SlideShare a Scribd company logo

Microservices docker-security

Download as PPTX, PDF
SecludIT
SecludIT

From virtual to cloud to microservices – 10 tips from a security perspective

Technology
1 of 14
From virtual to cloud to microservices – 10 tips from a security perspective Sergio Loureiro, PhD CEO, Founder at SecludIT sergio@secludit.com https://secludit.com
New technology equals New security risks • Security is an after thought: Embrace change and get over it! • Virtual and Cloud are mastered, right? • Virtualization issues vs isolation: Example VENOM • Cloud Security Alliance Nefarious 12 2
New use case: Shared responsibility 3
Case Study: AWS virtual machines security • 22% of AMIs had private keys • 98% of Windows had known vulnerabilities • 2 VMs compromised in less of 1 hour • NEW: data not erased securely 4
The new kid on the block: Microservices • Applications are composed of small, independent components • Drop-in and highly decoupled blocks • Components communicate with each other using APIs • Drop-in Services are easy to replace • Developer-friendly • Nothing new -> A.K.A. SOA (Service Oriented Architecture) • Recently gained popularity thanks to REST APIs 5
Why Docker? • Simplifies packaging and deployment • Guarantees portability, flexibility, isolation (?) • Minimal requirements • Ideal for building microservice-based architectures 6
Containers to scale in the Cloud – Automation! 7
What about Container Security? • Are containers really isolated? • Are images safe? • How can we know if a container is vulnerable? • How can we assess the security of our microservice ecosystem? 8
Top 10 tips: back to the basics in 3 steps (1/3) • UNDERSTAND and PLAN 1. Audit Regularly your infrastructure, test like you test your code 2. Keep it simple… (KISS) -> containers are a good step to simplify 3. Understand and test attack surface of each technology 9
Top 10 tips: back to the basics in 3 steps (2/3) TEST and CORRECT: Operations 4. Run trusted (=tested) containers 5. Automate everything to avoid manual errors and cost reduction, use APIs, no agents 6. Perform often vulnerability assessment 7. Use tools that cope with bare metal, virtual, cloud and containers (legacy in not going to disappear) 8. Patch and Remediate rapidly or replace containers with updated versions 10
Top 10 tips: back to the basics in 3 steps (3/3) REPORT and SHOW 9. Monitor KPIs and risk, not logs and vulnerabilities -> actionable data 10. Keep C-level informed, your budget depends on that for the next new technology 11
NEW: Elastic Vulnerability Assessment for Containers • Portability of containers to improve Vulnerability Assessment 12 CLONE
Further Reading • CIS Docker Benchmark • https://docs.docker.com/engine/security/security/ • Tools: Seccomp and AppArmor • Docker Capabilities • https://opensource.com/business/14/7/docker-security-selinux • https://elastic-security.com/2016/04/11/docker-best-security-practices/ 13
THANK YOU! sergio@secludit.com http://secludit.com @SecludIT

Recommended

Deploy Secure Cloud-Native Apps Fast
Deploy Secure Cloud-Native Apps Fast Deploy Secure Cloud-Native Apps Fast
Deploy Secure Cloud-Native Apps Fast Codefresh
 
Security at the Speed of Software - Twistlock
Security at the Speed of Software - TwistlockSecurity at the Speed of Software - Twistlock
Security at the Speed of Software - TwistlockAmazon Web Services
 
Introducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesIntroducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesCodefresh
 
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...Elasticsearch
 
Palestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic SecurityPalestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic SecurityElasticsearch
 
Securing an NGINX deployment for K8s
Securing an NGINX deployment for K8sSecuring an NGINX deployment for K8s
Securing an NGINX deployment for K8sDevOps Indonesia
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
 
Leveraging Osquery for DFIR @ Scale _BSidesSF_2020
Leveraging Osquery for DFIR @ Scale _BSidesSF_2020Leveraging Osquery for DFIR @ Scale _BSidesSF_2020
Leveraging Osquery for DFIR @ Scale _BSidesSF_2020Sohini Mukherjee
 

