SlideShare a Scribd company logo

DevSecOps for you Full Stack

Ron Nixon
Ron Nixon

The document discusses DevSecOps and how it adds security as a fundamental part of the development process. It introduces Polyverse's polymorphing technology which immunizes software stacks through continuous diversity, creating unique versions of Linux without impacting performance. The polymorphing build farm compiles source code in multiple ways to generate diverse binaries, providing benefits like reduced patching time and protection against zero-days.

Technology
1 of 17
Download to read offline
www.polyverse.comwww.polyverse.comwww.polyverse.com DevSecOps for Your Full Stack Stop attacks before they start. Ron Nixon VP Global Defense and Government ronald.nixon@polyverse.com
22 What is DevSecOps? DevOps is combination people, processes and technologies whose shared purpose is the rapid delivery of applications and/or services supported with constant feedback from user/customers. DevSecOps add security as a fundamental continuous part of the entire process. SEC SEC
33 The Layers vs. The Process
44 Example of a DevSecOps Technology Stack
5555 Polymorphic Technologies 5
66 Today – all computer operating systems are clones So when one is compromised. All are vulnerable.
77 Polyverse Polymorphing immunizes your entire software stack through continuous diversity 100111101 010010110 011001101 010010100 011010101 101001110 010010101 100001110 011110010 010010110 011101101 100010010 100111101 101100010 011101101 100111101 010010100 101010010 100011101 011110010 101010010 100111101 011110110 011101101 101100010 011101101 010010110 101010010 001010110 011101101 100001111 010010110 011101101 010010110 011101101 001110010 100001101 010010110 011101101 101010010 100111101 010010110 011101001 100111101 010110110 011101101
88 Polymorphing creates unique versions of Linux No change to performance, processes or interoperability
99 Polymorphing creates binary diversity void victim_function(size_t x) { if (x < array1_size) { temp &= array2[array1[x] * 512]; } } .cfi_startproc pushq %rbp .cfi_def_cfa_offset 16 .cfi_offset 6, -16 movq %rsp, %rbp .cfi_def_cfa_register 6 movq %rdi, -8(%rbp) movl array1_size(%rip), %eax movl %eax, %eax cmpq -8(%rbp), %rax jbe .L3 movq -8(%rbp), %rax addq $array1, %rax movzbl (%rax), %eax movzbl %al, %eax sall $9, %eax cltq movzbl array2(%rax), %edx movzbl temp(%rip), %eax andl %edx, %eax movb %al, temp(%rip) .cfi_startproc movl array1_size(%rip), %eax cmpq %rdi, %rax jbe .L1 movzbl array1(%rdi), %eax sall $9, %eax cltq movzbl array2(%rax), %eax andb %al, temp(%rip) .L1: rep ret .cfi_endproc .LFE4882: .size victim_function, .- victim_function .section .text.unlikely .LCOLDE0: .text .LHOTE0: .section .text.unlikely .LCOLDB1: .text .cfi_startproc jmp victim_function_isomorph .cfi_endproc .cfi_startproc movl array1_size(%rip), %ebx cmpq %rdi, %rax jbe .L1 movzbl array1(%rdi), %ebx sall $9, %ebx cltq movzbl array2(%rax), %ebx andb %al, temp(%rip) .L1: rep ret .cfi_endproc Same source code goes through the build farm and compiles in multiple different ways to create unique versions of the OS
1010 Polymorphing Build Farm
1111 Polymorphing - Key Benefits PATCHING TIME PROTECTION COST REDUCTION • 40% time savings through optimization of patching regime • 30% time savings in system configuration • Staff Retention due to more predictable hours • Protects against zero day vulnerabilities • Brand damage due to security breaches • Customer Loss due to negative PR • Due to time savings and reduction in over-time and out of hours pay • Reduction in downtime due to security breaches or security patching • Financial damages
1212 Build Farm – Key Benefits CONTROL VISIBILITY MANAGEABILITY • Custom Configuration: Create your own hardened and secured Linux distribution • Defends unpatched and legacy systems • Point in Time Cache: Roll back and rebuild from any point in time • Complete software supply chain integrity: kernel to application • Visibility of your entire Linux estate • No more need for after the fact auditing • Workforce Multiplier: Secure more systems with less • Deploy and manage at scale • No runtime or performance impact
13131313 Full Stack DevSecOps 1
1414 Example of a DevSecOps Technology Stack
1515 Build Farm: DevSecOps for the full app stack
1616 Any Questions? Visit our website: Polyverse.com or email me Ronald.Nixon@Polyverse.com
www.polyverse.com Thank You www.polyverse.com Thank You www.polyverse.com Thank You

