넷(IoT), 모바일/무선 및
웨어러블 기술이 생성하는 위협에 대처해야 합니다.
최신 사이버 보안 기술팬데믹의 도래와 함께 수많은 기업이 생태계도 바뀌
고 있습니다.
가속화된 디지털 비즈니스는 서비스 제공자와 사용자 커뮤니티 모두의 인지
도를 기하급수적으로 증가시켰습니다.
핵티비스트( 해커 와 활동가 조합 )는 자신의 역할을 하고 현대 사이버 보
안 기술을 지속적으로 능가할 지속적인 놀이터를 찾았습니다.
데이터 유출 보고서 비용(CODB)에 따르면 ,2020년에서 2021년 사이에 침해
의 평균 총 비용이 10% 증가했습니다. 그것으로 사이버 범죄와의 전쟁이 끝
납니까? 무조건 'NO'. 보안은 결승선이 아니라 여정입니다.
8. Cybersecurity Mesh Overview?
• 공격의 변화에 따른 OWASP TOP 10 2021 (OWASP Top10 2017 -> OWASP Top10 2021)
A04:2021-Insecure Design : 새로운 카테고리로써,
보안이 고려된 설계가 중요하다는것을 말함
A01:2021-Broken Access Control : CWE 취약점이
다른범주보다 애플리케이션이 더 많이 발생(1번째)
OWASP Top10 2021
A02:2021-Cryptographic Failures : 주로 종종 민감
한 데이터 노출 또는 시스템 손상 발생(암호화 관련)
A03:2021-Injection : 인젝션의 경우 자주 발생하나
CWE 취약점기준으로 2번쨰로 많이 발생
A05:2021-Security Misconfiguration: 애플리케이션
의 90%가 어떤 형태의 잘못된 구성에 대해 테스트
(발생률 4.5%)
A06:2021-Vulnerable and Outdated Components : 상위 커뮤니
터에서 2위로 등극하였고, 여전히 기본 익스플로잇 및 영향 가중치
5.0이 점수에 반영되고 있는 항목
A07:2021-Identification and Authentication Failures : 인증실패
관련된 내용으로써, 취약점 순위는 떨어졌으나 여전히 공격 존재함
A08:2021-Software and Data Integrity Failures : 무결성을
확인하지 않고 소프트웨어 업데이트, 중요 데이터 및 CI/CD 파이
프라인과 관련된 가정에 중점을 둔 2021년의 새로운 범주
A09:2021-Security Logging and Monitoring Failures :
이 범주도 상위10개 커뮤니티에서 3위로 등극하였고, 가시성,
사고경고 및 포렌식에 직접적인 영향을 주는 항목
A10:2021-Server-Side Request Forgery : 상위 10개 커뮤니티
조사에서 1위라서 추가되었고, 발생률은 낮으나 위험성이 높음
10. Cybersecurity Mesh Overview?
• 사이버보안 매쉬(CyberSecurity Mesh) :
* 사람이나 신원을 중심으로 자신의 위치와 상관없이 각종 디지털 자산 보안에
접근할 수 있도록 하는 아키텍처
• 코로나19로 인해 ‘장소를 불문하는’ 운영 방식이 계속 발전하고 있음
* 가트너에서는 2024년까지 사이버 보안 메시 아키텍처(CSMA)를 채택하여 보안
도구를 통합, 협력 생태계로 작동하면 개별 보안 사고에 대한 재정적 영향을 평균
90%까지 피해를 줄일 수 있음
출처: Gartner
여러가지 기술을 접목해서 입체적이고 탄탄한 보안을 만드는 기술
12. CyberSecurity Mesh Overview?
• 다양한 CSP 와 다양한 서비스로 구축이 된다면 문제점은
• 식별
• 인증
• 인가
• 로깅
• 모니터링
• 감사
책임추적성을 보장하기 어렵다.
사용자 활동이 어려워진다.
➔ 해결책 : 통합 관리 솔루션이 필요하다.
13. Cybersecurity Mesh Overview?
• CyberSecurity Mesh Architecture
출처:
MSP
(Membership Service Provider)
SASE(ZeroTrust+SD-WAN)+ Security
범위 : 네트워크가상화, 워크로드, 기타서비스 등
역할 : 권한관리, 맵버쉽관리, 인증과 권한 등
14. Cybersecurity Mesh Overview?
• 앞서 설명드렸던 Identity Fabric은 왜 중요할까?
