Enhancing OpenShift Security for Business Critical Deployments

Docker Security Paradigm

Anis LARGUEM

Docker Security - Continuous Container Security

Dieter Reuter

Docker Runtime Security

While there have been many improvements around securing containers, there is still a large gap in monitoring the behaviour of containers in production. Sysdig Falco is an open source behavioural activity monitor for containerized environments. Sysdig Falco can detect and alert on anomalous behaviour at the application, file, system, and network level. In this session get a deep dive into Falco: How does behavioural security differ from existing security solutions like image scanning, seccomp, SELinux or AppArmor? What can Sysdig Falco detect? Building and customizing rules for your Docker and Kubernetes apps. Forensics analysis with Sysdig Inspect even when the container doesn't exist anymore! Read more on: https://sysdig.com/blog/docker-runtime-security/ https://sysdig.com/blog/runtime-security-kubernetes-sysdig-falco/

Docker security introduction-task-2016

Ricardo Gerardi

Veer's Container Security

Jim Barlow

A talk given at Docker London on Wednesday, July 20th, 2016. This talk is a fast-paced overview of the potential threats faced when containerizing applications, married to a quick run-through of the "security toolbox" available in the Docker engine via Linux kernel capabilities and features enabled by OCI's libcontainer/runc and Docker. A video recording of this talk is available here: https://skillsmatter.com/skillscasts/8551-container-security

The state of the swarm

Mathieu Buffenoir

Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker

Join SwarmKit maintainers Drew and Nishant as they showcase features that have made Swarm Mode even more powerful, without compromising the operational simplicity it was designed with. They will discuss the implementation of new features that streamline deployments, increase security, and reduce downtime. These substantial additions to Swarm Mode are completely transparent and straightforward to use, and users may not realize they're already benefiting from these improvements under the hood.

Wordpress y Docker, de desarrollo a produccion

Docker esta revolucionando cómo desplegamos nuestras aplicaciones. Desde el entorno de desarrollo hasta la puesta en producción. Veremos las ventajas que nos aporta Docker para el desarrollo en WordPress, las herramientas y procesos desde el punto de vista de un desarrollador. A la hora de mover nuestra aplicación WordPress a producción, presentaremos los retos que presenta y las ventajas que aportan herramientas de orquestación como Kubernetes. Tanto si eres un desarrollador como si también tienes que gestionar los sistemas que alojan tu WordPress, saldrás de esta charla queriendo poner todos tus WordPress en contenedores.

Continuous Security

Continuous Delivery helps to keep your software and Docker images updated and deploy new versions in production easily. Microservices are great reducing the attack vector and limiting the privileges or credentials access of each piece of your application. Containers provide an opportunity to implement better security, small, immutable, single process and purpose. In this session, we will discover real use case examples on how to make your CI/CD pipeline interact with Docker security tools. But security doesn’t stop where your deployment pipeline ends. How we can prepare for 0-days and policy violations that happen at run-time? Can we make it part of the CI/CD process?

Docker Security Overview

A Survey of Container Security in 2016: A Security Update on Container Platforms

Salman Baset

Docker Swarm 0.2.0

Docker Mentorweek beginner workshop notes

Cloning Running Servers with Docker and CRIU by Ross Boucher

Docker containers encapsulate everything you need to describe and run a process, but the lifecycle of a process remains the same: it starts, it runs for a while, and then it ends. This talk will demonstrate how to combine Docker with a tool called CRIU to “roll-back” running processes to an earlier state. CRIU, which stands for Checkpoint & Restore in User Space, creates a complete snapshot of the state of a process, including things like memory contents, file descriptors, and even open tcp connections. It can be used for suspending and resuming processes, or live migrating them from one machine to another. Our developer tool, Tonic, uses it to allow developers to change their code in the middle of a program without restarting from the beginning. We’ll show how we use the Docker Remote API to do this in production thousands of times a day.