Recommended

DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...
DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...
DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...
Simplilearn
 
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
Mohamed Nizzad
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
Amazon Web Services
 
DevOps - A Gentle Introduction
DevOps - A Gentle IntroductionDevOps - A Gentle Introduction
DevOps - A Gentle Introduction
CodeOps Technologies LLP
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
Amazon Web Services
 
An introduction to DevOps
An introduction to DevOpsAn introduction to DevOps
An introduction to DevOps
Alexander Meijers
 
What is DevOps? | DevOps Introduction | DevOps Tools | DevOps Tutorial For Be...
What is DevOps? | DevOps Introduction | DevOps Tools | DevOps Tutorial For Be...What is DevOps? | DevOps Introduction | DevOps Tools | DevOps Tutorial For Be...
What is DevOps? | DevOps Introduction | DevOps Tools | DevOps Tutorial For Be...
Simplilearn
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
Sonatype
 

Recommended

DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...
DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...
DevOps Tutorial For Beginners | DevOps Tutorial | DevOps Tools | DevOps Train...
Simplilearn
 
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
Mohamed Nizzad
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
Amazon Web Services
 
DevOps - A Gentle Introduction
DevOps - A Gentle IntroductionDevOps - A Gentle Introduction
DevOps - A Gentle Introduction
CodeOps Technologies LLP
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
Amazon Web Services
 
An introduction to DevOps
An introduction to DevOpsAn introduction to DevOps
An introduction to DevOps
Alexander Meijers
 
What is DevOps? | DevOps Introduction | DevOps Tools | DevOps Tutorial For Be...
What is DevOps? | DevOps Introduction | DevOps Tools | DevOps Tutorial For Be...What is DevOps? | DevOps Introduction | DevOps Tools | DevOps Tutorial For Be...
What is DevOps? | DevOps Introduction | DevOps Tools | DevOps Tutorial For Be...
Simplilearn
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
Sonatype
 
Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...
Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...
Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...
Simplilearn
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
Bhargav Amin
 
Dev ops != Dev+Ops
Dev ops != Dev+OpsDev ops != Dev+Ops
Dev ops != Dev+Ops
Shalu Ahuja
 
What Is DevOps?
What Is DevOps?What Is DevOps?
What Is DevOps?
Soumya De
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
Hawkman Academy
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
Amazon Web Services
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
Hendri Karisma
 
DevOps for beginners
DevOps for beginnersDevOps for beginners
DevOps for beginners
Pradeep Patel, PMP®
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptx
MohammadSaif904342
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
OPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
OPENSHIFT CONTAINER PLATFORM CI/CD Build & DeployOPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
OPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
Natale Vinto
 
DevOps introduction
DevOps introductionDevOps introduction
DevOps introduction
Mettje Heegstra
 
Jenkins Pipeline Tutorial | Continuous Delivery Pipeline Using Jenkins | DevO...
Jenkins Pipeline Tutorial | Continuous Delivery Pipeline Using Jenkins | DevO...Jenkins Pipeline Tutorial | Continuous Delivery Pipeline Using Jenkins | DevO...
Jenkins Pipeline Tutorial | Continuous Delivery Pipeline Using Jenkins | DevO...
Edureka!
 
DevOps and AWS
DevOps and AWSDevOps and AWS
DevOps and AWS
Shiva Narayanaswamy
 
Introduction to CICD
Introduction to CICDIntroduction to CICD
Introduction to CICD
Knoldus Inc.
 
DevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver FasterDevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver Faster
Amazon Web Services
 
An Introduction To Jenkins
An Introduction To JenkinsAn Introduction To Jenkins
An Introduction To Jenkins
Knoldus Inc.
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOps
Opsta
 
DevOps - A Gentle Introduction
DevOps - A Gentle IntroductionDevOps - A Gentle Introduction
DevOps - A Gentle Introduction
Ganesh Samarthyam
 
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
Edureka!
 
