Rahul Khengare, profile picture
Uploaded byRahul Khengare
PDF, PPTX298 views

Container Security Using Microsoft Defender

Microsoft Defender for Containers provides security for container workloads running on Kubernetes. It monitors clusters for misconfigurations and vulnerabilities, provides runtime threat detection, and generates alerts. It works across multiple clouds by deploying agents and daemons to collect security signals from the API server, nodes, and images. A demonstration showed Microsoft Defender in action monitoring container workloads.

Technology
Related topics:
Multi-Cloud Insights

Embed presentation

Download as PDF, PPTX
Container Security with Microsoft Defender Rahul Khengare 18th Mar 2023 DevOps-Pune Meetup Group
About Me Sr. Staff Engineer, Zscaler ◎ Cloud Security/DevOps/DevSecOps/SRE ◎ Blogger (oss-world, thesecuremonk) ◎ Co-Organizer ○ DevOps-Pune, DevSecOps-Pune ◎ Open Source Software and CIS Contributor ◎ Past Organization: Cloudneeti, Motifworks, NTT Data ◎ https://www.linkedin.com/in/rahulkhengare
Agenda ◎ Need for Container Security ◎ Overview of Microsoft Defender for Cloud ◎ Microsoft Defender Capabilities ◎ How it works ◎ Demo
How you are securing the container workloads?
Known Practices ◎ Use of private registry and trusted images ◎ Continuous Vulnerability scanning of images (Trivy, Encore) ◎ Limit container privileges ◎ Use of network segmentation ◎ Implement least privilege access (RBAC) ◎ Logging and Monitoring ◎ Implement runtime security for threat detection ◎ Preventive and detective policies - Kyverno ◎ Security and Compliance Audits ◎ Certificates, securing endpoints ◎ Many More …
“ 93% experienced at least one security incident in their Kubernetes environments in the last 12 months - State of Kubernetes security report * Kubernetes adoption, security, and market trends report 2022
Microsoft Defender What it is? Capabilities? How it works?
Overview of Microsoft Defender for container ◎ Cloud Native solution to ○ Improve ○ Monitor ○ Maintain the security of your clusters, containers, and their applications. ◎ Multi-cloud Supports K8s offering and registries from different CSP like EKS, GKE, ECR ◎ Kubernetes Native Deployment at Scale ◎ Provides Security Alerts and Remediation Capabilities RUN TIME Threat Detection ENVIRONMENT HARDENING Cluster Configurations Vulnerability Container Image Container Security
Environment Hardening 9 ◎ Continuous monitoring of your Kubernetes clusters ○ Wherever they're hosted [AWS - EKS, Azure - AKS, GCP - GKE, On-Premise (using ARC)] ○ Continuously assess clusters to provide visibility of misconfigurations ○ Provide Guidelines to mitigate the issues ◎ Kubernetes data plane hardening ○ Azure Policy add on ◉ Extends Gatekeeper v3, required to apply at-scale auditing, enforcements and safeguards on clusters in a centralized, consistent manner. ○ Defender Daemonset ◉ Deployed to each worker node, collects security-related data and sends it to Defender for analysis. Required for runtime protections and security capabilities
Environment Hardening 10
Vulnerability Assessment 11 ◎ Supports Azure ACR and AWS ECR ◎ Triggers ○ On push ○ Recently pulled ○ On import ○ Continuous scan based on an image pull and for running images ◎ View and remediate findings ◎ Disable specific findings like severity below medium, non patchable findings
Runtime Threat Protection 12 ◎ Provides real-time threat protection ◎ Generates alerts for suspicious activities ◎ Threat protection at the cluster level ○ Provided by the Defender agent and analysis of the Kubernetes audit logs. ◎ Threat protection at Host level ◎ Monitors the attack surface of multi cloud Kubernetes deployments based on MITRE ATT&CK® matrix for Containers ◎ Examples: ○ Exposed Kubernetes dashboards, High-privileged roles, Sensitive mounts ○ Anomalous secret access, Detected suspicious file download, Possible backdoor detected
Runtime Protection - Alerts 13
How it works 14 ◎ Defender for Containers receives and analyzes: ○ Audit logs and security events from the API server ○ Cluster configuration information from the control plane ○ Workload configuration from Azure Policy ○ Security signals and events from the node level ◎ Components deployed ○ Azure Policy add on ◉ Extends Gatekeeper v3, required to apply at-scale auditing, enforcements and safeguards on clusters in a centralized, consistent manner. [azure-policy, azure-policy-webhook] ○ Defender Profile Daemonset ◉ Deployed to each node provides the runtime protections and collects signals from nodes using eBPF technology. [Microsoft-defender-collector-ds, microsoft-defender-publisher-ds, microsoft-defender-collector-misc]
How it works for AKS 15
How it works for EKS 16
How it works for GKE 17
Demo Defender in Action…
Thanks! Any questions?
References ◎ Microsoft Defender for container ◎ Runtime alerts for Kubernetes cluster ◎ Azure provided container recommendations ◎ Vulnerable K8s for testing ◎ Azure Policies for K8s

