SlideShare a Scribd company logo

The Case For Continuous Security

Threat Stack
Threat Stack

DevOps aims to shorten feedback loops and allow teams to quickly iterate on changes and ship features. However, continuously deploying changes also introduces security risks that must be monitored. SecDevOps seeks to address this by continually monitoring the security implications of operational changes, improving security response times while still allowing for continuous deployment. Implementing continuous security through a SecDevOps methodology is an important challenge that companies need to solve in order to fully benefit from DevOps practices.

Technology
1 of 28
Download to read offline
THE CASE FOR CONTINUOUS SECURITY By Pete Cheslock Senior Director of Ops and Support at Threat Stack @petecheslock
DevOps is a term that has absolutely blown up in the last 5 years.
However, many had an immediate adverse reaction towards Yet Another Buzzword
…especially when the core concepts of “DevOps” were things people had been doing for YEARS!
To shorten the feedback loop in development cycles, allowing teams to iterate quickly on changes and ship features to customer sooner. The Core Tenant of DevOps
Mainstream DevOps = Easily accessible cloud infrastructure + Maturity of operational tooling
For companies starting new product development initiatives, using Configuration Management is table stakes to iterate quickly!
IaaS providers today make it as easy as possible to provision systems to meet infrastructure needs — and quickly.
Physical Data Center Public Compute Resources for flexibility and accessibility provided by Amazon, Google, Microsoft
Companies leverage Infrastructure as Code for major speed to market benefits The Competitive Advantage
Companies can now provision hundreds (or thousands) of compute instances in mere minutes. ! This is an every day activity!
Continuous Integration Continuous Deployment But who (or what) is continually monitoring the state of your operational security?!
Junior sysadmins can now make changes to: ! • a Chef Recipe • a Puppet Manifest • an Ansible Playbook ! ! …and deploy it to production — in minutes… Today…
What is the scope of that change?
to be slowed down by the security team ! or ! configuration management changes to be passed through a Change Control Board Sysadmins DON’T Want:
to change a variable, open a pull request, and once merged, their operational tooling to do the rest! ! They want their change to hit production servers ASAP. Sysadmins Want:
This is where SecDevOps (or SecOps) comes in. (ignore the fact that it’s a silly buzzword just like DevOps…)
If DevOps seeks to value empathy between these two teams that traditionally had different incentives for their positions… Developers Operations value constant change value stability
…then SecDevOps seeks to evoke the SAME outcome with Security teams (and the rest of the business)
If you’re continually deploying changes, you must be continually monitoring security implications for operational changes.
Often times there is no single person that is able to say with absolute certainty which changes to infrastructure have additional risks towards your security posture.
And, if you have a traditional network security organization that manually reviews and approves changes to production… ! ! You’ve introduced the newest bottleneck in your organization. ! ! ! ! ! !
A SecDevOps methodology allows you to improve your security monitoring and response times, while maintaining your ability to continually deploy changes SecDevOps is the answer to this discussion.
This is the most important (and exciting!) problem to solve in many organizations!
But it is also one of the hardest problems to solve. ! This is why at Threat Stack, we’re all excited to be in a unique position to actively help companies solve this.
Start Implementing Continuous Security Today! ! threatstack.com

Recommended

3 Reasons Why The Host Rules Intrusion Detection in The Cloud
3 Reasons Why The Host Rules Intrusion Detection in The Cloud 3 Reasons Why The Host Rules Intrusion Detection in The Cloud
3 Reasons Why The Host Rules Intrusion Detection in The Cloud
Threat Stack
 
4 Steps to Effectively Integrate DevOps Workflows With Cloud Security Practices
4 Steps to Effectively Integrate DevOps Workflows With Cloud Security Practices4 Steps to Effectively Integrate DevOps Workflows With Cloud Security Practices
4 Steps to Effectively Integrate DevOps Workflows With Cloud Security Practices
Threat Stack
 
Should You Use Security Point Solutions?
Should You Use Security Point Solutions?Should You Use Security Point Solutions?
Should You Use Security Point Solutions?
Threat Stack
 
SHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditDSHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditD
Threat Stack
 
It All Started With a Wager About System Upgrades
It All Started With a Wager About System UpgradesIt All Started With a Wager About System Upgrades
It All Started With a Wager About System Upgrades
Threat Stack
 
