DevSecOps: Closing the Loop from Detection to Remediation

•Download as PPTX, PDF•

0 likes•10 views

DevSecOps sets out to relieve the costly and stressful delays that can occur when security testing is performed late in the game, by setting up processes and tools for "shifting left" so security testing can happen early and often. As organizations continue to embrace this DevSecOps approach, testing tools and practices are integrated even further left in the development pipeline. Join Senior Product Manager, Shiri Ivtsan, as she discusses: Where and how developers are implementing DevSecOps in the SDLC; Best practices for developers to adopt DevSecOps and more efficiently handle vulnerabilities; Necessary steps for implementing a process for detection, prioritization, and remediation of open source vulnerabilities.

Technology

DevSecOps: Closing The
Loop from Detection to
Remediation
Shiri Ivtsan, Senior Product Manager

 Integrate the security aspects and practices with the DevOps processes
 Use agile methodologies to deliver small, secure pieces of code in frequent
releases
 Automate the security processes whenever possible
 The best response to the bottleneck effect of older security models on the
modern continuous delivery pipeline
3
DevSecOps: Integrating DevOps & Security Culture

The Common Way of Handling Security Issues
Security teams
analyze and
prioritize
vulnerabilities
Sending emails or
opening
issues/tickets
Closing the loop on
resolution is hard

Shifting the Mindset: Shift Left and Close the Loop
 Build guardrails, don't be gatekeepers
 Avoid Bottlenecks in the process: If the process
slows you down, it needs to be changed
 Make security everyone’s responsibility
 Facilitate regular discussions about application
security throughout the development process

 Cost Reduction
 Speed of delivery
 ‘Secure by design’
 Open discussion
6
The Business Benefits of DevSecOps
Quality
Time
Cost

7
The Operational Benefits of DevSecOps
 Versions are up-to-date
 Nearly “zero” re-work
 Early identification of vulnerabilities in code
 Enables a culture of constant iterative improvements

8
Step 1: Know Your Goal
Baking Security Into Existing Workflows

10
Step 3: Determine Where to Automate
Build
Test
Detect
Issues
Remediate
Code

11
Prioritize  Automate  Remediate  Repeat

• Focus on remediation funnel with automated policies
• Business priority, effectiveness, exploitability, severity, availability
of fixes
• Smart remediation
• Update to the earliest non-vulnerable version
• Update lock files where possible
Vulnerabilities Prioritization

• of fixes
• Smart remediation
• Update to the earliest non-vulnerable version
• Update lock files where possible
Prioritization and Remediation – The Next Level
 Actionable information is critical: Minimum actions, maximum
impact
 Smart remediation
 Update to the earliest non-vulnerable version

Thank You!
For more info please contact us:
product@whitesourcesoftware.com

"DevSecOps sets out to relieve the costly and stressful delays that can occur when security testing is performed late in the game, by setting up processes and tools for ""shifting left"" so security testing can happen early and often. As organizations continue to embrace this DevSecOps approach, testing tools and practices are integrated even further left in the development pipeline. Join Senior Product Manager, Shiri Ivtsan, as she discusses: Where and how developers are implementing DevSecOps in the SDLC; Best practices for developers to adopt DevSecOps and more efficiently handle vulnerabilities; Necessary steps for implementing a process for detection, prioritization, and remediation of open source vulnerabilities."

Open Source Security: How to Lay the Groundwork for a Secure Culture

WhiteSource

Open-source components are prevalent in approximately 97% of modern applications and dominate anywhere between 60-80% of their codebases. This is hardly surprising given how integrating open source accelerates software development and enables organizations to keep up with today's frantic release pace and standards of constantly supplying new features and improvements. However, taking into consideration the fact that recent years have seen an upsurge in reported open-source vulnerabilities, whose details and exploits are publicly available, it's no wonder that organizations are increasingly directing focus towards ensuring that their open-source components are securely integrated into their software. Join Guy Bar-Gil, Product Manager at WhiteSource, as he discusses: 1. The four layers of open-source security 2. How to integrate continuous security into your SDLC 3. Best practices for organizations to own and execute the security process

Container Security: What Enterprises Need to Know

DevOps.com

Enterprises and application teams turn to containers to improve agility and increase the scalability of their environments and portability of their applications. But with these benefits come a number of serious security challenges and considerations. While some of the changes containerization brings to security are beneficial, others are a bit thornier. To avoid serious mistakes and data breaches, enterprises must understand how containers affect security and build a strategy to secure them.