More Related Content

PPTX
Information Security Awareness Training Open
byFred Beck MBA, CPA
 
PDF
Cloud Security Alliance Guide to Cloud Security
bySandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
PDF
Microsoft Defender and Azure Sentinel
byDavid J Rosenthal
 
PPTX
Identity and Access Management Introduction
byAidy Tificate
 
PPTX
Cybersecurity Attack Vectors: How to Protect Your Organization
byTriCorps Technologies
 
PDF
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
byEryk Budi Pratama
 
PPTX
Endpoint Protection
bySophos
 
PPTX
Microsoft Information Protection.pptx
byChrisaldyChandra
 
Information Security Awareness Training Open
byFred Beck MBA, CPA
 
Cloud Security Alliance Guide to Cloud Security
bySandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Microsoft Defender and Azure Sentinel
byDavid J Rosenthal
 
Identity and Access Management Introduction
byAidy Tificate
 
Cybersecurity Attack Vectors: How to Protect Your Organization
byTriCorps Technologies
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
byEryk Budi Pratama
 
Endpoint Protection
bySophos
 
Microsoft Information Protection.pptx
byChrisaldyChandra
 

What's hot

PDF
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
byParishSummer
 
PPTX
Cyber Security 101: Training, awareness, strategies for small to medium sized...
byStephen Cobb
 
PPTX
Microsoft Purview Overview Deck.pptx is for Microsoft Purview
byahsanf1
 
PPTX
Cloud Security Architecture.pptx
byMoshe Ferber
 
PPTX
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
byVignesh Ganesan I Microsoft MVP
 
PDF
Azure Information Protection
byRobert Crane
 
PDF
Microsoft Azure Sentinel
byBGA Cyber Security
 
PDF
Cyber Threat Intelligence
bymohamed nasri
 
PDF
Microsoft Zero Trust
byDavid J Rosenthal
 
PPTX
Cloud Security
byAWS User Group Bengaluru
 
PDF
How MITRE ATT&CK helps security operations
bySergey Soldatov
 
PDF
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
byEdureka!
 
PDF
Threat Modeling Basics with Examples
bySanjeev Kumar Jaiswal
 
PPTX
Microsoft Threat Protection
byThierry DEMAN
 
PDF
Azure Security Overview
byDavid J Rosenthal
 
PDF
Empower Your Security Practitioners with Elastic SIEM
byElasticsearch
 
PDF
Cloud Security Demystified
byMichael Torres
 
PDF
SOC Architecture - Building the NextGen SOC
byPriyanka Aash
 
PPTX
Beginner's Guide to SIEM
byAlienVault
 
PDF
Microsoft Azure Security Overview
byAlert Logic
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
byParishSummer
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
byStephen Cobb
 
Microsoft Purview Overview Deck.pptx is for Microsoft Purview
byahsanf1
 
Cloud Security Architecture.pptx
byMoshe Ferber
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
byVignesh Ganesan I Microsoft MVP
 
Azure Information Protection
byRobert Crane
 
Microsoft Azure Sentinel
byBGA Cyber Security
 
Cyber Threat Intelligence
bymohamed nasri
 
Microsoft Zero Trust
byDavid J Rosenthal
 
Cloud Security
byAWS User Group Bengaluru
 
How MITRE ATT&CK helps security operations
bySergey Soldatov
 
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
byEdureka!
 