Using security to drive chaos engineering
Using security to drive chaos engineeringUsing security to drive chaos engineering
Using security to drive chaos engineering
Dinis Cruz
 
#ATAGTR2021 Presentation : "Chaos engineering: Break it to make it" by Anupa...
#ATAGTR2021 Presentation : "Chaos engineering: Break it to make it" by Anupa...#ATAGTR2021 Presentation : "Chaos engineering: Break it to make it" by Anupa...
#ATAGTR2021 Presentation : "Chaos engineering: Break it to make it" by Anupa...
Agile Testing Alliance
 
Chaos engineering intro
Chaos engineering introChaos engineering intro
Chaos engineering intro
Shantanu Deshpande
 

Recommended

3 Reasons Why The Host Rules Intrusion Detection in The Cloud
3 Reasons Why The Host Rules Intrusion Detection in The Cloud 3 Reasons Why The Host Rules Intrusion Detection in The Cloud
3 Reasons Why The Host Rules Intrusion Detection in The Cloud
Threat Stack
 
4 Steps to Effectively Integrate DevOps Workflows With Cloud Security Practices
4 Steps to Effectively Integrate DevOps Workflows With Cloud Security Practices4 Steps to Effectively Integrate DevOps Workflows With Cloud Security Practices
4 Steps to Effectively Integrate DevOps Workflows With Cloud Security Practices
Threat Stack
 
Should You Use Security Point Solutions?
Should You Use Security Point Solutions?Should You Use Security Point Solutions?
Should You Use Security Point Solutions?
Threat Stack
 
SHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditDSHOWDOWN: Threat Stack vs. Red Hat AuditD
SHOWDOWN: Threat Stack vs. Red Hat AuditD
Threat Stack
 
It All Started With a Wager About System Upgrades
It All Started With a Wager About System UpgradesIt All Started With a Wager About System Upgrades
It All Started With a Wager About System Upgrades
Threat Stack
 
Using security to drive chaos engineering
Using security to drive chaos engineeringUsing security to drive chaos engineering
Using security to drive chaos engineering
Dinis Cruz
 
#ATAGTR2021 Presentation : "Chaos engineering: Break it to make it" by Anupa...
#ATAGTR2021 Presentation : "Chaos engineering: Break it to make it" by Anupa...#ATAGTR2021 Presentation : "Chaos engineering: Break it to make it" by Anupa...
#ATAGTR2021 Presentation : "Chaos engineering: Break it to make it" by Anupa...
Agile Testing Alliance
 
Chaos engineering intro
Chaos engineering introChaos engineering intro
Chaos engineering intro
Shantanu Deshpande
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
abhimanyubhogwan
 
The R.O.A.D to DevOps
The R.O.A.D to DevOpsThe R.O.A.D to DevOps
The R.O.A.D to DevOps
SeniorStoryteller
 
The Journey to DevSecOps
The Journey to DevSecOpsThe Journey to DevSecOps
The Journey to DevSecOps
SeniorStoryteller
 
The Next Wave of Reliability Engineering
The Next Wave of Reliability EngineeringThe Next Wave of Reliability Engineering
The Next Wave of Reliability Engineering
Michael Kehoe
 
Overcoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsOvercoming Security Challenges in DevOps
Overcoming Security Challenges in DevOps
Alert Logic
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
DevSecOpsSg
 
Chaos engineering for cloud native security
Chaos engineering for cloud native securityChaos engineering for cloud native security
Chaos engineering for cloud native security
Kennedy
 
Introduction to Chaos Engineering
Introduction to Chaos EngineeringIntroduction to Chaos Engineering
Introduction to Chaos Engineering
Raymond Adrian (Rad) Butalid
 
Chaos Engineering and Systems Reliability
Chaos Engineering and Systems ReliabilityChaos Engineering and Systems Reliability
Chaos Engineering and Systems Reliability
Sylvain Hellegouarch
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
Priyanka Aash
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015
Shannon Lietz
 
Integrating DevOps and Security
Integrating DevOps and SecurityIntegrating DevOps and Security
Integrating DevOps and Security
Stijn Muylle
 
Introduction to Puppet Enterprise 2016.5
Introduction to Puppet Enterprise 2016.5Introduction to Puppet Enterprise 2016.5
Introduction to Puppet Enterprise 2016.5
Puppet
 
