Hi [[ session.user.profile.firstName ]]

Container Security in the Enterprise

Following an extensive research update for 2018, join Adrian Lane, CTO at Securosis, and Amir Jerbi, CTO at Aqua Security, for an in-depth look at container security challenges, best practices, and benefits of deploying containers with security in mind.

While a lot has changed and improved in the container ecosystem, enterprises are still trying to find the most effective ways to ensure security and compliance. Having researched this topic in 2016, and once again in recent months, Adrian will provide insights into key areas:
How security risks shift in the era of containers, making traditional security tools insufficient key areas to focus on, including the build pipeline, container contents, host security, runtime security, monitoring, and auditing.
Recorded Mar 27 2018 48 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Adrian Lane, Analyst and CTO at Securosis, and Amir Jerbi, co-founder and CTO at Aqua Security
Presentation preview: Container Security in the Enterprise

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Container and Cloud Native Security: Sharing 3 Years of Valuable Experience Feb 6 2019 6:00 pm UTC 60 mins
    Dustin Aubrey and Aaron Armagost with Aqua Security
    Container and Cloud-Native Application Security. It’s our passion. We’ve been there alongside our customers every step of the way: enabling them to secure applications before they're deployed, handling challenges in automating DevSecOps, helping them to scale without increasing risk, and more. We’ve learned a lot.

    During this webinar, learn from our three years of hands-on experiences in this rapidly evolving market working on some of the world’s most advanced and large-scale container deployments.

    We’ll share our views on:
    •What to invest your time in - what’s most impactful for the effort
    •What has been successful
    •What to do as you scale up
  • Security Considerations for CF Container Runtime vs. CF Application Runtime Jan 15 2019 5:00 pm UTC 60 mins
    John Michaelson, Director of Partner Integrations
    The growing adoption of containers and the availability of scalable orchestration tools (e.g. Kubernetes) are creating opportunities to develop more agile, easy-to-update applications that combine stateful and stateless modes. The emerging architecture combines both modalities, that have very different security considerations and risk profiles.

    While Cloud Foundry Application Runtime is well-suited to 12-factor application development, Cloud Foundry Container Runtime is better for flexible, rapidly-updated apps that can scale-out specific parts of the application in a very elastic way. However, from a security standpoint, CFCR presents challenges in the form of 3rd party open-source inflow, developer-driven code changes, and frequent updates. It also presents benefits in the form of immutability, better network segmentation, and lack of persistence on the host (the notion we sometimes refer to as “reverse uptime”).

    This webinar describes how to approach these divergent needs and demonstrates some of the methods and tools that can be used to mitigate risk without slowing down development.
  • Runtime security across Kubernetes and AWS Fargate Jan 10 2019 6:00 pm UTC 60 mins
    Liz Rice Technology Evangelist, Aqua Security
    Kubernetes enables you to run containerized workloads at scale on a cluster of virtual machines, while AWS Fargate offers a flexible way to run containers without having to manage servers. What are the best ways to protect these workloads against attacks? In this demo-rich chalk talk, including a live exploit, we explore how techniques like image scanning and runtime protection tools can provide innovative ways to control and secure your containerized applications, even when there is no way to directly access the hosts that they are running on.

    Please join us for this encore Chalk Talk delivered by Liz Rice at AWS Re:Invent
  • Cloud-Native Security at Scale: Multi-App, Multi-Cloud, Multi-Stack, Multi-Team Recorded: Nov 28 2018 44 mins
    Rani Osnat - V.P. Product Marketing, Aqua Security
    Containers and serverless adoption continues to expand, with the numbers of applications growing within enterprises. Many organizations now run multiple applications, across disparate teams, running on-prem or on different clouds, and requiring varying levels of security and compliance.

    Attend this webinar to learn how to better manage complex, multi-application, multi-cloud and multi-team enterprise environments with easy to manage policies, intuitive runtime visibility and role-based access control (RBAC) at scale.
  • Shift Left and Then Shift Up: Strengthening Your Security Posture Recorded: Nov 26 2018 54 mins
    Tsvi Korren - Chief Solutions Architect at Aqua Security
    The concept of “shift left” engages security earlier in the development cycle of cloud-native applications, accelerating development while reducing risk. However, migrating to cloud-native environments also necessitates the security team to “shift up”, focusing on the application layer to account for the shared-service model and “thin OS” environments that are prevalent in these environments.

    Attend this webinar to learn why Shifting Up provides improved security and cost efficiency in cloud-native environments, including:

    •Container environments
    •Containers as a Service (CaaS)
    •Serverless implementations
  • Secure DevOps: Fact or Fiction? Recorded: Nov 14 2018 62 mins
    SANS Jim Bird and Barb Filkins and Rani Osnat, Aqua Security
    A new survey of SANS practitioners has examined how security and risk management leaders will manage the collaborative, agile nature of DevOps to be seamless and transparent in the development process.

    In this webcast, Part 1 on the topic, SANS Analyst Authors Jim Bird and Barb Filkins will reveal how practitioners are handling evolving DevOps requirements and challenges, and how they're integrating security into the process.
  • Fast & Secure: Protect Kubernetes Apps on Google Cloud with Aqua Security Recorded: Nov 9 2018 43 mins
    Maya Kaczorowski (Google), Rani Osnat and John Michaelson (Aqua)
    Google said it themselves, “We are on a mission to make containers accessible to everyone, especially the enterprise.” But enterprises also need enterprise-grade security.

    Enter the Aqua Container Security Platform (CSP), the first consumption-based container runtime security solution available on the Google Cloud Platform (GCP) Marketplace.

    Aqua CSP is deployed onto your GKE cluster with one click. Once deployed, you get full lifecycle security for your container and Kubernetes-based applications, from image scanning to runtime and network controls.

    Attend this webinar and learn how to:
    • Protect GKE workloads while paying only for running nodes, per hour, via your monthly GCP bill.
    • Scan images in your pipeline and in the Google Container Registry, and ensure that only trusted images are deployed into production
    • Apply least-privilege security policies to your runtime environment to automatically detect and prevent malicious activity and container-related attacks
    • Segment services on your cluster with container-level firewalling
    • Integrate with Google’s Cloud Security Command Center for streamlined visibility
  • Securing Apps Across Containers & VMs - Ensuring Good Rather than Chasing Bad Recorded: Oct 25 2018 46 mins
    Nolan Karpinski with VMware and John Michaelson with Aqua Security
    As more businesses embrace modern, agile application development processes, implementing security at the speed of the business requires an approach that easily extends across both containers and VMs.

    Attend this webinar and learn how this integrated, highly scalable approach to securing VMs and containers through a combined solution allows security teams to visualize their security policy for VMs and containers within AppDefense, as well as view and respond to policy violations from Aqua within AppDefense.

    During this webinar, we’ll review:

    • Runtime assurance for containers that sends container context — called “runtime profiles” — to AppDefense
    • How this policy is visualized within AppDefense once it’s inherited from Aqua in order to rationalize policy across various services and modes of deployment.
    • Event identification and tracing in AppDefense
  • Preventive Security for Kubernetes Recorded: Oct 16 2018 47 mins
    Liz Rice Technology Evangelist, Aqua Security
    Aqua’s open source tools arm Kubernetes administrators and developers with an easy way to identify weaknesses in their deployments so that they can address those issues before they are exploited by attackers.

    During this webinar we’ll review how Aqua's open source tools offer preventive security for Kubernetes:

    •Kube-Bench: checks a Kubernetes cluster against 100+ checks documented in the CIS Kubernetes Benchmark.
    •Kube-Hunter: conducts penetration tests against Kubernetes clusters that hunt for exploitable vulnerabilities and misconfiguration - both from outside the cluster as well as inside it (running as a pod).
  • From Containers to Serverless: Keys to Securing Cloud-Native Workloads Recorded: Oct 10 2018 33 mins
    Ariel Shuper, Sr. Director of Product Management
    As your environment expands from managing your own containers to include Containers as a Service (CaaS) and Serverless, what are the new risks of abstracting the underlying infrastructure? What are the best practices for ensuring consistent policies and compliance across hybrid environments combining serverless and containers?

    During this webinar, we will explore the impact of CaaS and Serverless deployments on the enterprise security landscape and how to best protect applications regardless of where they run:

    •The attack vectors of serverless environments
    •The common practices which can be used across the different platforms
    •The unique steps to protect each workload type and environment
    •Why legacy security tools are not sufficient for microservices landscape

    You’ll walk away with a solid understanding of how to combat the inherent security challenges of Serverless architectures and micro-services landscape.
  • Google Cloud Platform - How to deploy Aqua onto your GKE cluster Recorded: Oct 4 2018 13 mins
    John Michaelson, Director of Partner Integrations
    This 12 minute video explains how to:
    •Protect GKE workloads while paying only for running nodes, per hour, via your monthly GCP bill.
    •Scan images in your pipeline and in the Google Container Registry, and ensure that only trusted images are deployed into production
    •Apply least-privilege security policies to your runtime environment to automatically detect and prevent malicious activity and container-related attacks
    •Segment services on your cluster with container-level firewalling
    •Integrate with Google’s Cloud Security Command Center for streamlined visibility
  • Cloud-Native Application Security Best Practices Expert Advice for Developers Recorded: Sep 28 2018 62 mins
    Karthik Gaekwad, Full Stack Developer | Bob Quillin,VP Oracle Cloud Developer Relations
    ADTMag hosted two very credible presenters, both cloud-native developers from Oracle, during htis Aqua sponsored DevSecOps presentation.

    Karthik Gaekwad, full stack developer and principle cloud-native evangelist and Bob Quillin, Vice President, Oracle Cloud Developer Relations, covered practical use cases and scenarios from a developers perspective about best practices to secure cloud-native apps. They also highlighted open source tools, including Aqua’s kube-bench.
  • Active Workload Protection on Amazon EKS and AWS Fargate Recorded: Sep 14 2018 38 mins
    Scott Ward, Principal Solution Architect, AWS and Liz Rice Technology Evangelist, Aqua Security
    Container adoption has been skyrocketing, but as enterprises mature their container implementations, they face challenges in large-scale orchestration, time-to-market, and security. Amazon’s Managed Kubernetes Service (EKS) and AWS Fargate, which runs containers without having to manage servers or clusters, offer organizations great flexibility, scale and hassle-free options for deploying container-based applications.

    The different modes of deployment also make it necessary to gain visibility and uniform security controls across EKS clusters and Fargate deployments. Protecting the application layer requires in-depth understanding of the workloads and their intended functionality.

    Attend this webinar to see how the combination of AWS security controls and Aqua’s comprehensive container security platform provide a complete solution for securing containerized applications:

    •Full life-cycle security controls that ensure applications are secured before they’re deployed
    •Visibility into the security and compliance posture of applications deployed across Fargate and EKS
    •Single-pane-of-glass management of security policy, uniformly across clusters and deployment modalities
    •Leveraging other native AWS services including Amazon ECR, AWS KMS, IAM roles, and PrivateLink

    Join our speakers Scott Ward, Principal Solution Architect, AWS and Liz Rice, Technology Evangelist, Aqua to learn how to secure your AWS container deployments.
  • Deploying a PCI DSS-Compliant Kubernetes Cluster Recorded: Aug 29 2018 49 mins
    Katie Paugh – DevOps Lola, K.S. Root – Senior Operations Engineer Lola, Sigalit Kaidar– Director of Product Marketing Aqua
    Based on the great presentation by the Lola team @Boston-Kubernetes-Meetup#10, we’ve decided to expand this important conversation. We will be hosting a more detailed webinar on PCI DSS to show how you can deploy a Kubernetes cluster that meets these security standards (including GDPR and NIST mandates), while still maintaining DevOps agility.

    This dedicated session will cover tools used, obstacles we’ve encountered, and important design decisions we’ve made to maintain compliant, while still preserving an agile development process.
  • Embedding Security into Your Cloud-Native Pipeline Recorded: Aug 3 2018 53 mins
    Mostafa Siraj with Capital One and Rani Osnat with Aqua Security
    Embedding security into your cloud-native pipeline (SD Times)

    Aqua Security joins Mostafa Siraj with Capital One to talk about security for cloud native apps.

    In today's modern software factories, organizations are shifting security to the left. No longer just the purview of firewalls, security needs to be built in during development and deployment processes. By doing so, organizations can ensure they are limiting vulnerabilities getting into production while cutting costs of both downtime and code rework. Attendees will learn:

    •How to ensure that the use of open source doesn’t introduce vulnerabilities and other security risks
    •How to automate delivery of trusted images using a policy-driven approach
    •Empowering developers to secure their applications, while maintaining segregation of duties
    •Ensuring the consistent flow of images through the pipeline, with no side-doors or introduction of unvetted images
    •Enforcing immutability of containers, preventing container-image drift
  • Scanning Container Images for Package Vulnerabilities: A FreeTool from Aqua Recorded: Jul 23 2018 46 mins
    Liz Rice Technology Evangelist, Aqua Security
    A container image scanner looks at the software packages included in the image file system and checks it against a list of packages with known vulnerabilities - typically the NVD. Because this is a critical first step in assessing risks in containers before they deploy, Aqua offers a free-to-use tool for scanning your container images for package vulnerabilities.

    Aqua’s scanner - which is the same whether you’re using MicroScanner or our full Container Security Platform - looks at many sources, such as the distributions’ own security advisories, and information from software developers themselves, to keep track of these differences. Our scanner does manual checks to further eliminate false positives and false negatives - a less common, but important, occurrence.

    Attend this webinar to learn by way of demonstration how to use this tool for vulnerability scanning in container images and what makes it different from other scanner tools.
  • Enforcing Immutability & Least Privilege to Secure Containers: Red Hat OpenShift Recorded: Jul 19 2018 48 mins
    Tsvi Korren - Chief Solutions Architect at Aqua Security
    One of the benefits of using containers, especially in microservices-based applications, is they make it easier to secure applications via runtime immutability—or never-changing—and applying least-privilege principles that limit what a container can do.

    With immutability, every attempt to change the runtime environment is interpreted as an anomaly. And, thanks to containers’ simplicity, it is easier to predict their behavior in the application context and create a tight security envelope, allowing them to perform only their required function and preventing behaviors outside that scope.

    In this webinar, Tsvi Korren, Chief Solutions Architect at Aqua Security, will explain and demonstrate how an approach that enforces immutability and least privilege can secure applications in an active container environment.
  • Protéger vos applications conteneurisées du développement à la produ Recorded: Jun 28 2018 39 mins
    Webinaire Devoteam + Aqua Security
    Ce webinaire va se concentrer sur la manière de sécuriser les conteneurs dans n’importe quel environnement IT tout en maintenant une haute disponibilité des services. Nous aborderons les défis en terme de sécurité de tels environnements et comment protéger les applications dans les conteneurs, de leur développement à la production en utilisant des contrôles de sécurité, des secrets et des accès en se référant aux standards de sécurité et de compliance (CIS, NIST… ).

    Ce webinaire est principalement destiné à :
    -Les administrateurs de la sécurité et les architectes qui veulent en savoir plus sur les risques et les avantages de l'utilisation des conteneurs, et comment les sécuriser efficacement
    -Les équipes de développement d'applications et les équipes DevOps qui souhaitent proposer des applications plus sécurisées
  • MicroScanner: Free Image Vulnerability Scanning Plugin for Jenkins Recorded: Jun 25 2018 4 mins
    Rani Osnat
    This is a 3 minute "how it works" demo of the free Aqua MicroScanner Jenkins plug-in vulnerability scanner that you can embed into the dockerfile and automate scanning during image build.

    Please refer to the attachment section to get the link to download the Microscanner.
  • Kubernetes – How to Prevent Attacks with Admission Controllers Recorded: Jun 19 2018 34 mins
    Benjy Portnoy, CISSP, CISA, and Rani Osnat, VP Product Marketing at Aqua Security
    This is an expanded version of what was presented at the KubeCon Lightning Talk

    An admission controller intercepts requests to the Kubernetes API server prior to persistence of the object. By applying proper admission controls in your Kubernetes cluster, it's possible to generate deployments that adhere to the least privilege model, limiting user and container activity based on their business usage needs.

    In this session, we will review the latest and greatest Kubernetes 1.10 admission controller capabilities. We will demonstrate in a live demo a dynamic admission control webhook that can be customized to limit privileged user access.

    You’ll walk away understanding how to make such standards easier to implement and methods for going beyond them to provide security worthy of critical applications in production.
Insights, updates and latest news on container security.
With containers being the next major disruption in application technology, this channel features live and on-demand videos with insights, updates and latest news on container security. Watch any video at your convenience or sign up to our channel.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Container Security in the Enterprise
  • Live at: Mar 27 2018 5:00 pm
  • Presented by: Adrian Lane, Analyst and CTO at Securosis, and Amir Jerbi, co-founder and CTO at Aqua Security
  • From:
Your email has been sent.
or close