New in Production - Sysdig · 2020. 1. 10. · To learn more about how security is converging with...
Transcript of New in Production - Sysdig · 2020. 1. 10. · To learn more about how security is converging with...
To learn more about how security is converging with DevOps, read the 5 Keys to a Secure DevOps Workflow.
GET IT NOW
21 3 4 5
2018
As Kubernetes scales up, security is the #1 challenge facing DevOps*
* IDC TechBrief: Containers
etcd credentials leak
Cryptojacking at TeslaContainer runtime vulnerability
New vulnerabilities discovered in Envoy
Severe Kubernetes HTTP/2 Vulnerabilities
Kubernetes dashboard vulnerability
Kubernetes dashboard vulnerability
Kubernetes exposure at WeightWatchers
June 2018
Jan 2019
Feb 2019
Apr 2019 Aug 2019
Mar 2019
Kubernetes API server DoS vulnerability
kubectl cp vulnerability
Oct 2019
June 2019
2019
Feb 2018
Mar 2018
Embed your secure DevOps workflow into your existing cloud-native ecosystem
Run RespondBuild
CI/CD Security Alerts
Registry Security Event Forwarding/Audit/IR
Vulnerability Scanning
Configuration Validation
Vulnerability Reporting
Runtime Security
Security Monitoring ForensicsIncident
Response Audit
App
sIn
fra
Cont
ext
Master Node Node
1
Continuous Compliance (PCI, NIST, CIS, etc)4
2 3
5
DevOps adds security and compliance into their workflow
Security & Compliance Functions
• Scan for vulnerabilities • Apply runtime policies • Triage security alerts • Speed up incident
response and forensics
Observability Functions
• Monitor availability and performance
• Manage capacity and cost
• Troubleshoot issues
Secure DevOps
Maximize application availability
Adopt a 5 step checklist for a secure DevOps workflow
Scan for vulnerabilities early and ensure configuration meets CIS best practices
• “Containers must not run as root”
• “Block images with high severity vulnerabilities”
Examples ExamplesExamples Examples
• “MITRE ATT&CK framework for container runtime security”
• “Did someone launch a privileged container?”
• “Who are my top talkers?”
• “Is this CPU spike related to a DoS attack?”
• “Is it a malicious attack or configuration error?”
• “PCI Req. 11.4 – Use IDS/IPS to Detect and Prevent Network Intrusion”
Use the same data for security, performance and
capacity monitoring
Apply precise runtime policies for prevention
and detection
Continuously validate compliance (PCI, NIST) across the Kubernetes
lifecycle
Implement a response framework for
troubleshooting and forensics
Performance
Capacity Security
NIST
PCI
GDPRContinuously
Validate
App A
App A
App A
CIS Benchmarks
Vulnerability Feeds
Security is often addressed after deployment
Vulnerabilities or misconfigurations
were not addressed before deployment
52% container images fail scans with high severity* that leaves applications
exposed to attacks*
Best practices for runtime prevention and detection
were not in place
On average, 21 containers per node are running as
root, opening the door for container breakouts*
Most container breaches are often undetected
until it is too late
5 min container lifespan requires purpose-built
tools for audit and incident response*
* Sysdig 2019 container usage report Read the Report
Tools must support a secure DevOps workflow to run Kubernetes and containers in production.
Securing Kubernetes in Production
Are you ready?
<commands run><connections made><processes spawned>
<Kubernetes user activity>