Threat Modeling Basics with Examples
bySanjeev Kumar Jaiswal
 
Microsoft Threat Protection
byThierry DEMAN
 
Azure Security Overview
byDavid J Rosenthal
 
Empower Your Security Practitioners with Elastic SIEM
byElasticsearch
 
Cloud Security Demystified
byMichael Torres
 
SOC Architecture - Building the NextGen SOC
byPriyanka Aash
 
Beginner's Guide to SIEM
byAlienVault
 
Microsoft Azure Security Overview
byAlert Logic
 

Similar to Container Security Using Microsoft Defender

PPTX
SC-900 Capabilities of Microsoft Security Solutions
byFredBrandonAuthorMCP
 
PPT
Secure Multi-cloud Environment workshop slides
byvictoryosowich1
 
PPTX
Kubernetes and container security
byVolodymyr Shynkar
 
PDF
Why Should Developers Care About Container Security?
byAll Things Open
 
PPTX
Hybrid - Seguridad en Contenedores v3.pptx
byHansFarroCastillo1
 
PPTX
Combatting Cyberthreats with Microsoft Defender 365 - CollabDays Finland 2023
byMichael Noel
 
PPTX
Container Security - Building a Solid Foundation (1).pptx
byMaghsoudAbbasPour1
 
PDF
Container Stranger Danger - Why should devs care about container security
byEric Smalling
 
PDF
656704621-Against-Threats-and-Secure-Cloud-Environments-Presentation-Slides-F...
bymahadikamol123
 
PDF
Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...
byNoNameCon
 
PDF
Cloud summit demystifying cloud security
byDavid De Vos
 
PDF
DevSecCon Lightning 2021- Container defaults are a hackers best friend
byEric Smalling
 
PDF
GDG SLK - Why should devs care about container security.pdf
byJames Anderson
 
PDF
Container Security Mmanagement
bySuresh Thivanka Rupasinghe
 
PDF
Hacking into your containers, and how to stop it!
byEric Smalling
 
PDF
ATO 2022 - Why should devs care about container security.pdf
byEric Smalling
 
PDF
Longji Vwamhi | Infrastructure With Microsoft Defender
byLongji Vwamhi
 
PPTX
The State of Kubernetes Security
byJimmy Mesta
 
PDF
Protecting Pipeline DevOps and IaC
byFernando Cardoso
 
PPTX
12 Ways Not to get 'Hacked' your Kubernetes Cluster
bySuman Chakraborty
 
SC-900 Capabilities of Microsoft Security Solutions
byFredBrandonAuthorMCP
 
Secure Multi-cloud Environment workshop slides
byvictoryosowich1
 
Kubernetes and container security
byVolodymyr Shynkar
 
Why Should Developers Care About Container Security?
byAll Things Open
 
Hybrid - Seguridad en Contenedores v3.pptx
byHansFarroCastillo1
 
Combatting Cyberthreats with Microsoft Defender 365 - CollabDays Finland 2023
byMichael Noel
 
Container Security - Building a Solid Foundation (1).pptx
byMaghsoudAbbasPour1
 
Container Stranger Danger - Why should devs care about container security
byEric Smalling
 
656704621-Against-Threats-and-Secure-Cloud-Environments-Presentation-Slides-F...
bymahadikamol123
 
Stanislav Kolenkin & Igor Khoroshchenko - Knock Knock: Security threats with ...
byNoNameCon
 
Cloud summit demystifying cloud security
byDavid De Vos
 
DevSecCon Lightning 2021- Container defaults are a hackers best friend
byEric Smalling
 