Deep Dive into Docker Swarm Mode

Ajeet Singh Raina

Since its first 1.12 release on July 2016, Docker Swarm Mode has matured enough as a clustering and scheduling tool for IT administrators and developers who can easily establish and manage a cluster of Docker nodes as a single virtual system. Swarm mode integrates the orchestration capabilities of Docker Swarm into Docker Engine itself and help administrators and developers with the ability to add or subtract container iterations as computing demands change. With sophisticated but easy to implement features like built-in Service Discovery, Routing Mesh, Secrets, declarative service model, scaling of the services, desired state reconciliation, scheduling, filters, multi-host networking model, Load-Balancing, rolling updates etc. Docker 17.06 is all set for production-ready product today. Join me webinar organised by Docker Izmir, to get familiar with the current Swarm Mode capabilities & functionalities across the heterogeneous environments.

Docker on openstack by OpenSource Consulting

Open Source Consulting

It's presentation for technet 2015 in korea. I changed the format to pptx, 목차는 아래와 같습니다. Openstack 인프라 구축 (4 node 구성) [ 30분] Openstack 위에 VM 생성 [ 20분 ] docker 구축 기초 [ 30분] 오픈스택에 docker를 연결 [ 30분] Docker로 WEB서비스 구축 [ 15분] Openstack 위에 Docker로 WEB서비스 구축 [ 15분] Docker로 jenkins 구현 [30분]

CoreOS Overview and Current Status

What should be PID 1 in a container ? by Ranjith Rajaram for #rootConf 2017

Ranjith Rajaram

Introduction to docker security

Walid Ashraf

The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori

True microservices are more than simply bolting a REST interface on your legacy application, packing it in a Docker container and hoping for the best. Security is a key component when designing and building out any new architecture, and it must be considered from top to bottom. Umpa Lumpas might not be considered "real" microservices, but Willy Wonka still has them locked down tight! In this talk, Aaron will briefly touch on the idea and security benefits of microservices before diving into practical and real world examples of creating a secure microservices architecture. We'll start with designing and building high security Docker containers, using and examining the latest security features in Docker (such as User Namespaces and seccomp-bpf) as well as examine some typically forgotten security principals. Aaron will end on exploring related challenges and solutions in the areas of network security, secrets management and application hardening. Finally, while this talk is geared towards Microservices, it should prove informational for all Docker users, building a PaaS or otherwise.

Introction to docker swarm

Hsi-Kai Wang

Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...

At Docker, we are striving to enable the extensibility of Docker via "Plugins" and make them available for developers and enterprises alike. Come attend this talk to understand what it takes to build, ship, store and run plugins. We will deep dive into plugin lifecycle management on a single engine and across a swarm cluster. We will also demonstrate how you can integrate plugins from other enterprises or developers into your ecosystem. There will be fun demos accompanying this talk! This will be session will be beneficial to you if you: 1) Are an ops team member trying to integrate Docker with your favorite storage or network vendor 2) Are Interested in extending or customizing Docker; or 3) Want to become a Docker partner, and want to make the technology integration seamless.

Running High Performance and Fault Tolerant Elasticsearch Clusters on Docker

Sematext Group, Inc.

Sematext engineer Rafal Kuc (@kucrafal) walks through the details of running high-performance, fault tolerant Elasticsearch clusters on Docker. Topics include: Containers vs. Virtual Machines, running the official Elasticsearch container, container constraints, good network practices, dealing with storage, data-only Docker volumes, scaling, time-based data, multiple tiers and tenants, indexing with and without routing, querying with and without routing, routing vs. no routing, and monitoring. Talk was delivered at DevOps Days Warsaw 2015.

Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境

謝宗穎

Containers and Security for DevOps

Securing the Container Pipeline

Talk given by Cem Gürkök, Lead InfoSec Engineer at Salesforce, at DockerCon 16 in June 2016 Customer trust and security is paramount for Salesforce. While containerization is great for DevOps due to flexibility, speed, isolation, transient existence, ease of management and patching, it becomes a challenging environment when the sensitivity level of the data traversing the environment increases. Monitoring systems, applications and network; performing disk, memory and network forensics in case of an incident; and vulnerability detection can easily become daunting tasks in such a volatile environment. In this presentation we would like to discuss the infrastructure we have built to address these issues and to secure our Docker container platform while we rapidly containerize Salesforce. Our solutions focus on securing the container pipeline, building security into the architecture, monitoring, Docker forensics (disk, memory, network), and automation. We also would like to demonstrate some of our live memory analysis capabilities we leverage to assure container and application integrity during execution.