The Challenges of Scaling DevSecOps

WhiteSource

Organizations enjoy the speed that DevOps brings to development and delivery. However, most security and compliance monitoring tools have not been able to keep up, becoming the most significant barrier to continuous delivery. Now some good news: you can easily integrate security into your existing processes to solve this challenge. In this session, Shiri Ivtsan, Senior Product Manager at WhiteSource, will discuss: - Leveraging the DevSecOps approach to help speed up security - Scaling security into your agile processes - 5 easy ways to start driving DevSecOps in your organization

CentOS Implementation - Who Will Support you?Sébastien Grimonet

Stratus avanceMassTLC

Shift Left Security - The What, Why and How

DevOps.com

The shift left approach in DevOps moves software testing earlier in its lifecycle to prevent defects early in the software delivery process. How can developers use this approach to ensure security? Josh Thorngren, VP of Marketing at Twistlock, will explain what it means to shift left, and share five steps to ensure a successful transition to a shift left approach with DevOps. Join this webinar to learn: Best practices in adopting a successful shift to the left How ‘shifting left’ promotes security How developers are the new security guards in protecting company information

Turning security into code by Jeff Williams

DevSecCon

It’s no secret that open source components form the backbone of today’s software, comprising between 60-80% of modern applications. But with this, comes the alarming rise in open source vulnerabilities – more than 3,500 open source vulnerabilities were reported in 2017 – that’s 60% higher than the previous year, and the trend continued in 2018. The question arises: how can DevOps teams ensure a visible and continuous delivery pipeline for software releases without letting security slow them down? Join WhiteSource’s Product Manager, Shiri Ivtsan, as she discusses: - The current state of open source vulnerabilities management; - The latest innovations in the open source security world; and - The best DevOps tools to protect organizations against open source vulnerabilities and ensure agility, visibility and control regarding their open source.

Adopting DevOps @ Scale: Lessons learned at Hertz, Kaiser Permanente and lBM

Jules Pierre-Louis

DevOps has become a major enabler of business innovation that can drive digital transformation at an enterprise level if done well. Challenges remain, however. Crossing the chasm from successful DevOps pilots with "two-pizza" teams to full enterprise adoption, including cultural transformation, best practices and tools remains a challenge. Join Alan Shimel as he hosts a panel discussion with Hertz' John LaFreniere, Kaiser Permanente's Raghunath Raman and IBM's Sanjeev Sharma on how traditional enterprises are accelerating innovation by adopting DevOps practices at scale across their organizations. Find out how: - Hertz is accelerating transformation of their platforms, business process and operating models with Cloud, DevOps and Agile. - Kaiser Permanente is managing the cultural, process and integration challenges of multi-speed IT. - IBM has embarked on a DevOps transformation that has engaged over 10,000 developers already -- including becoming one of the world's largest users of GitHub Enterprise. Watch to learn how to assess your organization’s readiness for scaling DevOps, and to identify next steps.

DevOps and DevSecOps, Incident Management

ShriniKulkarni

Outpost24 webinar - Why security perfection is the enemy of DevSecOps

Outpost24

The chase for security perfection is not uncommon. The idea of ‘shift left’ - locating defects from the beginning of SDLC and rectifying them early is a well-founded approach. But in a competitive business landscape, companies must balance the tradeoff between speed and quality to keep their business moving. Join our application security webinar and learn how to implement an agile DevSecOps to carry out the necessary security checks without compromising on time-to-market.

Lessons learned from Detroit to Deming by Derek Weeks

DevSecCon

State of DevSecOps - GTACS 2019

Stefan Streichsbier

The Journey to DevSecOps

SeniorStoryteller

DevSecCon KeyNote London 2015

Shannon Lietz

State of DevSecOps - DevOpsDays Jakarta 2019

Stefan Streichsbier

Open Source Defense for Edge 2017

Adrian Sanabria

Even though large breaches have hit headline news in years past, some companies are still on the fence about investing in cybersecurity. As a security practitioner (or jack of all trades) how can you be expected to cover your assets with zero budget? Thankfully, there are plenty of open-source tools out there that will allow you to secure your organization. Come join me as I discuss how you can track your network assets, perform vulnerability assessments, prevent attacks with intrusion prevention systems, and even deploy HIDS. We will also jump into finding sensitive data and PII in your network, as well as incident response tools and automation. All it costs is your time (and maybe a VM or two). You really can drastically improve the security posture of your network with little to no budget, and you’ll have fun doing it! OK, maybe it won’t be fun, but at least you’ll learn something, right?