GDG SLK - Why should devs care about container security.pdf
byJames Anderson
 
Container Security Mmanagement
bySuresh Thivanka Rupasinghe
 
Hacking into your containers, and how to stop it!
byEric Smalling
 
ATO 2022 - Why should devs care about container security.pdf
byEric Smalling
 
Longji Vwamhi | Infrastructure With Microsoft Defender
byLongji Vwamhi
 
The State of Kubernetes Security
byJimmy Mesta
 
Protecting Pipeline DevOps and IaC
byFernando Cardoso
 
12 Ways Not to get 'Hacked' your Kubernetes Cluster
bySuman Chakraborty
 

More from Rahul Khengare

PDF
CIS Security Benchmark
byRahul Khengare
 
PPTX
You2.0
byRahul Khengare
 
PDF
AzurePolicy DevOps Pune Feb23
byRahul Khengare
 
PPTX
Introduction to micro-services @DevOps pune Meetup
byRahul Khengare
 
PPSX
DPI2012
byRahul Khengare
 
PPTX
Serf@devops pune
byRahul Khengare
 
CIS Security Benchmark
byRahul Khengare
 
You2.0
byRahul Khengare
 
AzurePolicy DevOps Pune Feb23
byRahul Khengare
 
Introduction to micro-services @DevOps pune Meetup
byRahul Khengare
 
DPI2012
byRahul Khengare
 
Serf@devops pune
byRahul Khengare
 

Recently uploaded

PPTX
DVCON24-IBM ai/ml driven hardware verification
byArun Joseph
 
PDF
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
PDF
Building Software in the AI Era: Spec-Driven Development with Kiro IDE
byHaim Michael
 
PDF
JR : Quality Random Data from the Command line
byGiovanni Marigi
 
PDF
Using Change Data Capture (CDC) to Ingest Data into Apache Kafka
byGiovanni Marigi
 
PPTX
KTU-PEMET413 -MODULE 2-POLYMER MATRIX COMPOSITES - LECTURE 1.pptx
byVINAY B
 
PPTX
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
PPTX
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
PDF
Scott M. Graffius' Phases of Team Development - Applied to Human Teams and Hu...
byScott M. Graffius
 
PDF
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
PPTX
DATALIVA-Presentation-EN_2026 Budgeting SAP Odoo ERP
byMustafa Kuğu
 
PDF
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
PPTX
IBM_NEXA_DAC2021 NEXA, a cloud-native platform for collaborative hardware log...
byArun Joseph
 
PPTX
Sensors-and-Actuators-in-IoT-Systems.pptx
byMuhammedNihal54
 
PDF
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
PDF
Digital Transformation Services The Key to Futureproofing Your Business
byQuadrafort Technolgies
 
PDF
Strengthening cybern resilience for a leading indian Financial Services group
bypandeydevika621
 
PPTX
ICT Entrepreneur Quiz for grade 7...........
bykayramos6
 
PDF
From Compliance to Competitive Advantage Board-Level Cyber Governance Under D...
bySaraDavis91
 
PDF
threat-hunters-cookbook for cybersecurity
bylobster6719
 
DVCON24-IBM ai/ml driven hardware verification
byArun Joseph
 
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
Building Software in the AI Era: Spec-Driven Development with Kiro IDE
byHaim Michael
 
JR : Quality Random Data from the Command line
byGiovanni Marigi
 
Using Change Data Capture (CDC) to Ingest Data into Apache Kafka
byGiovanni Marigi
 
KTU-PEMET413 -MODULE 2-POLYMER MATRIX COMPOSITES - LECTURE 1.pptx
byVINAY B
 
Building Real-Time Voice AI — Udaiappa Ramachandran
byUdaiappa Ramachandran
 
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
Scott M. Graffius' Phases of Team Development - Applied to Human Teams and Hu...
byScott M. Graffius
 
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
DATALIVA-Presentation-EN_2026 Budgeting SAP Odoo ERP
byMustafa Kuğu
 
Azure Identity, Governance, and Monitoring solutions
byVICTOR MAESTRE RAMIREZ
 
IBM_NEXA_DAC2021 NEXA, a cloud-native platform for collaborative hardware log...
byArun Joseph
 
Sensors-and-Actuators-in-IoT-Systems.pptx
byMuhammedNihal54
 
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
Digital Transformation Services The Key to Futureproofing Your Business
byQuadrafort Technolgies
 
Strengthening cybern resilience for a leading indian Financial Services group
bypandeydevika621
 
ICT Entrepreneur Quiz for grade 7...........
bykayramos6
 
From Compliance to Competitive Advantage Board-Level Cyber Governance Under D...
bySaraDavis91
 