출처: Strata_What is an Identity Fabric?
Strata’s Maverics Platform
20. CyberSecurity Mesh Use Cases
VR
NoteBook
Tablet
Hand Phone
E
n
d
P
O
I
N
T
D
E
V
I
C
E
Network
Cloud
Workload
SASE
21. CyberSecurity Mesh Use Cases
• 통신의 지연이 거의 없는 초저지연 통신 기술(5G)
SASE
출처: 로봇신문_2022년 제 1회 로봇 세미나, 신재승 ETRI
http://www.irobotnews.com(2022.04.26)
미래형 스마트 공장 (적용사례)
22. CyberSecurity Mesh Use Cases
• SASE(Secure Access Service Edge) 을 주목하는 이유
SASE
보안 액세스 서비스 에지(SASE):
보안 웹 게이트웨이, 클라우드 액세스 보안 브로커, 방화벽,
제로 트러스트 네트워크 액세스 등의 클라우드 네이티브
보안 기능과 VPN 및 SD-WAN 기능이 통합되어 있는 네트워크
아키텍처
23. CyberSecurity Mesh Use Cases
• SASE(Secure Access Service Edge) 을 주목하는 이유
SASE
SASE는 보안 서비스를 사용자에게 더 가까이 제공하고, 위험
수준에 따라 적절한 수준의 액세스를 제공하는 데 초점을
맞추고 있습니다.
도입 배경: 대부분의 IT 팀은 트래픽 증가와 사이버 공격의 예
상 빈도에 대비하는 데 많은 시간과 비용 투자
문제점: 접근성과 보안성 사이에서 어려운 선택을 해야 하는
상황에 처하는 경우가 많습니다.
이는 기존 아키텍처들이 트래픽을 중앙화된 네트워크 허브로
백홀해 보안 검사를 실시한 다음 원하는 애플리케이션 또는
서비스로 라우팅하기 때문입니다. 이 프로세스는 매우 안전
하지만 성능과 예산에 부정적인 영향을 미칩니다. 추가 용량
이 필요한 경우에는 이 단점이 더욱 부각됨은 물론입니다.
[용어정의] : 백홀이란 유선또는 무선에 흐르는 데이터를 한곳에 모아서 백본망에 전달해주는것
24. CyberSecurity Mesh Use Cases
• SASE(Secure Access Service Edge) 을 주목하는 이유
SASE
SASE는 클라우드 시대에 걸맞은 위협 인식 네트워크를 제
공하며, 궁극적으로는 복잡성을 줄이고 운영을 간소화하
는 동시에 보안을 개선합니다. 보안 관리를 용이하게 만듦
으로써 네트워크 운영 가능성을 강화합니다.
25. CyberSecurity Mesh Use Cases
• SASE(Secure Access Service Edge) 을 주목하는 이유
SASE
예시) 포티넷과 AT&T, SASE 사업 공동 전개 (1/3)
[출처] :포티넷 자료_구글검색
26. CyberSecurity Mesh Use Cases
• SASE(Secure Access Service Edge) 을 주목하는 이유
SASE
예시) 포티넷과 AT&T, SASE 사업 공동 전개 (2/3)
[출처] :포티넷 자료_구글검색
27. CyberSecurity Mesh Use Cases
• SASE(Secure Access Service Edge) 을 주목하는 이유
SASE
예시) 포티넷과 AT&T, SASE 사업 공동 전개 (3/3)
[출처] :포티넷 자료_구글검색
28. CyberSecurity Mesh Use Cases
• XDR(Extended Detection & Response) 을 주목하는 이유
SASE
XDR은 보안 관리 및 대응의 효율을 높이기 위한 방법으로 급 부상
이유 : 변화된 환경은 보안 관리와 대응을 더욱 어렵게됨.
물리적 업무 공간의 확대, 개인단말의 업무참여(BYOD: Bring Your
Own Device), 클라우드 협업 어플리케이션 등으로 공격표면(Attack
Surface)은 지속적으로 증가
-제한된 보안 운영 인력 (SOC: Security Operating Center)
[출처] :트랜드마이크로 자료_구글검색
29. CyberSecurity Mesh Use Cases
• XDR(Extended Detection & Response) 을 주목하는 이유
SASE
XDR 필요성
(1) 위협 대응 한계 - 임퍼바(Imperva)는 2018년 조사에서 IT
전문가의 27%가 매일 100만 개 이상의 보안 경고를 받으며
1만 개 이상을 받는 경우도 절반 이상(55%)이라고 받음.