What's hot

Docker London: Container Security

Phil Estes

The state of the swarm

Mathieu Buffenoir

Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker

Wordpress y Docker, de desarrollo a produccion

Continuous Security

Docker Security Overview

A Survey of Container Security in 2016: A Security Update on Container Platforms

Salman Baset

Docker Swarm 0.2.0

Docker Mentorweek beginner workshop notes

Cloning Running Servers with Docker and CRIU by Ross Boucher

Deep Dive into Docker Swarm Mode

Ajeet Singh Raina

Docker on openstack by OpenSource Consulting

Open Source Consulting

CoreOS Overview and Current Status

What should be PID 1 in a container ? by Ranjith Rajaram for #rootConf 2017

Ranjith Rajaram

Introduction to docker security

Walid Ashraf

The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori

Introction to docker swarm

Hsi-Kai Wang

Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...

Running High Performance and Fault Tolerant Elasticsearch Clusters on Docker

Sematext Group, Inc.

Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境

謝宗穎

What's hot (20)

Docker London: Container Security

The state of the swarm

Under the Hood with Docker Swarm Mode - Drew Erny and Nishant Totla, Docker

Wordpress y Docker, de desarrollo a produccion

Continuous Security

Docker Security Overview

A Survey of Container Security in 2016: A Security Update on Container Platforms

Docker Swarm 0.2.0

Docker Mentorweek beginner workshop notes

Cloning Running Servers with Docker and CRIU by Ross Boucher

Deep Dive into Docker Swarm Mode

Docker on openstack by OpenSource Consulting

CoreOS Overview and Current Status

What should be PID 1 in a container ? by Ranjith Rajaram for #rootConf 2017

Introduction to docker security

The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori

Introction to docker swarm

Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...

Running High Performance and Fault Tolerant Elasticsearch Clusters on Docker

Docker summit 2015: 以 Docker Swarm 打造多主機叢集環境

Similar to Enhancing OpenShift Security for Business Critical Deployments

Containers and Security for DevOps

Securing the Container Pipeline

Securing the Container Pipeline at Salesforce by Cem Gurkok

Customer trust and security is paramount for Salesforce. While containerization is great for DevOps due to flexibility, speed, isolation, transient existence, ease of management and patching, it becomes a challenging environment when the sensitivity level of the data traversing the environment increases. Monitoring systems, applications and network; performing disk, memory and network forensics in case of an incident; and vulnerability detection can easily become daunting tasks in such a volatile environment. In this presentation we would like to discuss the infrastructure we have built to address these issues and to secure our Docker container platform while we rapidly containerize Salesforce. Our solutions focus on securing the container pipeline, building security into the architecture, monitoring, Docker forensics (disk, memory, network), and automation. We also would like to demonstrate some of our live memory analysis capabilities we leverage to assure container and application integrity during execution.

Lions, Tigers and Deers: What building zoos can teach us about securing micro...

The Future of Security and Productivity in Our Newly Remote World

Andy has made mistakes. He's seen even more. And in this talk he details the best and the worst of the container and Kubernetes security problems he's experienced, exploited, and remediated. This talk details low level exploitable issues with container and Kubernetes deployments. We focus on lessons learned, and show attendees how to ensure that they do not fall victim to avoidable attacks. See how to bypass security controls and exploit insecure defaults in this technical appraisal of the container and cluster security landscape.

WTF my container just spawned a shell!