Recommended

Deploy Secure Cloud-Native Apps Fast
Deploy Secure Cloud-Native Apps Fast Deploy Secure Cloud-Native Apps Fast
Deploy Secure Cloud-Native Apps Fast Codefresh
 
Security at the Speed of Software - Twistlock
Security at the Speed of Software - TwistlockSecurity at the Speed of Software - Twistlock
Security at the Speed of Software - TwistlockAmazon Web Services
 
Introducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesIntroducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesCodefresh
 
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...
Opérez vos processus avec l'alerting, les tableaux de bord personnalisés et l...Elasticsearch
 
Palestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic SecurityPalestra de abertura: Evolução e visão do Elastic Security
Palestra de abertura: Evolução e visão do Elastic SecurityElasticsearch
 
Securing an NGINX deployment for K8s
Securing an NGINX deployment for K8sSecuring an NGINX deployment for K8s
Securing an NGINX deployment for K8sDevOps Indonesia
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
 
Leveraging Osquery for DFIR @ Scale _BSidesSF_2020
Leveraging Osquery for DFIR @ Scale _BSidesSF_2020Leveraging Osquery for DFIR @ Scale _BSidesSF_2020
Leveraging Osquery for DFIR @ Scale _BSidesSF_2020Sohini Mukherjee
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...Cloud Native Day Tel Aviv
 
RSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics OverviewRSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics OverviewSkybox Security
 
Patterns for Secure Containerized Applications (Docker)
Patterns for Secure Containerized Applications (Docker)Patterns for Secure Containerized Applications (Docker)
Patterns for Secure Containerized Applications (Docker)Erica Windisch
 
Automate threat detections and avoid false positives
Automate threat detections and avoid false positivesAutomate threat detections and avoid false positives
Automate threat detections and avoid false positivesElasticsearch
 
Lacework for AWS Security Overview
Lacework for AWS Security OverviewLacework for AWS Security Overview
Lacework for AWS Security OverviewLacework
 
Lacework slides from AWS Meetups
Lacework slides from AWS MeetupsLacework slides from AWS Meetups
Lacework slides from AWS MeetupsJohn Varghese
 
Security for AWS: Journey to Least Privilege
Security for AWS: Journey to Least PrivilegeSecurity for AWS: Journey to Least Privilege
Security for AWS: Journey to Least PrivilegeLacework
 
Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security? Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security? Skybox Security
 
Outpost24 webinar : how to secure your data in the cloud - 06-2018
Outpost24 webinar : how to secure your data in the cloud - 06-2018Outpost24 webinar : how to secure your data in the cloud - 06-2018
Outpost24 webinar : how to secure your data in the cloud - 06-2018Outpost24
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElasticsearch
 
Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015Robert Berlin
 
Orchestrated - multi tenant architecture at scale with serverless
Orchestrated - multi tenant architecture at scale with serverlessOrchestrated - multi tenant architecture at scale with serverless
Orchestrated - multi tenant architecture at scale with serverlessmartinfoster
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsOPNFV
 
Outpost24 webinar - How to secure cloud services in the DevOps fast lane
Outpost24 webinar - How to secure cloud services in the DevOps fast laneOutpost24 webinar - How to secure cloud services in the DevOps fast lane
Outpost24 webinar - How to secure cloud services in the DevOps fast laneOutpost24
 
Risk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewRisk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewSkybox Security
 
Dev week cloud world conf2021
Dev week cloud world conf2021Dev week cloud world conf2021
Dev week cloud world conf2021Archana Joshi
 
Practical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security InstrumentationPractical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security InstrumentationVMware Tanzu
 
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...Skybox Security
 
Equifax cyber attack contained by containers
Equifax cyber attack contained by containersEquifax cyber attack contained by containers
Equifax cyber attack contained by containersAqua Security
 