Chaos Engineering - The Art of Breaking Things in Production
Chaos Engineering - The Art of Breaking Things in ProductionChaos Engineering - The Art of Breaking Things in Production
Chaos Engineering - The Art of Breaking Things in Production
Keet Sugathadasa
 
Nick Drage & Fraser Scott - Epic battle devops vs security
Nick Drage & Fraser Scott - Epic battle devops vs securityNick Drage & Fraser Scott - Epic battle devops vs security
Nick Drage & Fraser Scott - Epic battle devops vs security
DevSecCon
 
SRE in Startup
SRE in StartupSRE in Startup
SRE in Startup
Ladislav Prskavec
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
An Introduction to Chaos Engineering
An Introduction to Chaos EngineeringAn Introduction to Chaos Engineering
An Introduction to Chaos Engineering
Gremlin
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
Amazon Web Services
 
Silver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security SolutionsSilver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security Solutions
SeniorStoryteller
 
Cylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-OverviewCylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-Overview
Innovation Network Technologies: InNet
 
Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?
Cyber Security Alliance
 

More Related Content

What's hot

Chaos engineering for cloud native security
Chaos engineering for cloud native securityChaos engineering for cloud native security
Chaos engineering for cloud native security
Kennedy
 
Nick Drage & Fraser Scott - Epic battle devops vs security
Nick Drage & Fraser Scott - Epic battle devops vs securityNick Drage & Fraser Scott - Epic battle devops vs security
Nick Drage & Fraser Scott - Epic battle devops vs security
DevSecCon
 

What's hot (20)

Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
The R.O.A.D to DevOps
The R.O.A.D to DevOpsThe R.O.A.D to DevOps
The R.O.A.D to DevOps
 
The Journey to DevSecOps
The Journey to DevSecOpsThe Journey to DevSecOps
The Journey to DevSecOps
 
The Next Wave of Reliability Engineering
The Next Wave of Reliability EngineeringThe Next Wave of Reliability Engineering
The Next Wave of Reliability Engineering
 
Overcoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsOvercoming Security Challenges in DevOps
Overcoming Security Challenges in DevOps
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
 
Chaos engineering for cloud native security
Chaos engineering for cloud native securityChaos engineering for cloud native security
Chaos engineering for cloud native security
 
Introduction to Chaos Engineering
Introduction to Chaos EngineeringIntroduction to Chaos Engineering
Introduction to Chaos Engineering
 
Chaos Engineering and Systems Reliability
Chaos Engineering and Systems ReliabilityChaos Engineering and Systems Reliability
Chaos Engineering and Systems Reliability
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015
 
Integrating DevOps and Security
Integrating DevOps and SecurityIntegrating DevOps and Security
Integrating DevOps and Security
 
Introduction to Puppet Enterprise 2016.5
Introduction to Puppet Enterprise 2016.5Introduction to Puppet Enterprise 2016.5
Introduction to Puppet Enterprise 2016.5
 
Chaos Engineering - The Art of Breaking Things in Production
Chaos Engineering - The Art of Breaking Things in ProductionChaos Engineering - The Art of Breaking Things in Production
Chaos Engineering - The Art of Breaking Things in Production
 
Nick Drage & Fraser Scott - Epic battle devops vs security
Nick Drage & Fraser Scott - Epic battle devops vs securityNick Drage & Fraser Scott - Epic battle devops vs security
Nick Drage & Fraser Scott - Epic battle devops vs security
 
SRE in Startup
SRE in StartupSRE in Startup
SRE in Startup
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
 
An Introduction to Chaos Engineering
An Introduction to Chaos EngineeringAn Introduction to Chaos Engineering
An Introduction to Chaos Engineering
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
 
Silver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security SolutionsSilver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security Solutions
 

Viewers also liked

Viewers also liked (12)

Cylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-OverviewCylance Protect-Next-Generation Antivirus-Overview
Cylance Protect-Next-Generation Antivirus-Overview
 
Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?Robots are among us, but who takes responsibility?
Robots are among us, but who takes responsibility?
 