Suresh Thivanka Rupasinghe

Container Security Mmanagement

Docker Containers Security

Stephane Woillez

Understanding container security

John Kinsella

Automated Malware Analysis and Cyber Security Intelligence

Jason Choi

Database Firewall with Snort

Narudom Roongsiriwong, CISSP

Database firewall is a useful tool that monitor databases to identify and protect against database specific attacks that mostly seek to access sensitive information stored in the databases. However the commercial database firewalls are expensive and needs specific product knowledge, while the opensource database firewalls are designed for specific opensource database servers. In order to fulfill the need of inexpensive database firewall, Snort - an opensource IDS/IPS - is possible to achieve the goal in some scenarios with familiar rule writing. The paper will explain the limitation of Snort as a database firewall, constraints in commercial database statement and some example implementation.

DCSF19 Container Security: Theory & Practice at Netflix

Michael Wardrop, Netflix Usage of containers has undergone rapid growth at Netflix and it is still accelerating. Our container story started organically with developers downloading Docker and using it to improve their developer experience. The first production workloads were simple batch jobs, pioneering micro-services followed, then status as a first class platform running critical workloads. As the types of workloads changed and their importance increased, the security of our container ecosystem needed to evolve and adapt. This session will cover some security theory, architecture, along with practical considerations, and lessons we learnt along the way.

Hacking Tizen : The OS of Everything - Nullcon Goa 2015

Ajin Abraham

Tizen is an operating system which is built to run on various kinds of devices. Tizen OS defines following profiles based on the devices types supported. Tizen IVI (in-vehicle infotainment) Tizen Mobile Tizen TV, and Tizen Wearable Samsung's first Tizen-based devices are set to be launched in India in Nov 2014. This paper presents the research outcome on the security analysis of Tizen OS. The paper begins with a quick introduction to Tizen architecture which explains the various components of Tizen OS. This will be followed by Tizen's security model, where Application Sandboxing and Resource Access Control powered by Smack will be explained. The vulnerabilities in Tizen identified during the research and responsibly disclosed to Tizen community will be discussed. This includes issues like Tizen WebKit2 Address spoofing and content injection, Buffer Overflows, Issues in Memory Protection like ASLR and DEP, Injecting SSL Certificate into Trusted Zone, (Shellshock) CVE-2014-6271 etc. Applications in Tizen can be written in HTML5/JS/CSS or natively using C/C++. Overview of pentesting Tizen application will be presented along with some of the issues impacting the security of Tizen application. There will be comparisons made to Android application, and how these security issues differ with Tizen. For eg: Security issues with inter application communication with custom URL schemes or intent broadcasting in Android as opposed to using MessagePort API in Tizen. Issues with Webview & JavaScript Bridge in Android compared to how the web to native communication is handled with Tizen etc. Tizen is late to enter into the market as compared to Android or iOS, which gives it the benefit of learning from the mistakes impacting the security of mobile OS, and fixing these issues right in the Security Architecture. To conclude, a verdict would be provided by the speaker on how much Tizen has achieved with regard to making this mobile OS a secure one.

XPDS16: A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, ...

The Linux Foundation

Docker and other container runtimes are gathering momentum and becoming the new industry standard for server applications. Linux namespaces, commonly used to run Docker apps, come with a large surface of attack which is difficult to reduce. Intel’s Clear Containers use KVM to run containers as VMs to provide additional isolation. It is possible to provide VM-like isolation for containers without sacrificing performance. This talk focuses on the benefits of using Xen to provide an execution environment for Docker apps. The presentation starts by listing the requirements of this environment. It explains why monitoring container syscalls is important and what its security benefits are. The talk introduces a new paravirtualized protocol to virtualize IP sockets and provides the design and implementation details. The presentation clarifies the impact of the new protocol from a security perspective. The discussion concludes by comparing performance figures with the traditional PV network frontend and backend drivers in Linux, explaining the reasons for any performance gaps.