Elisenia pimentel taller 1
Elisenia pimentel taller 1Elisenia pimentel taller 1
Elisenia pimentel taller 1elisenia pimentel
 
linkedinresume
linkedinresumelinkedinresume
linkedinresumeChelsea Glosser
 

More Related Content

What's hot

Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...Cloud Native Day Tel Aviv
 
RSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics OverviewRSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics OverviewSkybox Security
 
Patterns for Secure Containerized Applications (Docker)
Patterns for Secure Containerized Applications (Docker)Patterns for Secure Containerized Applications (Docker)
Patterns for Secure Containerized Applications (Docker)Erica Windisch
 
Automate threat detections and avoid false positives
Automate threat detections and avoid false positivesAutomate threat detections and avoid false positives
Automate threat detections and avoid false positivesElasticsearch
 
Lacework for AWS Security Overview
Lacework for AWS Security OverviewLacework for AWS Security Overview
Lacework for AWS Security OverviewLacework
 
Lacework slides from AWS Meetups
Lacework slides from AWS MeetupsLacework slides from AWS Meetups
Lacework slides from AWS MeetupsJohn Varghese
 
Security for AWS: Journey to Least Privilege
Security for AWS: Journey to Least PrivilegeSecurity for AWS: Journey to Least Privilege
Security for AWS: Journey to Least PrivilegeLacework
 
Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security? Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security? Skybox Security
 
Outpost24 webinar : how to secure your data in the cloud - 06-2018
Outpost24 webinar : how to secure your data in the cloud - 06-2018Outpost24 webinar : how to secure your data in the cloud - 06-2018
Outpost24 webinar : how to secure your data in the cloud - 06-2018Outpost24
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElasticsearch
 
Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015Robert Berlin
 
Orchestrated - multi tenant architecture at scale with serverless
Orchestrated - multi tenant architecture at scale with serverlessOrchestrated - multi tenant architecture at scale with serverless
Orchestrated - multi tenant architecture at scale with serverlessmartinfoster
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsOPNFV
 
Outpost24 webinar - How to secure cloud services in the DevOps fast lane
Outpost24 webinar - How to secure cloud services in the DevOps fast laneOutpost24 webinar - How to secure cloud services in the DevOps fast lane
Outpost24 webinar - How to secure cloud services in the DevOps fast laneOutpost24
 
Risk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewRisk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewSkybox Security
 
Dev week cloud world conf2021
Dev week cloud world conf2021Dev week cloud world conf2021
Dev week cloud world conf2021Archana Joshi
 
Practical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security InstrumentationPractical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security InstrumentationVMware Tanzu
 
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...Skybox Security
 
Equifax cyber attack contained by containers
Equifax cyber attack contained by containersEquifax cyber attack contained by containers
Equifax cyber attack contained by containersAqua Security
 

What's hot (20)

Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
 
RSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics OverviewRSA 2014: Skybox Security Risk Analytics Overview
RSA 2014: Skybox Security Risk Analytics Overview
 
Patterns for Secure Containerized Applications (Docker)
Patterns for Secure Containerized Applications (Docker)Patterns for Secure Containerized Applications (Docker)
Patterns for Secure Containerized Applications (Docker)
 
Automate threat detections and avoid false positives
Automate threat detections and avoid false positivesAutomate threat detections and avoid false positives
Automate threat detections and avoid false positives
 
Lacework for AWS Security Overview
Lacework for AWS Security OverviewLacework for AWS Security Overview
Lacework for AWS Security Overview
 
Lacework slides from AWS Meetups
Lacework slides from AWS MeetupsLacework slides from AWS Meetups
Lacework slides from AWS Meetups
 
Security for AWS: Journey to Least Privilege
Security for AWS: Journey to Least PrivilegeSecurity for AWS: Journey to Least Privilege
Security for AWS: Journey to Least Privilege
 
Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security? Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security?
 
