Downloaded 13 times
Uploaded byRobb Boyd
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Jeff Moncrief discusses how Stealthwatch Cloud provides visibility, threat identification, and network compliance for Kubernetes environments. Stealthwatch is deployed as a POD application on each node to create network telemetry of all POD to POD traffic and report it to Stealthwatch Cloud, giving complete visibility into traffic in the Kubernetes cluster. The solution deploys as a Pod and integrates with the node-level network layer to provide visibility, baselining, and anomaly detection into container and pod communications.
More Related Content
Similar to Protect Kubernetes Environments with Cisco Stealthwatch Cloud
Protect Kubernetes Environments with Cisco Stealthwatch Cloud
- 1. Jeff Moncrief Consulting SystemsEngineer February 13, 2019 Securing Kubernetes Environments Stealthwatch Cloud
- 2. Stealthwatch Cloud Visibility, ThreatIdentification, Network Compliance Native Cloud Logs Premises Network Logs Virtual Sensor NetFlow IPFIX Mirror/Span
- 3. What about Containers and Kubernetes ? Kubernetes automatesthe distribution and scheduling of application containers across a cluster in a more efficient way.
- 4. Enter… Stealthwatc h Cloud Stealthwatch isdeployed as a POD application on each node. Creates network telemetry (flows) of all POD to POD traffic on that Node and reports to Stealthwatch Cloud
- 5.
- 6. Complete Cluster TrafficVisibility
- 7. Stealthwatch Cloud integrateswith any Kubernetes containerized environment, whether in GKE, any public cloud or on-premise. The solution deploys as a Pod on a node and shims into the node-level network communication abstraction layer. This provides visibility, baselining and anomaly detection into container-container & pod-pod communications. Deep Visibility in Kubernetes Cluster Activity
- 8. Thank you forwatching.
Editor's Notes
- #3 Modern networks, especially those that rely on public cloud infrastructure, are by nature dynamic environments, with numerous devices, elastic infrastructure, and extensive automation. To keep up with these dynamic networks, a strong threat detection needs to consume a variety of data directly from the infrastructure and an automated, low-configuration, high-efficacy threat detection engine. Stealthwatch Cloud accomplishes the first part in a few ways. For public clouds that support it, such as Amazon Web Services, Stealthwatch Cloud consumes VPC Flow Logs and other native data sources. This enables easy deployment – in a matter of minutes – and complete, agentless coverage of your cloud attack surface. On the private network, Stealthwatch Cloud relies on NetFlow, mirrored traffic, and other sources of network telemetry. The information comes directly from the network infrastructure, allowing for complete coverage. This metadata is then encrypted and transmitted to the Stealthwatch Cloud. But data isn’t worth much on it’s own. You still need a strong, effective, and easy-to-use threat detection engine that can alert you to only security-relevant events. Stealthwatch Cloud accomplishes this with Dynamic Entity Modeling <click>
- #5 Visibility offers a solution to your problems: preventing data loss, complying with regulation and investigating security incidents. With Stealthwatch, get complete visibility into all of your public cloud activity. You can see every device on your network by accessing all IP-based traffic. This includes encrypted and sensitive data, as Stealthwatch Cloud reads the traffic, not the data. Gain instant visibility to every entity that touches your network. Additionally, when coupled with Private Network Monitoring or Stealthwatch Enterprise, Stealthwatch provides complete visibility of both the cloud and on-premises network. Understand security data through automatically organized device groups. Stealthwatch Cloud uses proprietary entity monitoring to determine what each entity is. This makes for easy querying and confirming of regular device and entity counts. Understand every type of entity in your network. Examples include domain-controller, printers, pcs, BYOD, etc. Lastly, know what happened in your network for later investigation. Maintain detailed records over time through continuous activity tracking and data retention. Have access to all your traffic from the first moment you activate Stealthwatch Cloud.