2018 07-24 network security at the speed of dev ops - webinar
2018 07-24 network security at the speed of dev ops - webinar2018 07-24 network security at the speed of dev ops - webinar
2018 07-24 network security at the speed of dev ops - webinar
AlgoSec
 
Devops phase-1
Devops phase-1Devops phase-1
Devops phase-1
G R VISHAL
 

More Related Content

What's hot

Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...
Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...
Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...
Simplilearn
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
Bhargav Amin
 
Dev ops != Dev+Ops
Dev ops != Dev+OpsDev ops != Dev+Ops
Dev ops != Dev+Ops
Shalu Ahuja
 
What Is DevOps?
What Is DevOps?What Is DevOps?
What Is DevOps?
Soumya De
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
Hawkman Academy
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
Amazon Web Services
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
Hendri Karisma
 
DevOps for beginners
DevOps for beginnersDevOps for beginners
DevOps for beginners
Pradeep Patel, PMP®
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptx
MohammadSaif904342
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
OPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
OPENSHIFT CONTAINER PLATFORM CI/CD Build & DeployOPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
OPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
Natale Vinto
 
DevOps introduction
DevOps introductionDevOps introduction
DevOps introduction
Mettje Heegstra
 
Jenkins Pipeline Tutorial | Continuous Delivery Pipeline Using Jenkins | DevO...
Jenkins Pipeline Tutorial | Continuous Delivery Pipeline Using Jenkins | DevO...Jenkins Pipeline Tutorial | Continuous Delivery Pipeline Using Jenkins | DevO...
Jenkins Pipeline Tutorial | Continuous Delivery Pipeline Using Jenkins | DevO...
Edureka!
 
DevOps and AWS
DevOps and AWSDevOps and AWS
DevOps and AWS
Shiva Narayanaswamy
 
Introduction to CICD
Introduction to CICDIntroduction to CICD
Introduction to CICD
Knoldus Inc.
 
DevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver FasterDevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver Faster
Amazon Web Services
 
An Introduction To Jenkins
An Introduction To JenkinsAn Introduction To Jenkins
An Introduction To Jenkins
Knoldus Inc.
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOps
Opsta
 
DevOps - A Gentle Introduction
DevOps - A Gentle IntroductionDevOps - A Gentle Introduction
DevOps - A Gentle Introduction
Ganesh Samarthyam
 
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
Edureka!
 

What's hot (20)

Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...
Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...
Introduction To DevOps | Devops Tutorial For Beginners | DevOps Training For ...
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
 
Dev ops != Dev+Ops
Dev ops != Dev+OpsDev ops != Dev+Ops
Dev ops != Dev+Ops
 
What Is DevOps?
What Is DevOps?What Is DevOps?
What Is DevOps?
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
 
DevOps for beginners
DevOps for beginnersDevOps for beginners
DevOps for beginners
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptx
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOps
 
OPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
OPENSHIFT CONTAINER PLATFORM CI/CD Build & DeployOPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
OPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
 
DevOps introduction
DevOps introductionDevOps introduction
DevOps introduction
 
Jenkins Pipeline Tutorial | Continuous Delivery Pipeline Using Jenkins | DevO...
Jenkins Pipeline Tutorial | Continuous Delivery Pipeline Using Jenkins | DevO...Jenkins Pipeline Tutorial | Continuous Delivery Pipeline Using Jenkins | DevO...
Jenkins Pipeline Tutorial | Continuous Delivery Pipeline Using Jenkins | DevO...
 
