SACON - Devops-container (Richard Bussiere)
•
4 likes•2,324 views
SACON - Devops-container (Richard Bussiere)
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (10)
Similar to SACON - Devops-container (Richard Bussiere)
Similar to SACON - Devops-container (Richard Bussiere) (20)
More from Priyanka Aash
More from Priyanka Aash (20)
Recently uploaded
Recently uploaded (20)
SACON - Devops-container (Richard Bussiere)
- 2. SACON 2017 ü What’s the Security Risk Introduced through Containers? ü What can we do about it? ü Short Demo ü Conclusions Agenda
- 5. SACON 2017 Communicate Cyber Risk Continuous Visibility Cyber Exposure Metric Prioritize Exposure Live Discovery Measuring Cyber Exposure Leverages Vulnerability Management Accurately represent and communicate cyber risk to the business – in business terms Continuous Visibility into where an asset is secure, or exposed, and to what extent Apply Cyber Exposure data as a key risk metric for strategic decision support Add context to the exposure to prioritize and select the appropriate remediation technique Live Discovery of every modern asset across any computing environment
- 6. SACON 20176
- 9. SACON 2017 Asked two different CISOs of two different major Indian telcos “What’s your container strategy”? • Answer: ”What’s a container?” Singapore • Considering using DevOps in the near future… • Most not sure if this stuff is actually present in their environments DevOps & Security - Disconnected? Can security keep up with the pace?
- 10. SACON 201710 DevOps is driving changes in IT architecture Monolithic Microservices Built as a single, self-contained unit Components are interconnected and interdependent Built as a suite of modular services Components are loosely coupled and highly cohesive
- 11. SACON 201711 Application containers enable infrastructure modernization with microservices Each microservice is hosted in a container and connected via APIs Containers encapsulate a lightweight runtime environment for the application Microservices on containers provide: •Faster development and deployment velocity •Greater scalability to quickly create and destroy •Increased operational efficiency and responsiveness
- 13. SACON 2017 Application containers are exploding in adoption… 13 Sources: 1) Datadog, 2017 2) Docker, 2017 Docker Adoption1 8 Billion+ Docker Container Downloads2 500,000+ Dockerized apps in Docker Hub2
- 14. SACON 201714 Major Cyber Exposure gap Of organizations with containers in production1 18% Perform Image Scanning Risk Assessment Index2 Organization’s ability to assess cybersecurity risks Score: 52% Grade: F Score: 57% Grade: F Containerization Platforms DevOps Environments 15.9 40.5 Official Images Community Images Average number of vulnerabilities in Docker Hub3 Sources: 1) Anchore, “Snapshot of the Container Ecoystem,” 2017 2) Tenable, “2017 Global Cybersecurity Assurance Report Card,” 2017 3) Tenable, “Sourcing Container Images from Docker Hosts,” 2017
- 15. SACON 2017 Modern applications raise the stakes with risk 15 “Modern applications are largely assembled, not developed, and developers often download and use known vulnerable open- source components and frameworks.” -Gartner
- 16. SACON 201716 And organizations have taken notice “Even if Docker certifies an app as being safe and effective, I'm not risking $11 billion on Docker telling me it's safe. We need extra assurance and to prove it to ourselves.” – James Ford, Chief Strategic Architect, ADP
- 18. SACON 201718 Traditional security approaches do not work with containers 1 2 Inability to Use Traditional VM Techniques Inability to Remediate Vulnerabilities Short Lifespan 3
- 21. SACON 201721 What does this mean to Security and DevOps? Enterprise Security DevOps Ensure containers are part of a holistic Cyber Exposure program Reduce risk across a growing modern attack surface Identify and remediate vulnerabilities as early in the SDLC as possible Deliver quality, well-tested code at high velocity and scale Integrate security into the DevOps toolchain, without sacrificing speed Identify and remediate vulnerabilities as early in the SDLC as possible
- 22. SACON 2017 Perform rapid vulnerability and malware detection testing within the DevOps toolchain Out of the box integrations with CI/CD build systems • Jenkins, Bamboo, Shippable, Travis CI and more • Import across container images registries • Fully documented RESTful API for custom integrations 22 “Shift left” with security in the software development lifecycle RegistryTestBuild Source Control Build Container Unit Tests API Tests Security Tests Push to Registry
- 23. SACON 2017 Produce a detailed bill of materials covering all layers and components • Libraries / binaries • Configuration files • Dependencies • Applications “At-a-glance visibility” into both container image inventory and security 23 Know what is inside a container before deployment Layer 1 Layer 2 Layer 3 Layer 4 Container Image Layers
- 27. SACON 201727 Reduce costs by catching container vulnerabilities earlier 1X 7X 15X 100X Design Implementation Testing Maintenance Cost of Fixing Defects in SLDC1 1) Source: Computer Business Review, ”The cost of fixing bugs throughout the SDLC,” March 2017 Reduce costs by >85% by remediating vulnerabilities before deployment Reduce false positives and ensure developers do not waste time fixing non-vulns Reduce Costs
- 28. SACON 201728 Eliminate Blind Spots Comprehensive insight into: • Container image inventory • Summary of vulnerabilities and malware • Distribution of vulnerabilities by CVSS score and risk level Eliminate Blind Spots
- 30. SACON 2017 Container Host The Entire Process Laid Out… Kubernetes Swarm Mesosphere Cloud Foundry Gitlab Github Enterprise Github Bitbucker Server Bitbucket Jenkins Bamboo Distelli Wercker Codeship Source Control Build Public Registry Registry Container images live here before deployment Orchestration Docker
- 36. SACON 2017 Try Tenable.io Container Security today Try It for Free tenable.com/try-container 60 Day Fully Operational Trial for FREE!!
- 37. SACON 201737