Exploring the Capabilities and Economics of Cybercrime
Exploring the Capabilities and Economics of CybercrimeExploring the Capabilities and Economics of Cybercrime
Exploring the Capabilities and Economics of Cybercrime
 
Cylance Information Security: Compromise Assessment Datasheet
Cylance Information Security: Compromise Assessment DatasheetCylance Information Security: Compromise Assessment Datasheet
Cylance Information Security: Compromise Assessment Datasheet
 
You're Off the Hook: Blinding Security Software
You're Off the Hook: Blinding Security SoftwareYou're Off the Hook: Blinding Security Software
You're Off the Hook: Blinding Security Software
 
Embracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your DecisionEmbracing Threat Intelligence and Finding ROI in Your Decision
Embracing Threat Intelligence and Finding ROI in Your Decision
 
How to Close the SecOps Gap
How to Close the SecOps GapHow to Close the SecOps Gap
How to Close the SecOps Gap
 
10 Hot Digital UK Start-ups To Watch In 2017
10 Hot Digital UK Start-ups To Watch In 201710 Hot Digital UK Start-ups To Watch In 2017
10 Hot Digital UK Start-ups To Watch In 2017
 
Corporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCorporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomware
 
end-to-end service management with ServiceNow (English)
end-to-end service management with ServiceNow (English)end-to-end service management with ServiceNow (English)
end-to-end service management with ServiceNow (English)
 
Applying eTOM (enhanced Telecom Operations Map) Framework to Non-Telecommunic...
Applying eTOM (enhanced Telecom Operations Map) Framework to Non-Telecommunic...Applying eTOM (enhanced Telecom Operations Map) Framework to Non-Telecommunic...
Applying eTOM (enhanced Telecom Operations Map) Framework to Non-Telecommunic...
 
Hype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerHype vs. Reality: The AI Explainer
Hype vs. Reality: The AI Explainer
 

Similar to The Case For Continuous Security

DevOps_Automation White Paper
DevOps_Automation White PaperDevOps_Automation White Paper
DevOps_Automation White Paper
Toby Thorslund
 

Similar to The Case For Continuous Security (20)

Top DevOps Best Practices for a Successful Transition in 2023
Top DevOps Best Practices for a Successful Transition in 2023Top DevOps Best Practices for a Successful Transition in 2023
Top DevOps Best Practices for a Successful Transition in 2023
 
8 Ways to Boost Your DevOps Efforts
8 Ways to Boost Your DevOps Efforts8 Ways to Boost Your DevOps Efforts
8 Ways to Boost Your DevOps Efforts
 
DevSecOps Trends in 2022 How to Stay Secured, Innovative, and Productive in D...
DevSecOps Trends in 2022 How to Stay Secured, Innovative, and Productive in D...DevSecOps Trends in 2022 How to Stay Secured, Innovative, and Productive in D...
DevSecOps Trends in 2022 How to Stay Secured, Innovative, and Productive in D...
 
5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaper
 
devops-devop-notes.pdf
devops-devop-notes.pdfdevops-devop-notes.pdf
devops-devop-notes.pdf
 
The State of DevOps Tools: A Primer
The State of DevOps Tools: A PrimerThe State of DevOps Tools: A Primer
The State of DevOps Tools: A Primer
 
An introduction to DevOps
An introduction to DevOpsAn introduction to DevOps
An introduction to DevOps
 
Devops ppt copy
Devops ppt copyDevops ppt copy
Devops ppt copy
 
Enterprise DevOps- Importance and Key Benefits You Need to Know
Enterprise DevOps- Importance and Key Benefits You Need to KnowEnterprise DevOps- Importance and Key Benefits You Need to Know
Enterprise DevOps- Importance and Key Benefits You Need to Know
 
How to implement DevOps for Enterprise
How to implement DevOps for EnterpriseHow to implement DevOps for Enterprise
How to implement DevOps for Enterprise
 
DevOps culture, concepte , philosophie and practices
DevOps culture, concepte , philosophie and practicesDevOps culture, concepte , philosophie and practices
DevOps culture, concepte , philosophie and practices
 
What DevOps Isn't
What DevOps Isn'tWhat DevOps Isn't
What DevOps Isn't
 
What Are The Top 5 Trending Technologies In DevOps?.pdf
What Are The Top 5 Trending Technologies In DevOps?.pdfWhat Are The Top 5 Trending Technologies In DevOps?.pdf
What Are The Top 5 Trending Technologies In DevOps?.pdf
 