Outpost24 webinar : how to secure your data in the cloud - 06-2018
Outpost24 webinar : how to secure your data in the cloud - 06-2018Outpost24 webinar : how to secure your data in the cloud - 06-2018
Outpost24 webinar : how to secure your data in the cloud - 06-2018
 
Elastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic StackElastic Security: Enterprise Protection Built on the Elastic Stack
Elastic Security: Enterprise Protection Built on the Elastic Stack
 
Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015Soha Systems DevOps Summit New York June 2015
Soha Systems DevOps Summit New York June 2015
 
Orchestrated - multi tenant architecture at scale with serverless
Orchestrated - multi tenant architecture at scale with serverlessOrchestrated - multi tenant architecture at scale with serverless
Orchestrated - multi tenant architecture at scale with serverless
 
Inherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV DeploymentsInherent Security Design Patterns for SDN/NFV Deployments
Inherent Security Design Patterns for SDN/NFV Deployments
 
Outpost24 webinar - How to secure cloud services in the DevOps fast lane
Outpost24 webinar - How to secure cloud services in the DevOps fast laneOutpost24 webinar - How to secure cloud services in the DevOps fast lane
Outpost24 webinar - How to secure cloud services in the DevOps fast lane
 
Risk Analytics: One Intelligent View
Risk Analytics: One Intelligent ViewRisk Analytics: One Intelligent View
Risk Analytics: One Intelligent View
 
Dev week cloud world conf2021
Dev week cloud world conf2021Dev week cloud world conf2021
Dev week cloud world conf2021
 
Practical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security InstrumentationPractical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security Instrumentation
 
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
Black Hat 2014: Don’t be a Target: Everything You Know About Vulnerability Pr...
 
Equifax cyber attack contained by containers
Equifax cyber attack contained by containersEquifax cyber attack contained by containers
Equifax cyber attack contained by containers
 

Viewers also liked

Overcoming Impostor Syndrome in an Agile Environment by Ann Wangari Mwangi
Overcoming Impostor Syndrome in an Agile Environment by Ann Wangari MwangiOvercoming Impostor Syndrome in an Agile Environment by Ann Wangari Mwangi
Overcoming Impostor Syndrome in an Agile Environment by Ann Wangari MwangiThoughtworks
 
Bloc opératoire de l'hueh, 6 conseils pour l'améliorer
Bloc opératoire de l'hueh, 6 conseils pour l'améliorerBloc opératoire de l'hueh, 6 conseils pour l'améliorer
Bloc opératoire de l'hueh, 6 conseils pour l'améliorerJhon Evenst Douyon
 
Sales director resume page2
Sales director resume page2Sales director resume page2
Sales director resume page2Mai Anh Hoang
 
instruments of levelling
instruments of levellinginstruments of levelling
instruments of levellingNIKUL PITHVA
 
Insuffler une dynamique positive pour redonner du “sens” au travail et (re)mo...
Insuffler une dynamique positive pour redonner du “sens” au travail et (re)mo...Insuffler une dynamique positive pour redonner du “sens” au travail et (re)mo...
Insuffler une dynamique positive pour redonner du “sens” au travail et (re)mo...Prof. Zwi Segal
 
Docker en production et la sécurité … _
Docker en production et la sécurité … _Docker en production et la sécurité … _
Docker en production et la sécurité … _Jean-Marc Meessen
 
відпочинок дітей у пришкільному таборі з денним перебуванням
відпочинок дітей у пришкільному таборі з денним перебуваннямвідпочинок дітей у пришкільному таборі з денним перебуванням
відпочинок дітей у пришкільному таборі з денним перебуваннямjuliaplusch
 
Mark VI ST Control Product Overview GEH 6127
Mark VI ST Control Product Overview GEH 6127Mark VI ST Control Product Overview GEH 6127
Mark VI ST Control Product Overview GEH 6127Mircea Tomescu
 
New ICT Trends in CES 2016
New ICT Trends in CES 2016New ICT Trends in CES 2016
New ICT Trends in CES 2016Jonathan Jeon
 