사례: 재택근무자를 통해 회사로 (역)침투하는 아일랜드 호
핑(island hopping attack:소규모회사 공격) 등은 대표적인 사례
(2) 변화하는 위협 - 과기정통부는‘21년 사이버위협 분석 및
22년 전망 분석’을 통해 환경변화에 따른 위협 예고
사례: 트랜드마이크로 2020 위협결과보고서에 따르면 홈 네
트워크의 공유기 및 스마트기기의 제어권을 탈취하는 브루
트 포스 공격이 73%로 가장 많음.
다양한 보고서를 통해 확인결과: 기승을 부린 랜섬웨어 등
이 의료분야 및 공급망(SCM) 등으로 확대되고, 재택, 클라우
드 등 변화된 환경으로 확대 발전되리라 전망
30. CyberSecurity Mesh Use Cases
• XDR(Extended Detection & Response) 을 주목하는 이유
SASE
XDR 구성요소
[출처] :가트너 자료_구글검색
39. CyberSecurity Mesh considerations and countermeasures
• 사이버보안 매쉬 고려사항
원격근무와 사무실 공간에서의
강력한 클라우드 보안
2-3년 까지 비용 혜택을 볼수 없는
막대한 투자
비즈니스 파트너쉽 구축
고객 요구 사항 부족으로 인한 통합
의 모호성
정책 및 사용자 ID에 중점을 둔 중
앙 집중식 접근 방식
새로운 보안 시스템에 익숙해져야
한다.
회사 파일에 대한 안전한 원격 액
세스
피싱 전술의 피해자
45. Final Thoughts
• 마지막으로 생각 해야 할 포인트
여러분은 변화되는 세상에서 사이버 공격을 어떻게 대응하실건가요?
출처: 직접 촬영(대전 국립 중앙 과학관)
46. Final Thoughts
• 핵심 요점
■ 요구사항 파악( 컴플라이언스 요건, 기술적요건, 관리적 요건 등 )
■ NIST 800-36 (정보보안 제품 선택사항) 검토 필요
구분 고려사항
조직
• 사용자 식별
• 보안제품과 조직임무사이의 역할 정의(R&R 역할)
• 데이터 민감도 식별
• 조직의 보안 요구사항 식별
• 보안 계획 검토, 정책과 절차 검토
• 이슈 식별 (유지보수, 훈련, 교육 등)
제품
• 총 수명 주기 비용 결정
• 확장성 평가
• 사용상의 편의성
• 상호연동성 요구사항 식별
• 알려진 취약점 검토
• 보안측면의 의존성 검토 등
업체
• 특정 제품의 선택이 향후 보안선택에 미치는 영향도
• 업체 경험과 재무사항 파악
• 제품의 보안 결함 발생시 대처 방안 확인
■ 보안이 고려된 설계(Security by Design)
47. Final Thoughts
• 마지막으로 생각 해야 할 포인트
공격자가 조직내부로 사이버 공격을 진행시 가장 우선시 생각하는
포인트는?
[출처] : 구글이미지 검색
48. 하고 싶은 말
• 지속적인 학습을 통하여 미래를 준비하는 융합 보안 전문가가 됩시다.
저 : 손철주
미술 교양서의 스테디 셀러,
『그림 아는 만큼 보인다』
1998년 초판 발행 이래 미술교양서 최고의
스테디셀러로 자리 잡았으며, 전문가들로
부터 90년대를 대표하는 책 100선으로 꼽
힌 『그림 아는 만큼 보인다』의 개정쇄이다.
그동안 다각도로 변모한 동시대 미술을 살
펴 볼 수 있는 새로운 이야기와 다양한 도
판을 추가하여 재구성하였다. 짤막한 각 글
에는 작가들의 덜 알려진 과거에서 끄집어
낸 이야기, 동서양 작가들의 빗나간 욕망과
넘치는 열정, 좀처럼 읽히지 않는 작품에
숨겨진 암호, 흥미진진한 미술시장 뒷담화,
푸근한 우리네 그림이야기 등이 담겨 있다.