DevOps and AWS
DevOps and AWSDevOps and AWS
DevOps and AWS
 
Introduction to CICD
Introduction to CICDIntroduction to CICD
Introduction to CICD
 
DevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver FasterDevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver Faster
 
An Introduction To Jenkins
An Introduction To JenkinsAn Introduction To Jenkins
An Introduction To Jenkins
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOps
 
DevOps - A Gentle Introduction
DevOps - A Gentle IntroductionDevOps - A Gentle Introduction
DevOps - A Gentle Introduction
 
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
 

Similar to DevSecOps for you Full Stack

2018 07-24 network security at the speed of dev ops - webinar
2018 07-24 network security at the speed of dev ops - webinar2018 07-24 network security at the speed of dev ops - webinar
2018 07-24 network security at the speed of dev ops - webinar
AlgoSec
 
Devops phase-1
Devops phase-1Devops phase-1
Devops phase-1
G R VISHAL
 
DevOps explained
DevOps explainedDevOps explained
DevOps explained
Jérôme Kehrli
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks
Ulf Mattsson
 
Nutanix
NutanixNutanix
Nutanix
rosslili
 
Tell me how you provision and I'll tell you how you are
Tell me how you provision and I'll tell you how you areTell me how you provision and I'll tell you how you are
Tell me how you provision and I'll tell you how you are
Juan Vicente Herrera Ruiz de Alejo
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
Alert Logic
 
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
Amazon Web Services
 
Scale security for a dollar or less
Scale security for a dollar or lessScale security for a dollar or less
Scale security for a dollar or less
Mohammed A. Imran
 
Revolutionizing Enterprise Software Development through Continuous Delivery &...
Revolutionizing Enterprise Software Development through Continuous Delivery &...Revolutionizing Enterprise Software Development through Continuous Delivery &...
Revolutionizing Enterprise Software Development through Continuous Delivery &...People10 Technosoft Private Limited
 
PIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE - DevSecOps Automated
PIACERE - DevSecOps Automated
PIACERE
 
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessStrengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or less
Mohammed A. Imran
 
Using Cloud to Improve AppSec
Using Cloud to Improve AppSecUsing Cloud to Improve AppSec
Using Cloud to Improve AppSec
Phillip Marlow
 
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)
Qualitest
 
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic WebinarMaking the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Sumo Logic
 
Accelerate to the Cloud
Accelerate to the CloudAccelerate to the Cloud
Accelerate to the Cloud
Novell
 
Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014
Sophos Benelux
 
Ensuring Secure and Efficient Operations with DevOps Security
Ensuring Secure and Efficient Operations with DevOps SecurityEnsuring Secure and Efficient Operations with DevOps Security
Ensuring Secure and Efficient Operations with DevOps Security
Dev Software
 

Similar to DevSecOps for you Full Stack (20)

2018 07-24 network security at the speed of dev ops - webinar
2018 07-24 network security at the speed of dev ops - webinar2018 07-24 network security at the speed of dev ops - webinar
2018 07-24 network security at the speed of dev ops - webinar
 
Devops phase-1
Devops phase-1Devops phase-1
Devops phase-1
 
DevOps explained
DevOps explainedDevOps explained
DevOps explained
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks
 
Nutanix
NutanixNutanix
Nutanix
 
Tell me how you provision and I'll tell you how you are
Tell me how you provision and I'll tell you how you areTell me how you provision and I'll tell you how you are
Tell me how you provision and I'll tell you how you are
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
 
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
 
Scale security for a dollar or less
Scale security for a dollar or lessScale security for a dollar or less
Scale security for a dollar or less
 
Revolutionizing Enterprise Software Development through Continuous Delivery &...
Revolutionizing Enterprise Software Development through Continuous Delivery &...Revolutionizing Enterprise Software Development through Continuous Delivery &...
Revolutionizing Enterprise Software Development through Continuous Delivery &...
 
PIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE - DevSecOps Automated
PIACERE - DevSecOps Automated
 
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessStrengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or less
 
Using Cloud to Improve AppSec
Using Cloud to Improve AppSecUsing Cloud to Improve AppSec
Using Cloud to Improve AppSec
 
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)
 
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic WebinarMaking the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic Webinar
 
Accelerate to the Cloud
Accelerate to the CloudAccelerate to the Cloud
Accelerate to the Cloud
 
Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014
 
Devops
DevopsDevops
Devops
 
Ensuring Secure and Efficient Operations with DevOps Security
Ensuring Secure and Efficient Operations with DevOps SecurityEnsuring Secure and Efficient Operations with DevOps Security
Ensuring Secure and Efficient Operations with DevOps Security
 

Recently uploaded

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 

Recently uploaded (20)