The truth about blockchain ห่วงโซ่การบันทึกทางธุรกรรม
The truth about blockchain ห่วงโซ่การบันทึกทางธุรกรรมThe truth about blockchain ห่วงโซ่การบันทึกทางธุรกรรม
The truth about blockchain ห่วงโซ่การบันทึกทางธุรกรรมmaruay songtanin
 
2016 criteria category and item commentary คำอธิบายเกณฑ์รายหัวข้อ
2016 criteria category and item commentary คำอธิบายเกณฑ์รายหัวข้อ2016 criteria category and item commentary คำอธิบายเกณฑ์รายหัวข้อ
2016 criteria category and item commentary คำอธิบายเกณฑ์รายหัวข้อmaruay songtanin
 

Viewers also liked (14)

Elisenia pimentel taller 1
Elisenia pimentel taller 1Elisenia pimentel taller 1
Elisenia pimentel taller 1
 
linkedinresume
linkedinresumelinkedinresume
linkedinresume
 
Overcoming Impostor Syndrome in an Agile Environment by Ann Wangari Mwangi
Overcoming Impostor Syndrome in an Agile Environment by Ann Wangari MwangiOvercoming Impostor Syndrome in an Agile Environment by Ann Wangari Mwangi
Overcoming Impostor Syndrome in an Agile Environment by Ann Wangari Mwangi
 
Bloc opératoire de l'hueh, 6 conseils pour l'améliorer
Bloc opératoire de l'hueh, 6 conseils pour l'améliorerBloc opératoire de l'hueh, 6 conseils pour l'améliorer
Bloc opératoire de l'hueh, 6 conseils pour l'améliorer
 
Sales director resume page2
Sales director resume page2Sales director resume page2
Sales director resume page2
 
instruments of levelling
instruments of levellinginstruments of levelling
instruments of levelling
 
Insuffler une dynamique positive pour redonner du “sens” au travail et (re)mo...
Insuffler une dynamique positive pour redonner du “sens” au travail et (re)mo...Insuffler une dynamique positive pour redonner du “sens” au travail et (re)mo...
Insuffler une dynamique positive pour redonner du “sens” au travail et (re)mo...
 
Docker en production et la sécurité … _
Docker en production et la sécurité … _Docker en production et la sécurité … _
Docker en production et la sécurité … _
 
відпочинок дітей у пришкільному таборі з денним перебуванням
відпочинок дітей у пришкільному таборі з денним перебуваннямвідпочинок дітей у пришкільному таборі з денним перебуванням
відпочинок дітей у пришкільному таборі з денним перебуванням
 
Mark VI ST Control Product Overview GEH 6127
Mark VI ST Control Product Overview GEH 6127Mark VI ST Control Product Overview GEH 6127
Mark VI ST Control Product Overview GEH 6127
 
New ICT Trends in CES 2016
New ICT Trends in CES 2016New ICT Trends in CES 2016
New ICT Trends in CES 2016
 
IBODE et Chirurgie Biliaire - Rappels anatomiques et Indications
IBODE et Chirurgie Biliaire - Rappels anatomiques et IndicationsIBODE et Chirurgie Biliaire - Rappels anatomiques et Indications
IBODE et Chirurgie Biliaire - Rappels anatomiques et Indications
 
The truth about blockchain ห่วงโซ่การบันทึกทางธุรกรรม
The truth about blockchain ห่วงโซ่การบันทึกทางธุรกรรมThe truth about blockchain ห่วงโซ่การบันทึกทางธุรกรรม
The truth about blockchain ห่วงโซ่การบันทึกทางธุรกรรม
 
2016 criteria category and item commentary คำอธิบายเกณฑ์รายหัวข้อ
2016 criteria category and item commentary คำอธิบายเกณฑ์รายหัวข้อ2016 criteria category and item commentary คำอธิบายเกณฑ์รายหัวข้อ
2016 criteria category and item commentary คำอธิบายเกณฑ์รายหัวข้อ
 