Managed Threat Detection and Response

Alert Logic

Kernel Mode Threats and Practical Defenses

Priyanka Aash

Recent advancements in OS security from Microsoft such as PatchGuard, Driver Signature Enforcement, and SecureBoot have helped curtail once-widespread commodity kernel mode malware such as TDL4 and ZeroAccess. However, advanced attackers have found ways of evading these protections and continue to leverage kernel mode malware to stay one step ahead of the defenders. We will examine the techniques from malware such as DoublePulsar, SlingShot, and Turla that help attackers evade endpoint defenses. We will also reveal a novel method to execute a fully kernel mode implant without hitting disk or being detected by security products. The method builds on publicly available tools which makes it easily within grasp of novice adversaries. While attacker techniques have evolved to evade endpoint protections, the current state of the art in kernel malware detection has also advanced to hinder these new kernel mode threats. We will discuss these new defensive techniques to counter kernel mode threats, including real-time detection techniques that leverage hypervisors along with an innovative hardware assisted approach that utilizes performance monitoring units. In addition, we will discuss on-demand techniques that leverage page table entry remapping to hunt for kernel malware at scale. To give defenders a leg up, we will release a tool that is effective at thwarting advanced kernel mode threats. Kernel mode threats will only continue to grow in prominence and impact. This talk will provide both the latest attacker techniques in this area, and a new tool to curtail these attacks, proving real-world strategies for immediate implementation.

AWS re:Invent 2016: Securing Container-Based Applications (CON402)

Amazon Web Services

Containers have had an incredibly large adoption rate since Docker was launched, especially from the developer community, as it provides an easy way to package, ship, and run applications. Securing your container-based application is now becoming a critical issue as applications move from development into production. In this session, you learn ways to implement storing secrets, distributing AWS privileges using IAM roles, protecting your container-based applications with vulnerability scans of container images, and incorporating automated checks into your continuous delivery workflow.

AWS re:Invent 2016: Securing Container-Based Applications (CON402)

Amazon Web Services

Docker Security

antitree

Container Security

Salman Baset

Similar to Enhancing OpenShift Security for Business Critical Deployments (20)

Containers and Security for DevOps

Securing the Container Pipeline

Securing the Container Pipeline at Salesforce by Cem Gurkok

Lions, Tigers and Deers: What building zoos can teach us about securing micro...

The Future of Security and Productivity in Our Newly Remote World

WTF my container just spawned a shell!

Container Security Mmanagement

Docker Containers Security

Understanding container security

Automated Malware Analysis and Cyber Security Intelligence

Database Firewall with Snort

DCSF19 Container Security: Theory & Practice at Netflix

Hacking Tizen : The OS of Everything - Nullcon Goa 2015

XPDS16: A Paravirtualized Interface for Socket Syscalls - Dimitri Stiliadis, ...

Managed Threat Detection and Response

Kernel Mode Threats and Practical Defenses

AWS re:Invent 2016: Securing Container-Based Applications (CON402)

Docker Security

Container Security

More from DevOps.com

Modernizing on IBM Z Made Easier With Open Source Software

In the past decade, IDC has seen IBM Z evolve first from a siloed platform to what they call a "connected" platform, and then to a "transformative" platform. This transition has been driven by IBM, by the IBM Z software vendors, like Rocket Software, and by businesses themselves. IDC research shows that businesses that choose to modernize IBM Z achieve higher satisfaction than re-platformers and many are using open source software (OSS) in their modernization initiatives. Employing OSS makes it possible to crack the platform open and enable it to connect to the rest of the datacenter and the outside world. Join IDC guest speaker, Al Gillen and Peter Fandel as they take a deeper look at the value proposition associated with using commercially supported OSS in mission-critical environments, like IBM Z. In this webinar we’ll discuss: How OSS can neutralize the disparity between seasoned IBM Z and emerging developers The modernization initiatives that involve OSS What to consider before bringing OSS to IBM Z How Rocket Software is delivering commercially supported OSS to IBM Z

Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...