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 

DevSecOps for you Full Stack

  • 1. www.polyverse.comwww.polyverse.comwww.polyverse.com DevSecOps for Your Full Stack Stop attacks before they start. Ron Nixon VP Global Defense and Government ronald.nixon@polyverse.com
  • 2. 22 What is DevSecOps? DevOps is combination people, processes and technologies whose shared purpose is the rapid delivery of applications and/or services supported with constant feedback from user/customers. DevSecOps add security as a fundamental continuous part of the entire process. SEC SEC
  • 3. 33 The Layers vs. The Process
  • 4. 44 Example of a DevSecOps Technology Stack
  • 6. 66 Today – all computer operating systems are clones So when one is compromised. All are vulnerable.
  • 7. 77 Polyverse Polymorphing immunizes your entire software stack through continuous diversity 100111101 010010110 011001101 010010100 011010101 101001110 010010101 100001110 011110010 010010110 011101101 100010010 100111101 101100010 011101101 100111101 010010100 101010010 100011101 011110010 101010010 100111101 011110110 011101101 101100010 011101101 010010110 101010010 001010110 011101101 100001111 010010110 011101101 010010110 011101101 001110010 100001101 010010110 011101101 101010010 100111101 010010110 011101001 100111101 010110110 011101101
  • 8. 88 Polymorphing creates unique versions of Linux No change to performance, processes or interoperability
  • 9. 99 Polymorphing creates binary diversity void victim_function(size_t x) { if (x < array1_size) { temp &= array2[array1[x] * 512]; } } .cfi_startproc pushq %rbp .cfi_def_cfa_offset 16 .cfi_offset 6, -16 movq %rsp, %rbp .cfi_def_cfa_register 6 movq %rdi, -8(%rbp) movl array1_size(%rip), %eax movl %eax, %eax cmpq -8(%rbp), %rax jbe .L3 movq -8(%rbp), %rax addq $array1, %rax movzbl (%rax), %eax movzbl %al, %eax sall $9, %eax cltq movzbl array2(%rax), %edx movzbl temp(%rip), %eax andl %edx, %eax movb %al, temp(%rip) .cfi_startproc movl array1_size(%rip), %eax cmpq %rdi, %rax jbe .L1 movzbl array1(%rdi), %eax sall $9, %eax cltq movzbl array2(%rax), %eax andb %al, temp(%rip) .L1: rep ret .cfi_endproc .LFE4882: .size victim_function, .- victim_function .section .text.unlikely .LCOLDE0: .text .LHOTE0: .section .text.unlikely .LCOLDB1: .text .cfi_startproc jmp victim_function_isomorph .cfi_endproc .cfi_startproc movl array1_size(%rip), %ebx cmpq %rdi, %rax jbe .L1 movzbl array1(%rdi), %ebx sall $9, %ebx cltq movzbl array2(%rax), %ebx andb %al, temp(%rip) .L1: rep ret .cfi_endproc Same source code goes through the build farm and compiles in multiple different ways to create unique versions of the OS
  • 11. 1111 Polymorphing - Key Benefits PATCHING TIME PROTECTION COST REDUCTION • 40% time savings through optimization of patching regime • 30% time savings in system configuration • Staff Retention due to more predictable hours • Protects against zero day vulnerabilities • Brand damage due to security breaches • Customer Loss due to negative PR • Due to time savings and reduction in over-time and out of hours pay • Reduction in downtime due to security breaches or security patching • Financial damages
  • 12. 1212 Build Farm – Key Benefits CONTROL VISIBILITY MANAGEABILITY • Custom Configuration: Create your own hardened and secured Linux distribution • Defends unpatched and legacy systems • Point in Time Cache: Roll back and rebuild from any point in time • Complete software supply chain integrity: kernel to application • Visibility of your entire Linux estate • No more need for after the fact auditing • Workforce Multiplier: Secure more systems with less • Deploy and manage at scale • No runtime or performance impact
  • 14. 1414 Example of a DevSecOps Technology Stack
  • 15. 1515 Build Farm: DevSecOps for the full app stack
  • 16. 1616 Any Questions? Visit our website: Polyverse.com or email me Ronald.Nixon@Polyverse.com