threat-hunters-cookbook for cybersecurity
bylobster6719
 

Container Security Using Microsoft Defender

  • 1.
    Container Security withMicrosoft Defender Rahul Khengare 18th Mar 2023 DevOps-Pune Meetup Group
  • 2.
    About Me Sr. StaffEngineer, Zscaler ◎ Cloud Security/DevOps/DevSecOps/SRE ◎ Blogger (oss-world, thesecuremonk) ◎ Co-Organizer ○ DevOps-Pune, DevSecOps-Pune ◎ Open Source Software and CIS Contributor ◎ Past Organization: Cloudneeti, Motifworks, NTT Data ◎ https://www.linkedin.com/in/rahulkhengare
  • 3.
    Agenda ◎ Need forContainer Security ◎ Overview of Microsoft Defender for Cloud ◎ Microsoft Defender Capabilities ◎ How it works ◎ Demo
  • 4.
    How you aresecuring the container workloads?
  • 5.
    Known Practices ◎ Useof private registry and trusted images ◎ Continuous Vulnerability scanning of images (Trivy, Encore) ◎ Limit container privileges ◎ Use of network segmentation ◎ Implement least privilege access (RBAC) ◎ Logging and Monitoring ◎ Implement runtime security for threat detection ◎ Preventive and detective policies - Kyverno ◎ Security and Compliance Audits ◎ Certificates, securing endpoints ◎ Many More …
  • 6.
    “ 93% experienced atleast one security incident in their Kubernetes environments in the last 12 months - State of Kubernetes security report * Kubernetes adoption, security, and market trends report 2022
  • 7.
    Microsoft Defender What itis? Capabilities? How it works?
  • 8.
    Overview of MicrosoftDefender for container ◎ Cloud Native solution to ○ Improve ○ Monitor ○ Maintain the security of your clusters, containers, and their applications. ◎ Multi-cloud Supports K8s offering and registries from different CSP like EKS, GKE, ECR ◎ Kubernetes Native Deployment at Scale ◎ Provides Security Alerts and Remediation Capabilities RUN TIME Threat Detection ENVIRONMENT HARDENING Cluster Configurations Vulnerability Container Image Container Security
  • 9.
    Environment Hardening 9 ◎ Continuousmonitoring of your Kubernetes clusters ○ Wherever they're hosted [AWS - EKS, Azure - AKS, GCP - GKE, On-Premise (using ARC)] ○ Continuously assess clusters to provide visibility of misconfigurations ○ Provide Guidelines to mitigate the issues ◎ Kubernetes data plane hardening ○ Azure Policy add on ◉ Extends Gatekeeper v3, required to apply at-scale auditing, enforcements and safeguards on clusters in a centralized, consistent manner. ○ Defender Daemonset ◉ Deployed to each worker node, collects security-related data and sends it to Defender for analysis. Required for runtime protections and security capabilities
  • 10.
  • 11.
    Vulnerability Assessment 11 ◎ SupportsAzure ACR and AWS ECR ◎ Triggers ○ On push ○ Recently pulled ○ On import ○ Continuous scan based on an image pull and for running images ◎ View and remediate findings ◎ Disable specific findings like severity below medium, non patchable findings
  • 12.
    Runtime Threat Protection 12 ◎Provides real-time threat protection ◎ Generates alerts for suspicious activities ◎ Threat protection at the cluster level ○ Provided by the Defender agent and analysis of the Kubernetes audit logs. ◎ Threat protection at Host level ◎ Monitors the attack surface of multi cloud Kubernetes deployments based on MITRE ATT&CK® matrix for Containers ◎ Examples: ○ Exposed Kubernetes dashboards, High-privileged roles, Sensitive mounts ○ Anomalous secret access, Detected suspicious file download, Possible backdoor detected
  • 13.
  • 14.
    How it works 14 ◎Defender for Containers receives and analyzes: ○ Audit logs and security events from the API server ○ Cluster configuration information from the control plane ○ Workload configuration from Azure Policy ○ Security signals and events from the node level ◎ Components deployed ○ Azure Policy add on ◉ Extends Gatekeeper v3, required to apply at-scale auditing, enforcements and safeguards on clusters in a centralized, consistent manner. [azure-policy, azure-policy-webhook] ○ Defender Profile Daemonset ◉ Deployed to each node provides the runtime protections and collects signals from nodes using eBPF technology. [Microsoft-defender-collector-ds, microsoft-defender-publisher-ds, microsoft-defender-collector-misc]
  • 15.
    How it worksfor AKS 15
  • 16.
    How it worksfor EKS 16
  • 17.
    How it worksfor GKE 17
  • 18.
  • 19.
  • 20.
    References ◎ Microsoft Defenderfor container ◎ Runtime alerts for Kubernetes cluster ◎ Azure provided container recommendations ◎ Vulnerable K8s for testing ◎ Azure Policies for K8s