With the growing adoption of Kubernetes, organizations want to take advantage of containerized Microsoft SQL Server 2019 to optimize transactional performance and accelerate time-to-insights from their business-critical data. However, as enterprises embrace hybrid cloud strategy, they need to consider several aspects based on the performance, cost and data protection requirements for running enterprise-grade SQL Server databases. In this webinar, we will compare and contrast various cloud-native platforms for SQL Server that would help CIOs, DevOps engineers, database administrators and applications architects to determine the most suitable platform that fits their business needs. Join us as we explore some exciting results from a recent performance benchmark study conducted by McKnight Consulting Group, an independent consulting firm, to compare the performance of Microsoft SQL Server 2019 on the best possible configurations of the following Kubernetes platforms: Diamanti Enterprise Kubernetes Platform Amazon Web Services Elastic Kubernetes Service (AWS EKS) Azure Kubernetes Service (AKS) Topics will include: Platform considerations and requirements for running Microsoft SQL Server 2019 Performance comparison and analysis of running SQL Server on various platform Best practices for running containerized SQL Server databases in Kubernetes environment

Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...

Next Generation Vulnerability Assessment Using Datadog and Snyk

Vulnerability assessment for teams can often be overwhelming. The dependency graph could be thousands of packages depending on the application. Triaging vulnerability data and prioritizing actions has historically been a very manual process, until now. With Datadog and Snyk, learn how to trace security and performance issues by leveraging continuous profiling capabilities for actionable insight that help developers remediate problems. Join us on Thursday, January 21 for a unique opportunity to learn more about continuous profiling, vulnerability management, and the benefit to customers from using both of these products. In this webinar, you will: Bust some myths around continuous profiling and learn how Datadog differentiates itself See decorated traces in action for sample Java applications and understand how Snyk + Datadog reduce time to triage supply chain vulnerabilities Learn roadmap information for upcoming public announcements from both partners

Vulnerability Discovery in the Cloud

In the era of cloud generation, the constant activity around workloads and containers create more vulnerabilities than an organization can keep up with. Using legacy security vendors doesn't set you up for success in the cloud. You’re likely spending undue hours chasing, triaging and patching a countless stream of cloud vulnerabilities with little prioritization. Join us for this live webinar as we detail how to streamline host and container vulnerability workflows for your software teams wanting to build fast in the cloud. We'll be covering how to: Get visibility into active packages and associated vulnerabilities Reduce false positives by 98% Reduce investigation time by 30% Spot a legacy vendor looking to do some cloud washing

2021 Open Source Governance: Top Ten Trends and Predictions

If you work in software development, jumpstart your engineering team in 2021—get ahead of the engineering curve and your competitors—by attending this must-watch open source trends and predictions webinar. Alex Rybak, Director of Product Management at Revenera, and Russ Eling, founder and CEO of OSS Engineering Consultants, share their top 10 open source usage, license compliance and security insights for the new year. Just a few hints at what you’ll learn more about: Where the adoption of shift-left is headed and the decisions you’ll face going forward The impact of a lack of software developer security training relative to pandemic fallout The broader role of the engineering team in open source management and governance The expanding role and impact of open source marketplaces such as GitHub Don’t miss the discussion for valuable insight and learning for software engineering teams

A New Year’s Ransomware Resolution

2020 was a brutal year for ransomware. Cybercriminals operated without any human decency, targeting the most vulnerable and at-risk parties, such as hospitals, scientists, and global manufacturers. The approach has become more sophisticated and life-threatening, shifting from individual targets to global enterprises, destroying backups, blackmailing victims with public leakage of exfiltrated data, and paralyzing critical systems and infrastructure.

Getting Started with Runtime Security on Azure Kubernetes Service (AKS)

As containers and Kubernetes are adopted in production, security is a critical concern and DevOps teams need to go beyond image scanning. Use cases such as runtime security, network visibility and segmentation, incident response and compliance become priorities as your Kubernetes security framework matures. In this talk, we’ll share an overview of runtime security, discuss approaches used by open source and commercial tools, and hear how users are getting started quickly without impacting developer productivity.