Similar to Microservices docker-security

AWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSAWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSEric Smalling
 
Micro Front-End & Microservices - Plansoft
Micro Front-End & Microservices - PlansoftMicro Front-End & Microservices - Plansoft
Micro Front-End & Microservices - PlansoftMiki Lombardi
 
The New Security Practitioner
The New Security PractitionerThe New Security Practitioner
The New Security PractitionerAdrian Sanabria
 
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSAWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSEric Smalling
 
Cloud Native Summit 2019 Summary
Cloud Native Summit 2019 SummaryCloud Native Summit 2019 Summary
Cloud Native Summit 2019 SummaryEverett Toews
 
Introduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenIntroduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenTrang Nguyen
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudAlert Logic
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudAlert Logic
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summaryKarun Chennuri
 
The 6 Critical Cloud-Native Computing Components
The 6 Critical Cloud-Native Computing ComponentsThe 6 Critical Cloud-Native Computing Components
The 6 Critical Cloud-Native Computing ComponentsGavin Dawson
 
Think Small To Go Big - Introduction To Microservices
Think Small To Go Big - Introduction To MicroservicesThink Small To Go Big - Introduction To Microservices
Think Small To Go Big - Introduction To MicroservicesRyan Baxter
 
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...Codit
 
How Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITHow Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITPeter HJ van Eijk
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementAddressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementEnterprise Management Associates
 
Docker?!?! But I'm a SysAdmin
Docker?!?! But I'm a SysAdminDocker?!?! But I'm a SysAdmin
Docker?!?! But I'm a SysAdminDocker, Inc.
 
A Guide on What Are Microservices: Pros, Cons, Use Cases, and More
A Guide on What Are Microservices: Pros, Cons, Use Cases, and MoreA Guide on What Are Microservices: Pros, Cons, Use Cases, and More
A Guide on What Are Microservices: Pros, Cons, Use Cases, and MoreSimform
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Sqreen
 
Why and how are containers the foundation for a hybrid cloud future
Why and how are containers the foundation for a hybrid cloud futureWhy and how are containers the foundation for a hybrid cloud future
Why and how are containers the foundation for a hybrid cloud futureStefan van Oirschot
 
App specific app architecture
App specific app architectureApp specific app architecture
App specific app architecturePetr Zvoníček
 

Similar to Microservices docker-security (20)

AWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSAWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWS
 
Micro Front-End & Microservices - Plansoft
Micro Front-End & Microservices - PlansoftMicro Front-End & Microservices - Plansoft
Micro Front-End & Microservices - Plansoft
 
The New Security Practitioner
The New Security PractitionerThe New Security Practitioner
The New Security Practitioner
 
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSAWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWS
 
Cloud Native Summit 2019 Summary
Cloud Native Summit 2019 SummaryCloud Native Summit 2019 Summary
Cloud Native Summit 2019 Summary
 
Introduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenIntroduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang Nguyen
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the Cloud
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the Cloud
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summary
 
The 6 Critical Cloud-Native Computing Components
The 6 Critical Cloud-Native Computing ComponentsThe 6 Critical Cloud-Native Computing Components
The 6 Critical Cloud-Native Computing Components
 
Think Small To Go Big - Introduction To Microservices
Think Small To Go Big - Introduction To MicroservicesThink Small To Go Big - Introduction To Microservices
Think Small To Go Big - Introduction To Microservices
 
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
 
Wavefront-by-VMware-April-2019
Wavefront-by-VMware-April-2019Wavefront-by-VMware-April-2019
Wavefront-by-VMware-April-2019
 
How Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run ITHow Cloud Computing will change how you and your team will run IT
How Cloud Computing will change how you and your team will run IT
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementAddressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
 
Docker?!?! But I'm a SysAdmin
Docker?!?! But I'm a SysAdminDocker?!?! But I'm a SysAdmin
Docker?!?! But I'm a SysAdmin
 
A Guide on What Are Microservices: Pros, Cons, Use Cases, and More
A Guide on What Are Microservices: Pros, Cons, Use Cases, and MoreA Guide on What Are Microservices: Pros, Cons, Use Cases, and More
A Guide on What Are Microservices: Pros, Cons, Use Cases, and More
 
Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?Serverless security - how to protect what you don't see?
Serverless security - how to protect what you don't see?
 