Moving Security to the Left

Javier Godinez

Tackling the Container Iceberg:How to approach security when most of your sof...

WhiteSource

Container images are based on many direct and indirect open source dependencies, which most developers are not aware of. What are the security implications of only seeing the tip of the iceberg? What are the challenges one faces when relying so heavily on open source? And how can teams overcome these? Join Codefresh and WhiteSource, as they embark on a journey to tackle: The container iceberg - learn what are your blind spots The main security challenges when using open source in containerized applications The role of automation in open source security in containers A live demo showing how WhiteSource & Codefresh can allow you to automate open source security in containers throughout the DevOps pipeline

The Future of DevSecOps

Stefan Streichsbier

This talk by Stefan Streichsbier, Co-Founder of GuardRails.io, provides a brief history of how development, operations and security testing have become highly complex. It continues to outline the key problems with traditional security solutions and why in 2020 companies around the world are still figuring out a good way to manage security as part of rapid development cycles. Specifically, the big challenge of introducing and fixing new security issues versus tackling the existing security dept of existing applications. To quote Bishop Desmond Tutu, “There comes a point where we need to stop just pulling people out of the river. We need to go upstream and find out why they’re falling in.” After setting the stage, the remainder of the talk will focus on the paradigm shift that security solutions have to incorporate in order to solve the problem of sustainably secure applications on all layers. This will explore how the elements of Speed, Just in time training, and Data science have to be leveraged to empower development teams around the globe to get ahead for once and finally become able to move fast and be safe at the same time. The 3 core takeaways for the audience are: 1.) Where security practices have gone wrong so far. 2.) What new technologies will cause a paradigm shift in how security is applied at scale. 3.) How security will look like in 5-10 years.

Microservice Monitoring and Quality Management for Modern Apps and Infrastruc...

Jules Pierre-Louis

Containerization of microservice based applications enables full team responsibility from code, to operations and eventually maintenance, which enables faster time-to-market, shorter feedback cycles and maximizes continuousness delivery. This modern approach leads to a much higher rate of change, which in turn can lead to chaos. The challenge is how to make sense out of the chaos that deploying containerized microservices at scale creates, and how to get visibility into everything inside, outside and around the containers including the quality of the application’s services. Join the technical experts from Mesosphere and Instana as they tackle visibility and orchestration requirements to deploy and manage your containerized microservice apps and infrastructure.

Overcoming Security Challenges in DevOps

Alert Logic

DevOps: A Practical Guide

VictorOps

Tips for implementing secure cloud storage

CloudOYE - Cloud Hosting Provider

Silver Lining for Miles: DevOps for Building Security Solutions

SeniorStoryteller

The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...

WhiteSource

DevOps Introduction

Karthik Venkatesan

A journey into Application Security

Christian Martorella

DevSecOps - It can change your life (cycle)

Qualitest

What's hot

Open Source Security at Scale- The DevOps Challenge

WhiteSource

Adopting DevOps @ Scale: Lessons learned at Hertz, Kaiser Permanente and lBM

Jules Pierre-Louis

DevOps and DevSecOps, Incident Management

ShriniKulkarni

Outpost24 webinar - Why security perfection is the enemy of DevSecOps

Outpost24

Lessons learned from Detroit to Deming by Derek Weeks

DevSecCon

State of DevSecOps - GTACS 2019

Stefan Streichsbier

The Journey to DevSecOps

SeniorStoryteller

DevSecCon KeyNote London 2015

Shannon Lietz

State of DevSecOps - DevOpsDays Jakarta 2019

Stefan Streichsbier

Open Source Defense for Edge 2017

Adrian Sanabria

Moving Security to the Left

Javier Godinez

Tackling the Container Iceberg:How to approach security when most of your sof...

WhiteSource

The Future of DevSecOps

Stefan Streichsbier

Microservice Monitoring and Quality Management for Modern Apps and Infrastruc...