Don't Panic! Effective Incident Response

In any fast-paced engineering environment, unexpected incidents can arise and escalate without warning. Without strong leadership within teams, you get chaotic, stressful, and tiring situations that waste valuable engineering time, slow down resolution, and most importantly, impact your customers. Operationally mature organisations use proven incident response systems led by Incident Commanders. Incident Commanders provide the leadership needed to help stabilize major incidents fast. In this webinar, we’ll take lessons learned from formalized incident response, such as those used by first responders, and show you how to apply those same practices to your organization. By utilising these methods you’ll improve both the speed and effectiveness of your team’s response, reducing the amount of downtime experienced. In this workshop, attendees will: Be introduced to the Incident Command System and learn how it can be adapted to their organisation Walk through the basics of incident response best practices Discuss examples of formal incident response from multiple organisations

Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture

Chaos engineering is becoming a critical part of the DevOps toolchain when adopting Site Reliability Engineering (SRE) practices. Every system is becoming a distributed system and chaos engineering proclaims many advantages for them. It improves infrastructure automation, increases reliability and transforms incident management. However, an often-overlooked benefit of chaos engineering and SRE involves culture transformation. Culture is often touched upon when talking about chaos engineering and SRE but not as often as skills and process. In this webinar, we will discuss how you can build out a chaos engineering practice and how you can adopt a true blameless culture and maximize the potential of your team. You will learn how to: Hold blameless postmortems Share post mortems with other teams Run regular fire drills and game days Automate chaos experiments for continuous validation

Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport

Enterprises are best served by leveraging an RBAC system to manage access to their SSH and Kubernetes resources. With Teleport, an open source software, employers are able to provide granular access controls to developers based on the access they need and when they need it. This makes it possible for employers to maintain secure access without getting in the way of their developers’ daily operations. Join Steven Martin, solution engineer at Teleport, as he demonstrates how to assign access to developers and SRE’s across environments with Teleport through roles mapped from enterprises’ identity providers or SSOs.

Monitoring Serverless Applications with Datadog

Deliver your App Anywhere … Publicly or Privately

Developers are increasingly adopting a microservices approach for their apps in order to gain rapid iteration capabilities required for delivering new services faster. However, delivering the App still requires multiple steps such as allocation of virtual IPs, provisioning the front load balancer, configuring firewall rules, configuring a public domain, and DDOS. At present, each of these steps requires coordination across multiple teams with multiple iterations per team. The time efficiencies gained by adopting microservices and cloud-native technologies is negated due to the time taken to deliver the App. In this session, Pranav Dharwadkar, VP of products at Volterra, and Jakub Pavlik, director of engineering, will help you understand these challenges and introduce a distributed proxy architecture that can alleviate the challenges across different cloud environments. This webinar will include a live demo using a distributed proxy architecture to advertise an App publicly and privately. In this webinar, you will learn: The steps required to deliver an App using the current approaches How a distributed proxy architecture can be used to deliver the app publicly and privately The operational benefits of a distributed proxy architecture for delivering new services

Securing medical apps in the age of covid final

The COVID-19 pandemic has drastically altered the connected healthcare landscape, accelerating the usage of telemedicine and other remote healthcare delivery systems by as much as 11,000% for some populations. How has this unprecedented push affected healthcare and medical device application security? The security team at Intertrust recently analyzed 100 Android and iOS medical apps to find out. In this webinar, we'll discuss: Medical application and device threat trends The top mHealth security vulnerabilities uncovered in our analysis Strategies to keep your mHealth apps safe Future advances in digital healthcare and how your security can evolve with it

How to Build a Healthy On-Call Culture

Raise your hand if you enjoy being buried in alerts or woken up at 2 a.m. — yeah … thought so. Ever-rising customer expectations around high availability and performance put massive pressure on the teams who develop and support SaaS products. And teams are literally losing sleep over it. Until outages and other incidents are a thing of the past, organizations need to invest in a way of dealing with them that won’t lead to burn-out. In this session, you’ll learn how to combine the latest tooling with DevOps practices in the pursuit of a sustainable incident response workflow. It’s all about transparency, actionable alerts, resilience and learning from each incident.

The Evolving Role of the Developer in 2021

The role of the developer continues to change as they sit on the front line of application and even cloud infrastructure security. Today, developers are focused on innovating fast and improving security, but how do high-performing teams accomplish this? They commit code frequently, release often and update dependencies regularly (608x faster than others). In this webinar, we'll discuss the key traits of high-performing teams and how that impacts the role of the developer. Key Takeaways: Choose the best third party dependencies Determine the lowest effort upgrades between open source versions Solve for issues in both direct and transitive dependencies with a single-click Block and quarantine suspicious open source components

Service Mesh: Two Big Words But Do You Need It?