Why and how are containers the foundation for a hybrid cloud future
Why and how are containers the foundation for a hybrid cloud futureWhy and how are containers the foundation for a hybrid cloud future
Why and how are containers the foundation for a hybrid cloud future
 
App specific app architecture
App specific app architectureApp specific app architecture
App specific app architecture
 

More from SecludIT

Scanner de vulnérabilités : recommandés / obligatoires on vous dit tout !
Scanner de vulnérabilités : recommandés / obligatoires on vous dit tout !Scanner de vulnérabilités : recommandés / obligatoires on vous dit tout !
Scanner de vulnérabilités : recommandés / obligatoires on vous dit tout !SecludIT
 
Elastic Detector vu par un Ethical Hacker
Elastic Detector vu par un Ethical HackerElastic Detector vu par un Ethical Hacker
Elastic Detector vu par un Ethical HackerSecludIT
 
Sophia conf securite microservices - 2017
Sophia conf securite microservices - 2017Sophia conf securite microservices - 2017
Sophia conf securite microservices - 2017SecludIT
 
Top 10 des meilleures pratiques de sécurité AWS - 2017-06-08
Top 10 des meilleures pratiques de sécurité AWS - 2017-06-08Top 10 des meilleures pratiques de sécurité AWS - 2017-06-08
Top 10 des meilleures pratiques de sécurité AWS - 2017-06-08SecludIT
 
Securite docker generique 2017-03-16
Securite docker generique 2017-03-16Securite docker generique 2017-03-16
Securite docker generique 2017-03-16SecludIT
 
Cloud workload protection for obs by seclud it
Cloud workload protection for obs by seclud itCloud workload protection for obs by seclud it
Cloud workload protection for obs by seclud itSecludIT
 
Innovations dans la cybersecurite
Innovations dans la cybersecuriteInnovations dans la cybersecurite
Innovations dans la cybersecuriteSecludIT
 
Deployer son propre SOC !
Deployer son propre SOC ! Deployer son propre SOC !
Deployer son propre SOC ! SecludIT
 
La seule solution de surveillance continue et adaptative : Elastic Detector
La seule solution de surveillance continue et adaptative : Elastic DetectorLa seule solution de surveillance continue et adaptative : Elastic Detector
La seule solution de surveillance continue et adaptative : Elastic DetectorSecludIT
 
The real cost of ignoring network security.
The real cost of ignoring network security.The real cost of ignoring network security.
The real cost of ignoring network security.SecludIT
 

More from SecludIT (10)

Scanner de vulnérabilités : recommandés / obligatoires on vous dit tout !
Scanner de vulnérabilités : recommandés / obligatoires on vous dit tout !Scanner de vulnérabilités : recommandés / obligatoires on vous dit tout !
Scanner de vulnérabilités : recommandés / obligatoires on vous dit tout !
 
Elastic Detector vu par un Ethical Hacker
Elastic Detector vu par un Ethical HackerElastic Detector vu par un Ethical Hacker
Elastic Detector vu par un Ethical Hacker
 
Sophia conf securite microservices - 2017
Sophia conf securite microservices - 2017Sophia conf securite microservices - 2017
Sophia conf securite microservices - 2017
 
Top 10 des meilleures pratiques de sécurité AWS - 2017-06-08
Top 10 des meilleures pratiques de sécurité AWS - 2017-06-08Top 10 des meilleures pratiques de sécurité AWS - 2017-06-08
Top 10 des meilleures pratiques de sécurité AWS - 2017-06-08
 