Jules Pierre-Louis

Overcoming Security Challenges in DevOps

Alert Logic

DevOps: A Practical Guide

VictorOps

Tips for implementing secure cloud storage

CloudOYE - Cloud Hosting Provider

Silver Lining for Miles: DevOps for Building Security Solutions

SeniorStoryteller

The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...

WhiteSource

DevOps Introduction

Karthik Venkatesan

What's hot (20)

Open Source Security at Scale- The DevOps Challenge

Adopting DevOps @ Scale: Lessons learned at Hertz, Kaiser Permanente and lBM

DevOps and DevSecOps, Incident Management

Outpost24 webinar - Why security perfection is the enemy of DevSecOps

Lessons learned from Detroit to Deming by Derek Weeks

State of DevSecOps - GTACS 2019

The Journey to DevSecOps

DevSecCon KeyNote London 2015

State of DevSecOps - DevOpsDays Jakarta 2019

Open Source Defense for Edge 2017

Moving Security to the Left

Tackling the Container Iceberg:How to approach security when most of your sof...

The Future of DevSecOps

Microservice Monitoring and Quality Management for Modern Apps and Infrastruc...

Overcoming Security Challenges in DevOps

DevOps: A Practical Guide

Tips for implementing secure cloud storage

Silver Lining for Miles: DevOps for Building Security Solutions

The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...

DevOps Introduction

Similar to DevSecOps: Closing the Loop from Detection to Remediation

A journey into Application Security

Christian Martorella

DevSecOps - It can change your life (cycle)

Qualitest

How to adapt the SDLC to the era of DevSecOps

Zane Lackey

From Zero to DevSecOps: How to Implement Security at the Speed of DevOps

DevOps.com

Your organization has already embraced the DevOps methodology? That’s a great start. But what about security? It’s a fact - many organizations fear that adding security to their DevOps practices will severely slow down their development processes. But this doesn’t need to be the case. Tune in to hear Jeff Martin, Senior Director of Product at WhiteSource, and Anders Wallgren, VP of Technology Strategy at Cloudbees, as they discuss: Why traditional DevOps has shifted, and what this will mean? Who should own security in the age of DevOps? Which tools and strategies are needed to implement continuous security throughout the DevOps pipeline?

Shift Left Save Resources DevSecOps and the CICD Pipeline

CloudZenix LLC

Continuous delivery best practices and essential tools

DBmaestro - Database DevOps

From Zero to DevSecOps: How to Implement Security at the Speed of DevOps

WhiteSource

Your organization has already embraced the DevOps methodology? That’s a great start. But what about security? It’s a fact - many organizations fear that adding security to their DevOps practices will severely slow down their development processes. But this doesn’t need to be the case. Tune in to hear Jeff Martin, Senior Director of Product at WhiteSource and Anders Wallgren, VP of Technology Strategy at Cloudbees, as they discuss: - Why traditional DevOps has shifted, and what this will mean - Who should own security in the age of DevOps - Which tools and strategies are needed to implement continuous security throughout the DevOps pipeline

Lessons from DevOps: Taking DevOps practices into your AppSec Life

Matt Tesauro

Bruce Lee once said “Don’t get set into one form, adapt it and build your own, and let it grow, be like water“. AppSec needs to look beyond itself for answers to solving problems since we live in a world of every increasing numbers of apps. Technology and apps have invaded our lives, so how to you lead a security counter-insurgency? One way is to look at the key tenants of DevOps and apply those that make sense to your approach to AppSec. Something has to change as the application landscape is already changing around us.

Security at the Speed of Software Development

DevOps.com

There are a lot of DevSecOps offerings that are just DevOps lipstick on a traditional security-as-a-gate pig. Also, security specialists, especially at large organizations, believe that better security comes from robust independent gating. On the other hand, DevOps has proven that you can safely deploy an order of magnitude or more faster than human gating can achieve. What's needed to add security to DevOps are tools that work well with rapid-cycle CI/CD pipelines and an approach that reinforces the DevOps culture and process changes. This requires that security specialists become self-service toolsmiths and coaches and stop thinking of their jobs as gatekeepers. This webinar will introduce a framework to accomplish this mindset shift. It includes guidance on the characteristics of tools compatible with DevOps. It has been successfully used in a large DevSecOps transformation at Comcast and has gained recognition in DevSecOps circles as a leading framework.

DevOps Security: How to Secure Your Software Development and Delivery

Dev Software

Software development and delivery is a complex and dynamic process that requires collaboration, automation, and quality. To meet the increasing demands of customers and businesses, software teams need to deliver software faster and more efficiently. But they also need to ensure that the software is secure and reliable. DevOps security, also known as DevSecOps, is a practice that integrates security into every stage of the software development lifecycle, from planning to deployment and beyond. DevOps security aims to improve efficiency and reduce risk by making security a shared responsibility for developers, IT operators, and security specialists.

Devops

penetration Tester

Why Security Engineer Need Shift-Left to DevSecOps?

Najib Radzuan

In the fusion between DevOps and DevSecOps, the pace and agility of the DevSecOps approach made AppSec and InfoSec were a little left behind. The DevOps squad topology does not involve any of the organization's AppSec and InfoSec Engineer. Many DevOps team are also not included them since they lack the information on how to manage and configure DevOps CI / CD pipelines and DevSecOps approaches. There's no shortage of talent — you probably don't have a mission worth getting out of bed or a culture that fosters continuous learning such DevSecOps skill and tools and growth where people feel psychologically safe. Besides, there is no shortage of skills — most have a poor understanding of what they need to be successful or the skills that need to leverage to improve their security posture.

The Netizen Approach to Security and Innovation

Netizen Corporation

DevSecOps Security: Is it Necessary?

Enov8

Security in the Software Development Life Cycle (SDLC)

Frances Coronel

Making security-agile matt-tesauro

Matt Tesauro

How to go from waterfall app dev to secure agile development in 2 weeks

Ulf Mattsson

Waterfall is based on the concept of sequential software development—from conception to ongoing maintenance—where each of the many steps flowed logically into the next. Join this webinar presentation to learn: - Why DevOps cannot effectively work in waterfall - How to use DevOps tools to optimize processes in either development or operations through automation We will also discuss what is needed to support full DevOps

Matt tesauro Lessons from DevOps: Taking DevOps practices into your AppSec Li...

Matt Tesauro

CONFidence 2015: Lessons from DevOps: Taking DevOps practices into your AppSe...

PROIDEA

Succeeding-Marriage-Cybersecurity-DevOps finalrkadayam

Similar to DevSecOps: Closing the Loop from Detection to Remediation (20)

A journey into Application Security

DevSecOps - It can change your life (cycle)

How to adapt the SDLC to the era of DevSecOps

From Zero to DevSecOps: How to Implement Security at the Speed of DevOps

Shift Left Save Resources DevSecOps and the CICD Pipeline

Continuous delivery best practices and essential tools

From Zero to DevSecOps: How to Implement Security at the Speed of DevOps

Lessons from DevOps: Taking DevOps practices into your AppSec Life

Security at the Speed of Software Development

DevOps Security: How to Secure Your Software Development and Delivery

Devops

Why Security Engineer Need Shift-Left to DevSecOps?

The Netizen Approach to Security and Innovation

DevSecOps Security: Is it Necessary?

Security in the Software Development Life Cycle (SDLC)

Making security-agile matt-tesauro

How to go from waterfall app dev to secure agile development in 2 weeks

Matt tesauro Lessons from DevOps: Taking DevOps practices into your AppSec Li...

CONFidence 2015: Lessons from DevOps: Taking DevOps practices into your AppSe...

Succeeding-Marriage-Cybersecurity-DevOps final

More from DevOps.com

Modernizing on IBM Z Made Easier With Open Source Software

DevOps.com

In the past decade, IDC has seen IBM Z evolve first from a siloed platform to what they call a "connected" platform, and then to a "transformative" platform. This transition has been driven by IBM, by the IBM Z software vendors, like Rocket Software, and by businesses themselves. IDC research shows that businesses that choose to modernize IBM Z achieve higher satisfaction than re-platformers and many are using open source software (OSS) in their modernization initiatives. Employing OSS makes it possible to crack the platform open and enable it to connect to the rest of the datacenter and the outside world. Join IDC guest speaker, Al Gillen and Peter Fandel as they take a deeper look at the value proposition associated with using commercially supported OSS in mission-critical environments, like IBM Z. In this webinar we’ll discuss: How OSS can neutralize the disparity between seasoned IBM Z and emerging developers The modernization initiatives that involve OSS What to consider before bringing OSS to IBM Z How Rocket Software is delivering commercially supported OSS to IBM Z

Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...

DevOps.com

With the growing adoption of Kubernetes, organizations want to take advantage of containerized Microsoft SQL Server 2019 to optimize transactional performance and accelerate time-to-insights from their business-critical data. However, as enterprises embrace hybrid cloud strategy, they need to consider several aspects based on the performance, cost and data protection requirements for running enterprise-grade SQL Server databases. In this webinar, we will compare and contrast various cloud-native platforms for SQL Server that would help CIOs, DevOps engineers, database administrators and applications architects to determine the most suitable platform that fits their business needs. Join us as we explore some exciting results from a recent performance benchmark study conducted by McKnight Consulting Group, an independent consulting firm, to compare the performance of Microsoft SQL Server 2019 on the best possible configurations of the following Kubernetes platforms: Diamanti Enterprise Kubernetes Platform Amazon Web Services Elastic Kubernetes Service (AWS EKS) Azure Kubernetes Service (AKS) Topics will include: Platform considerations and requirements for running Microsoft SQL Server 2019 Performance comparison and analysis of running SQL Server on various platform Best practices for running containerized SQL Server databases in Kubernetes environment

Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...

DevOps.com

Next Generation Vulnerability Assessment Using Datadog and Snyk

DevOps.com

Vulnerability assessment for teams can often be overwhelming. The dependency graph could be thousands of packages depending on the application. Triaging vulnerability data and prioritizing actions has historically been a very manual process, until now. With Datadog and Snyk, learn how to trace security and performance issues by leveraging continuous profiling capabilities for actionable insight that help developers remediate problems. Join us on Thursday, January 21 for a unique opportunity to learn more about continuous profiling, vulnerability management, and the benefit to customers from using both of these products. In this webinar, you will: Bust some myths around continuous profiling and learn how Datadog differentiates itself See decorated traces in action for sample Java applications and understand how Snyk + Datadog reduce time to triage supply chain vulnerabilities Learn roadmap information for upcoming public announcements from both partners

Vulnerability Discovery in the Cloud

DevOps.com

In the era of cloud generation, the constant activity around workloads and containers create more vulnerabilities than an organization can keep up with. Using legacy security vendors doesn't set you up for success in the cloud. You’re likely spending undue hours chasing, triaging and patching a countless stream of cloud vulnerabilities with little prioritization. Join us for this live webinar as we detail how to streamline host and container vulnerability workflows for your software teams wanting to build fast in the cloud. We'll be covering how to: Get visibility into active packages and associated vulnerabilities Reduce false positives by 98% Reduce investigation time by 30% Spot a legacy vendor looking to do some cloud washing

2021 Open Source Governance: Top Ten Trends and Predictions

DevOps.com

If you work in software development, jumpstart your engineering team in 2021—get ahead of the engineering curve and your competitors—by attending this must-watch open source trends and predictions webinar. Alex Rybak, Director of Product Management at Revenera, and Russ Eling, founder and CEO of OSS Engineering Consultants, share their top 10 open source usage, license compliance and security insights for the new year. Just a few hints at what you’ll learn more about: Where the adoption of shift-left is headed and the decisions you’ll face going forward The impact of a lack of software developer security training relative to pandemic fallout The broader role of the engineering team in open source management and governance The expanding role and impact of open source marketplaces such as GitHub Don’t miss the discussion for valuable insight and learning for software engineering teams

A New Year’s Ransomware Resolution

DevOps.com

2020 was a brutal year for ransomware. Cybercriminals operated without any human decency, targeting the most vulnerable and at-risk parties, such as hospitals, scientists, and global manufacturers. The approach has become more sophisticated and life-threatening, shifting from individual targets to global enterprises, destroying backups, blackmailing victims with public leakage of exfiltrated data, and paralyzing critical systems and infrastructure.

Getting Started with Runtime Security on Azure Kubernetes Service (AKS)

DevOps.com

As containers and Kubernetes are adopted in production, security is a critical concern and DevOps teams need to go beyond image scanning. Use cases such as runtime security, network visibility and segmentation, incident response and compliance become priorities as your Kubernetes security framework matures. In this talk, we’ll share an overview of runtime security, discuss approaches used by open source and commercial tools, and hear how users are getting started quickly without impacting developer productivity.

Don't Panic! Effective Incident Response

DevOps.com

In any fast-paced engineering environment, unexpected incidents can arise and escalate without warning. Without strong leadership within teams, you get chaotic, stressful, and tiring situations that waste valuable engineering time, slow down resolution, and most importantly, impact your customers. Operationally mature organisations use proven incident response systems led by Incident Commanders. Incident Commanders provide the leadership needed to help stabilize major incidents fast. In this webinar, we’ll take lessons learned from formalized incident response, such as those used by first responders, and show you how to apply those same practices to your organization. By utilising these methods you’ll improve both the speed and effectiveness of your team’s response, reducing the amount of downtime experienced. In this workshop, attendees will: Be introduced to the Incident Command System and learn how it can be adapted to their organisation Walk through the basics of incident response best practices Discuss examples of formal incident response from multiple organisations

Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture

DevOps.com

Chaos engineering is becoming a critical part of the DevOps toolchain when adopting Site Reliability Engineering (SRE) practices. Every system is becoming a distributed system and chaos engineering proclaims many advantages for them. It improves infrastructure automation, increases reliability and transforms incident management. However, an often-overlooked benefit of chaos engineering and SRE involves culture transformation. Culture is often touched upon when talking about chaos engineering and SRE but not as often as skills and process. In this webinar, we will discuss how you can build out a chaos engineering practice and how you can adopt a true blameless culture and maximize the potential of your team. You will learn how to: Hold blameless postmortems Share post mortems with other teams Run regular fire drills and game days Automate chaos experiments for continuous validation

Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport

DevOps.com

Enterprises are best served by leveraging an RBAC system to manage access to their SSH and Kubernetes resources. With Teleport, an open source software, employers are able to provide granular access controls to developers based on the access they need and when they need it. This makes it possible for employers to maintain secure access without getting in the way of their developers’ daily operations. Join Steven Martin, solution engineer at Teleport, as he demonstrates how to assign access to developers and SRE’s across environments with Teleport through roles mapped from enterprises’ identity providers or SSOs.

Monitoring Serverless Applications with Datadog

DevOps.com

Deliver your App Anywhere … Publicly or Privately

DevOps.com

Developers are increasingly adopting a microservices approach for their apps in order to gain rapid iteration capabilities required for delivering new services faster. However, delivering the App still requires multiple steps such as allocation of virtual IPs, provisioning the front load balancer, configuring firewall rules, configuring a public domain, and DDOS. At present, each of these steps requires coordination across multiple teams with multiple iterations per team. The time efficiencies gained by adopting microservices and cloud-native technologies is negated due to the time taken to deliver the App. In this session, Pranav Dharwadkar, VP of products at Volterra, and Jakub Pavlik, director of engineering, will help you understand these challenges and introduce a distributed proxy architecture that can alleviate the challenges across different cloud environments. This webinar will include a live demo using a distributed proxy architecture to advertise an App publicly and privately. In this webinar, you will learn: The steps required to deliver an App using the current approaches How a distributed proxy architecture can be used to deliver the app publicly and privately The operational benefits of a distributed proxy architecture for delivering new services

Securing medical apps in the age of covid final

DevOps.com

The COVID-19 pandemic has drastically altered the connected healthcare landscape, accelerating the usage of telemedicine and other remote healthcare delivery systems by as much as 11,000% for some populations. How has this unprecedented push affected healthcare and medical device application security? The security team at Intertrust recently analyzed 100 Android and iOS medical apps to find out. In this webinar, we'll discuss: Medical application and device threat trends The top mHealth security vulnerabilities uncovered in our analysis Strategies to keep your mHealth apps safe Future advances in digital healthcare and how your security can evolve with it

How to Build a Healthy On-Call Culture

DevOps.com

Raise your hand if you enjoy being buried in alerts or woken up at 2 a.m. — yeah … thought so. Ever-rising customer expectations around high availability and performance put massive pressure on the teams who develop and support SaaS products. And teams are literally losing sleep over it. Until outages and other incidents are a thing of the past, organizations need to invest in a way of dealing with them that won’t lead to burn-out. In this session, you’ll learn how to combine the latest tooling with DevOps practices in the pursuit of a sustainable incident response workflow. It’s all about transparency, actionable alerts, resilience and learning from each incident.

The Evolving Role of the Developer in 2021

DevOps.com

The role of the developer continues to change as they sit on the front line of application and even cloud infrastructure security. Today, developers are focused on innovating fast and improving security, but how do high-performing teams accomplish this? They commit code frequently, release often and update dependencies regularly (608x faster than others). In this webinar, we'll discuss the key traits of high-performing teams and how that impacts the role of the developer. Key Takeaways: Choose the best third party dependencies Determine the lowest effort upgrades between open source versions Solve for issues in both direct and transitive dependencies with a single-click Block and quarantine suspicious open source components

Service Mesh: Two Big Words But Do You Need It?

DevOps.com

Today, one of the big concepts buzzing in the app development world is service mesh. A service mesh is a configurable infrastructure layer for microservices application that makes communication flexible, reliable and fast. Let’s take a step back, though, and answer this question: Do you need a service mesh? Join this webinar to learn: What a service mesh is; when and why you need it — or when and why you may not App modernization journey and traffic management approaches for microservices-based apps How to make an informed decision based on cost and complexity before adopting service mesh Learn about NGINX Service Mesh in a live demo, and how it provides the best service mesh option for container-based L7 traffic management

Secure Data Sharing in OpenShift Environments

DevOps.com

Red Hat OpenShift is enabling quicker adoption of DevOps practices. Containers are an essential component of DevOps and the OpenShift Kubernetes Container Platform is integral for orchestration within these environments. Data security is now challenged to keep pace with the size and scope of container usage. The migration from legacy in-house deployments to hybrid-cloud installations has created new attack surfaces as data is shared more freely in Kubernetes deployments. Protecting data at rest and in motions is a necessity. Learn how you can keep data protected and securely share data in OpenShift environments with real-time data protection solutions.

How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...

DevOps.com

Managing access permissions in the public cloud can be a very complex process. In fact, by 2023, 75% of cloud security failures will result from the inadequate management of identities, access and privileges, according to Gartner. Join us as Guy Flechter, CISO of AppsFlyer, presents a real-world case of how his company works to enforce least-privilege and to govern identities in their cloud. This webinar will also provide an overview of how to govern access and achieve least privilege by analyzing the access permissions and activity in your public cloud environment. With thousands of human and machine identities, roles, policies and entitlements, this webinar will give you the tools to examine the access open to people and services in your public cloud, and determine whether that access is necessary. In this workshop, you will learn about: The risks of IAM misconfiguration and excessive entitlements in cloud environments The challenges in identifying and mitigating Identity and access risks for both human and machine identities How to automate cloud identity governance and entitlement management with Ermetic

Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...

DevOps.com

Open-source machine learning can be transformative, but without the proper tools in place, enterprises struggle to balance the IT security and governance requirements with the need to deliver these powerpoint tools into the hands of their developers and modelers. How can organizations get the latest technology from the open-source brain trust, while ensuring enterprise-grade management and security? In this webinar, we will discuss how Anaconda Team Edition, available on RedHat Marketplace, enables IT departments to mirror a curated set of packages into their organization in a safe and governed way. Join Michael Grant, VP of services at Anaconda, to discuss: How IT organizations are using Anaconda Team Edition to curate, govern and secure Python and R packages Tips for how development and data science teams can get the most out of Team Edition, from uploading your own packages to building custom channels for groups or projects How to distribute conda environments to desktops, servers and clusters: GUI-based installers for desktop users “Conda packs” for automated delivery to remote servers and distributed computing clusters Conda-enabled Docker containers for application deployment

More from DevOps.com (20)

Modernizing on IBM Z Made Easier With Open Source Software

Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...

Next Generation Vulnerability Assessment Using Datadog and Snyk

Vulnerability Discovery in the Cloud

2021 Open Source Governance: Top Ten Trends and Predictions

A New Year’s Ransomware Resolution

Getting Started with Runtime Security on Azure Kubernetes Service (AKS)

Don't Panic! Effective Incident Response

Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture

Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport

Monitoring Serverless Applications with Datadog

Deliver your App Anywhere … Publicly or Privately

Securing medical apps in the age of covid final

How to Build a Healthy On-Call Culture

The Evolving Role of the Developer in 2021

Service Mesh: Two Big Words But Do You Need It?

Secure Data Sharing in OpenShift Environments

How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...

Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

DevOps and Testing slides at DASA Connect

Kari Kakkonen

Bits & Pixels using AI for Good.........

Alison B. Lowndes

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

Knowledge engineering: from people to machines and back

Elena Simperl

JMeter webinar - integration with InfluxDB and Grafana

RTTS

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Paul Groth

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

Recently uploaded (20)