Bn1006 demo ppt devops
Bn1006 demo ppt devopsBn1006 demo ppt devops
Bn1006 demo ppt devops
 
Capital One DevOps Case Study: A Bank with the Heart of Tech Company
Capital One DevOps Case Study: A Bank with the Heart of Tech CompanyCapital One DevOps Case Study: A Bank with the Heart of Tech Company
Capital One DevOps Case Study: A Bank with the Heart of Tech Company
 
DevOps_Automation White Paper
DevOps_Automation White PaperDevOps_Automation White Paper
DevOps_Automation White Paper
 
DevOps trends to look out for in 2022.pdf
DevOps trends to look out for in 2022.pdfDevOps trends to look out for in 2022.pdf
DevOps trends to look out for in 2022.pdf
 
Why is dev ops essential for fintech development
Why is dev ops essential for fintech developmentWhy is dev ops essential for fintech development
Why is dev ops essential for fintech development
 
Why is dev ops essential for fintech development
Why is dev ops essential for fintech developmentWhy is dev ops essential for fintech development
Why is dev ops essential for fintech development
 
Devops Explained & Best Practices
Devops Explained & Best PracticesDevops Explained & Best Practices
Devops Explained & Best Practices
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Recently uploaded (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 

The Case For Continuous Security

  • 1. THE CASE FOR CONTINUOUS SECURITY By Pete Cheslock Senior Director of Ops and Support at Threat Stack @petecheslock
  • 2. DevOps is a term that has absolutely blown up in the last 5 years.
  • 3. However, many had an immediate adverse reaction towards Yet Another Buzzword
  • 4. …especially when the core concepts of “DevOps” were things people had been doing for YEARS!
  • 5.
  • 6. To shorten the feedback loop in development cycles, allowing teams to iterate quickly on changes and ship features to customer sooner. The Core Tenant of DevOps
  • 7. Mainstream DevOps = Easily accessible cloud infrastructure + Maturity of operational tooling
  • 8. For companies starting new product development initiatives, using Configuration Management is table stakes to iterate quickly!
  • 9. IaaS providers today make it as easy as possible to provision systems to meet infrastructure needs — and quickly.
  • 10. Physical Data Center Public Compute Resources for flexibility and accessibility provided by Amazon, Google, Microsoft
  • 11. Companies leverage Infrastructure as Code for major speed to market benefits The Competitive Advantage
  • 12. Companies can now provision hundreds (or thousands) of compute instances in mere minutes. ! This is an every day activity!
  • 13. Continuous Integration Continuous Deployment But who (or what) is continually monitoring the state of your operational security?!
  • 14.
  • 15. Junior sysadmins can now make changes to: ! • a Chef Recipe • a Puppet Manifest • an Ansible Playbook ! ! …and deploy it to production — in minutes… Today…
  • 16. What is the scope of that change?
  • 17. to be slowed down by the security team ! or ! configuration management changes to be passed through a Change Control Board Sysadmins DON’T Want:
  • 18. to change a variable, open a pull request, and once merged, their operational tooling to do the rest! ! They want their change to hit production servers ASAP. Sysadmins Want:
  • 19. This is where SecDevOps (or SecOps) comes in. (ignore the fact that it’s a silly buzzword just like DevOps…)
  • 20. If DevOps seeks to value empathy between these two teams that traditionally had different incentives for their positions… Developers Operations value constant change value stability
  • 21. …then SecDevOps seeks to evoke the SAME outcome with Security teams (and the rest of the business)
  • 22. If you’re continually deploying changes, you must be continually monitoring security implications for operational changes.
  • 23. Often times there is no single person that is able to say with absolute certainty which changes to infrastructure have additional risks towards your security posture.
  • 24. And, if you have a traditional network security organization that manually reviews and approves changes to production… ! ! You’ve introduced the newest bottleneck in your organization. ! ! ! ! ! !
  • 25. A SecDevOps methodology allows you to improve your security monitoring and response times, while maintaining your ability to continually deploy changes SecDevOps is the answer to this discussion.
  • 26. This is the most important (and exciting!) problem to solve in many organizations!
  • 27. But it is also one of the hardest problems to solve. ! This is why at Threat Stack, we’re all excited to be in a unique position to actively help companies solve this.
  • 28. Start Implementing Continuous Security Today! ! threatstack.com