Securite docker generique 2017-03-16
Securite docker generique 2017-03-16Securite docker generique 2017-03-16
Securite docker generique 2017-03-16
 
Cloud workload protection for obs by seclud it
Cloud workload protection for obs by seclud itCloud workload protection for obs by seclud it
Cloud workload protection for obs by seclud it
 
Innovations dans la cybersecurite
Innovations dans la cybersecuriteInnovations dans la cybersecurite
Innovations dans la cybersecurite
 
Deployer son propre SOC !
Deployer son propre SOC ! Deployer son propre SOC !
Deployer son propre SOC !
 
La seule solution de surveillance continue et adaptative : Elastic Detector
La seule solution de surveillance continue et adaptative : Elastic DetectorLa seule solution de surveillance continue et adaptative : Elastic Detector
La seule solution de surveillance continue et adaptative : Elastic Detector
 
The real cost of ignoring network security.
The real cost of ignoring network security.The real cost of ignoring network security.
The real cost of ignoring network security.
 

Recently uploaded

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 

Recently uploaded (20)

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 

Microservices docker-security

  • 1. From virtual to cloud to microservices – 10 tips from a security perspective Sergio Loureiro, PhD CEO, Founder at SecludIT sergio@secludit.com https://secludit.com
  • 2. New technology equals New security risks • Security is an after thought: Embrace change and get over it! • Virtual and Cloud are mastered, right? • Virtualization issues vs isolation: Example VENOM • Cloud Security Alliance Nefarious 12 2
  • 3. New use case: Shared responsibility 3
  • 4. Case Study: AWS virtual machines security • 22% of AMIs had private keys • 98% of Windows had known vulnerabilities • 2 VMs compromised in less of 1 hour • NEW: data not erased securely 4
  • 5. The new kid on the block: Microservices • Applications are composed of small, independent components • Drop-in and highly decoupled blocks • Components communicate with each other using APIs • Drop-in Services are easy to replace • Developer-friendly • Nothing new -> A.K.A. SOA (Service Oriented Architecture) • Recently gained popularity thanks to REST APIs 5
  • 6. Why Docker? • Simplifies packaging and deployment • Guarantees portability, flexibility, isolation (?) • Minimal requirements • Ideal for building microservice-based architectures 6
  • 7. Containers to scale in the Cloud – Automation! 7
  • 8. What about Container Security? • Are containers really isolated? • Are images safe? • How can we know if a container is vulnerable? • How can we assess the security of our microservice ecosystem? 8
  • 9. Top 10 tips: back to the basics in 3 steps (1/3) • UNDERSTAND and PLAN 1. Audit Regularly your infrastructure, test like you test your code 2. Keep it simple… (KISS) -> containers are a good step to simplify 3. Understand and test attack surface of each technology 9
  • 10. Top 10 tips: back to the basics in 3 steps (2/3) TEST and CORRECT: Operations 4. Run trusted (=tested) containers 5. Automate everything to avoid manual errors and cost reduction, use APIs, no agents 6. Perform often vulnerability assessment 7. Use tools that cope with bare metal, virtual, cloud and containers (legacy in not going to disappear) 8. Patch and Remediate rapidly or replace containers with updated versions 10
  • 11. Top 10 tips: back to the basics in 3 steps (3/3) REPORT and SHOW 9. Monitor KPIs and risk, not logs and vulnerabilities -> actionable data 10. Keep C-level informed, your budget depends on that for the next new technology 11
  • 12. NEW: Elastic Vulnerability Assessment for Containers • Portability of containers to improve Vulnerability Assessment 12 CLONE
  • 13. Further Reading • CIS Docker Benchmark • https://docs.docker.com/engine/security/security/ • Tools: Seccomp and AppArmor • Docker Capabilities • https://opensource.com/business/14/7/docker-security-selinux • https://elastic-security.com/2016/04/11/docker-best-security-practices/ 13