Today, one of the big concepts buzzing in the app development world is service mesh. A service mesh is a configurable infrastructure layer for microservices application that makes communication flexible, reliable and fast. Let’s take a step back, though, and answer this question: Do you need a service mesh? Join this webinar to learn: What a service mesh is; when and why you need it — or when and why you may not App modernization journey and traffic management approaches for microservices-based apps How to make an informed decision based on cost and complexity before adopting service mesh Learn about NGINX Service Mesh in a live demo, and how it provides the best service mesh option for container-based L7 traffic management

Secure Data Sharing in OpenShift Environments

Red Hat OpenShift is enabling quicker adoption of DevOps practices. Containers are an essential component of DevOps and the OpenShift Kubernetes Container Platform is integral for orchestration within these environments. Data security is now challenged to keep pace with the size and scope of container usage. The migration from legacy in-house deployments to hybrid-cloud installations has created new attack surfaces as data is shared more freely in Kubernetes deployments. Protecting data at rest and in motions is a necessity. Learn how you can keep data protected and securely share data in OpenShift environments with real-time data protection solutions.

How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...

Managing access permissions in the public cloud can be a very complex process. In fact, by 2023, 75% of cloud security failures will result from the inadequate management of identities, access and privileges, according to Gartner. Join us as Guy Flechter, CISO of AppsFlyer, presents a real-world case of how his company works to enforce least-privilege and to govern identities in their cloud. This webinar will also provide an overview of how to govern access and achieve least privilege by analyzing the access permissions and activity in your public cloud environment. With thousands of human and machine identities, roles, policies and entitlements, this webinar will give you the tools to examine the access open to people and services in your public cloud, and determine whether that access is necessary. In this workshop, you will learn about: The risks of IAM misconfiguration and excessive entitlements in cloud environments The challenges in identifying and mitigating Identity and access risks for both human and machine identities How to automate cloud identity governance and entitlement management with Ermetic

Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...

Open-source machine learning can be transformative, but without the proper tools in place, enterprises struggle to balance the IT security and governance requirements with the need to deliver these powerpoint tools into the hands of their developers and modelers. How can organizations get the latest technology from the open-source brain trust, while ensuring enterprise-grade management and security? In this webinar, we will discuss how Anaconda Team Edition, available on RedHat Marketplace, enables IT departments to mirror a curated set of packages into their organization in a safe and governed way. Join Michael Grant, VP of services at Anaconda, to discuss: How IT organizations are using Anaconda Team Edition to curate, govern and secure Python and R packages Tips for how development and data science teams can get the most out of Team Edition, from uploading your own packages to building custom channels for groups or projects How to distribute conda environments to desktops, servers and clusters: GUI-based installers for desktop users “Conda packs” for automated delivery to remote servers and distributed computing clusters Conda-enabled Docker containers for application deployment

More from DevOps.com (20)

Modernizing on IBM Z Made Easier With Open Source Software

Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...

Next Generation Vulnerability Assessment Using Datadog and Snyk

Vulnerability Discovery in the Cloud

2021 Open Source Governance: Top Ten Trends and Predictions

A New Year’s Ransomware Resolution

Getting Started with Runtime Security on Azure Kubernetes Service (AKS)

Don't Panic! Effective Incident Response

Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture

Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport

Monitoring Serverless Applications with Datadog

Deliver your App Anywhere … Publicly or Privately

Securing medical apps in the age of covid final

How to Build a Healthy On-Call Culture

The Evolving Role of the Developer in 2021

Service Mesh: Two Big Words But Do You Need It?

Secure Data Sharing in OpenShift Environments

How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...

Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...

Recently uploaded

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

JMeter webinar - integration with InfluxDB and Grafana

RTTS

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

Key Trends Shaping the Future of Infrastructure.pdf

Cheryl Hung

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf