Name: Kubernetes RBAC: Getting Permission or Asking for Forgiveness?
Start: 2019-07-30T17:40:00Z
End: 2019-07-30T18:21:14.000Z
Location: BrightTALK
Rating: 0

With containers being the next major disruption in application technology, this channel features live and on-demand videos with insights, updates and latest news on container security. Watch any video at your convenience or sign up to our channel.

Modern development is experiencing a transformation driven by conflicting agendas.  Why?
 
While Security’s traditional tenets would have a risk averse mandated security practice using tested methods, the monolith to micro-service movement has given a home to containerisation and service orchestration.  These new technologies have abstracted critical components of the application infrastructure into the hands of the developers, concealing it from traditional security methods.
 
Add to mix the growing regulatory initiatives like GDPR and CCPA to provide added urgency and new unknowns to compliance directives.
 
Amidst the growing buzz for shift-left developer centric security methods, we will attempt to clarify a new paradigm harnessing emerging technologies.  We’ll explore whether your role is DevOps or Security, or both, with a look towards merging a forward thinking DevSecOps culture. 

This webinar identifies the common ground between security and DevOps, and offers guidance on the best way to build in security without impeding agility, which increases agility without bypassing security.

Why Developer Culture is Bypassing Traditional Security Methods

Serverless runtime security requires deep integration with functions’ code, validation of its input and outputs and control over processes execution.  But adding all recommended security controls has an impact on functions’ performance and cost (invocation durations).  Aqua helps you walk the line that creates an optimal balance between implemented security control and functions runtime performance in one unified security platform for containers and serverless.

In this webinar we’ll discuss:
•Serverless runtime risks, the different security controls and their impact on functions’ performance
•Balancing between function’s risks, security controls and functions’ performance and cost
•Detecting attempts to use functions as a doorway to gain access to other resources 
•Eliminating remote-code-execution (RCE) in serverless functions

Serverless Runtime Protection

Modern enterprises are constantly evolving their development practices by automating manual processes to deliver applications to market more quickly. This new “DevOps” model of application development enables organizations to more effectively serve their customers by bringing products to market faster, and in many cases, a more scalable way. When it comes to security, however, this method comes with an added layer of complexity.

In order to securely manage the velocity and scale of agile software delivery, DevOps teams must adopt a “security-first” mentality.  This is done by shifting left and building security into their development pipeline. 

In this webinar, we’ll show you how you can automate the development and deployment of applications in your DevOps pipeline by embedding comprehensive security testing and policy-driven controls early on, allowing you to:
•Build software quickly, using custom job orchestration 
•See all of your builds, including failed builds and slow tests  
•Identify vulnerabilities and malware in your images as you build your application 
•Configure your “risk-appetite" to pass or fail images in build based on vulnerability severity

DevSecOps - Deploy Secure Cloud Native Apps FAST

Presented in partnership with AWS

Serverless functions are a paradigm shift in the way that modern-day applications are designed and developed. The agility, the associated cost-saving, and the lack of need for an Ops team has led to swift adoption of serverless technology such as AWS Lambda. 

Serverless also changes the way you protect your application, creating the need for a new solution that can address its unique framework. Aqua Security identified the security challenges of serverless architectures some time ago, and can help keep your applications compliant and secure with two unique offerings:

-Aqua’s Serverless Security provides visibility into potential security pitfalls, risk-mitigation recommendations, and policy-enforcement options. It gives users a real-time view of function behavior and flags anomalies based on a behavioral model.

-Aqua’s Advanced Runtime Protection leverages Lambda’s layer to provide comprehensive runtime protection to protect against remote code executions that leverage vulnerabilities in the function’s code, or usage of debug/cli tools like Bash and Shell with negligible impact on your function’s performance.

This webinar, presented in partnership with AWS, will explain how you can secure your serverless workloads on AWS Lambda.

Aqua Serverless Security for AWS Lambda

A joint presentation by Aqua Security and CyberEdge

Based on findings published in CyberEdge’s 6th annual 2019 Cyberthreat Defense Report*, containers are highlighted as one of this year’s “weakest links” in IT security given the lowest overall security posture score.

Mostly this can be attributed to the challenges enterprises face as they transition their containerized applications from the Dev/Test environment into production. Containers require a new approach to security as the traditional security infrastructure is not applicable to cloud native and serverless deployments. Rather they must leverage the cloud-native principles of immutability, microservices and portability using machine-learned behavioral whitelisting, integrity controls and nano-segmentation.

We will discuss :
•Key findings from the 2019 Cyberthreat Defense Report
•The unique security challenges (and benefits) of containers
•What leading enterprises are doing to automate their container security
•What you should look for in a container security solution

Why Container Security Has Become a Top Challenge for Enterprises

With the accelerated pace at which enterprise development and deployment of cloud native microservices-based applications is growing, supporting cloud native applications requires a holistic approach to security and compliance, across the application lifecycle as well as up and down the stack.

This webinar helps security teams understand methods for managing and enforcing security policies, spanning both multi-cloud and on-premises environments across a blend of:

•VM-based containers
•Containers-as-a-Service (CaaS)
•Function-as-a-Service (FaaS)
•Orchestration layer

You’ll learn how the latest release of the Aqua Cloud Native Security platform protects applications across the technology spectrum as well as against undiscovered vulnerabilities by implementing tight compliance and whitelisting-based zero-trust security.

Securing Cloud Native Applications Across the Technology Spectrum

As the adoption of containers and serverless continues to expand to a greater number of enterprises, and to greater numbers of applications within enterprises, it’s not just about managing nodes anymore.  Many organizations now run multiple applications, across disparate teams, running on-prem or on different clouds and orchestrators, resulting in a growing need for scalable security that’s easy-to-manage.

With this complex, scaling environment, who owns Kubernetes security?

Attend this webinar to learn how to better manage complex, multi-application, multi-cloud and multi-team enterprise Kubernetes environments with easy to manage policies, intuitive runtime visibility and RBAC at scale.

The Emergence of Kubernetes and the Need for Enterprise-Grade Security

Presented by the authors of the bestselling O’Reilly Book “Kubernetes Security: Operating Kubernetes Clusters and Applications Safely”

Kubernetes is fundamentally a complex system with lots of different potential attack vectors aimed at data theft, currency mining and other threats. This talk provides an overview of the current state of security-related features in Kubernetes, and gives directional starting points on how to secure Kubernetes components and the applications that run on top of these Kubernetes components. For the topics explored, pointers on where to further investigate will be offered. 
 
Topics Covered: 
•Container image scanning and container security 
•Security boundaries (pod, namespace, node, cluster) 
•Securing the control plane and Kubernetes APIs 
•Authentication and authorization, including new tools available 
•Say no to root (and why)! 
•Runtime considerations, secrets management and more!

The State of Kubernetes Security

All kidding aside, while recent research indicates significant risks in serverless apps, these risks can largely be mitigated using simple, automated steps in CI/CD pipelines, in both staging and production environments. Taking the right preventative measures can significantly reduce risk and thwart potential attacks.

In this webinar, we analyze the risks and attack vectors highlighted by OWASP and other research, categorizing them into 4 categories based on their severity/potential impact. We will show how Aqua’s serverless security solution addresses each category, demonstrating the following: 

•Securing the serverless CI/CD pipeline 
•Automated checks in staging environments that create least privilege roles/permissions model
•Profiling Functions’ behavior based data collected during runtime. 
•Usage of AWS Lambda layers to identify/block malicious activity in serverless functions

57 Easy Steps to Secure Serverless Functions

Container and Cloud-Native Application Security. It’s our passion. We’ve been there alongside our customers every step of the way: enabling them to secure applications before they're deployed, handling challenges in automating DevSecOps, helping them to scale without increasing risk, and more.  We’ve learned a lot.

During this webinar, learn from our three years of hands-on experiences in this rapidly evolving market working on some of the world’s most advanced and large-scale container deployments. 

We’ll share our views on:
•What to invest your time in - what’s most impactful for the effort
•What has been successful 
•What to do as you scale up

Container and Cloud Native Security:  Sharing 3 Years of Valuable Experience

If your infrastructure is running a high load, how can you know whether that's a normal operation or a hacker who's just using your servers to mine bitcoins? In this webinar, we'll show you a better approach to securing containers and how the right combination of monitoring and security tools keeps your systems performant, reliable and secure – against crypto currency mining, and a lot more.

In this webinar, we'll cover how you can:
-Aggregate data streams and customize how your data is displayed
-Track known vulnerabilities and security issues in existing images
-Monitor containers running from unauthorized images
-Monitor runtime policy violations and audit events

Best of Both Worlds: Keep your Apps Performant & Secure using Datadog and Aqua

Benjy Portnoy, Director of DevSecOps at Aqua Security, has spent the past 3 years working with dozens of organizations on securing their deployments of Kubernetes, Docker, Red Hat OpenShift and other cloud native technologies.

In this webinar, Benjy will share his experiences to help you figure out:

• What to expect from platform providers, security-wise, and what gaps remain
• The maturity curve of securing cloud native applications (containers, serverless and what’s in between) – from the most basic controls to advanced runtime controls
• What to expect from a cloud native security platform: Key criteria to consider
• How to ensure that your organization is ready to go into production across various stake holders and teams

Why You Need a Cloud Native Security Solution and How to Evaluate One

The growing adoption of containers and the availability of scalable orchestration tools (e.g. Kubernetes) are creating opportunities to develop more agile, easy-to-update applications that combine stateful and stateless modes. The emerging architecture combines both modalities, that have very different security considerations and risk profiles. 

While Cloud Foundry Application Runtime is well-suited to 12-factor application development, Cloud Foundry Container Runtime is better for flexible, rapidly-updated apps that can scale-out specific parts of the application in a very elastic way. However, from a security standpoint, CFCR presents challenges in the form of 3rd party open-source inflow, developer-driven code changes, and frequent updates. It also presents benefits in the form of immutability, better network segmentation, and lack of persistence on the host (the notion we sometimes refer to as “reverse uptime”). 

This webinar describes how to approach these divergent needs and demonstrates some of the methods and tools that can be used to mitigate risk without slowing down development.

Security Considerations for CF Container Runtime vs. CF Application Runtime

Kubernetes enables you to run containerized workloads at scale on a cluster of virtual machines, while AWS Fargate offers a flexible way to run containers without having to manage servers. What are the best ways to protect these workloads against attacks? In this demo-rich chalk talk, including a live exploit, we explore how techniques like image scanning and runtime protection tools can provide innovative ways to control and secure your containerized applications, even when there is no way to directly access the hosts that they are running on.

Please join us for this encore Chalk Talk delivered by Liz Rice at AWS Re:Invent

Runtime security across Kubernetes and AWS Fargate

Containers and serverless adoption continues to expand, with the numbers of applications growing within enterprises.  Many organizations now run multiple applications, across disparate teams, running on-prem or on different clouds, and requiring varying levels of security and compliance.

Attend this webinar to learn how to better manage complex, multi-application, multi-cloud and multi-team enterprise environments with easy to manage policies, intuitive runtime visibility and role-based access control (RBAC) at scale.

Cloud-Native Security at Scale: Multi-App, Multi-Cloud, Multi-Stack, Multi-Team

The concept of “shift left” engages security earlier in the development cycle of cloud-native applications, accelerating development while reducing risk. However, migrating to cloud-native environments also necessitates the security team to “shift up”, focusing on the application layer to account for the shared-service model and “thin OS” environments that are prevalent in these environments. 

Attend this webinar to learn why Shifting Up provides improved security and cost efficiency in cloud-native environments, including:  

•Container environments 
•Containers as a Service (CaaS) 
•Serverless implementations

Shift Left and Then Shift Up: Strengthening Your Security Posture

A new survey of SANS practitioners has examined how security and risk management leaders will manage the collaborative, agile nature of DevOps to be seamless and transparent in the development process.

In this webcast, Part 1 on the topic, SANS Analyst Authors Jim Bird and Barb Filkins will reveal how practitioners are handling evolving DevOps requirements and challenges, and how they're integrating security into the process.

Secure DevOps: Fact or Fiction?

Liz Rice is delivering an encore presentation of her talk that was delivered during the 2019 KubeSec Barcelona conference.  

For those of you familiar with KubeCon, KubeSec is a co-located KubeCon security event hosted by Aqua Security and partner technologies AWS, Google Cloud, Microsoft Azure, and Red Hat.  In fact, we’ll be hosting another one in November in San Diego – you can find this on the CNCF website under co-located events.

In her talk, Liz explores how permissions work in Kubernetes through Role Based Access Control. RBAC is very powerful, but it’s complex, so in order to explain it she’ll compare it with something more familiar - the read, write and execute permissions visible when listing files on Linux. From there she’ll review how RBAC uses different abstractions and look at some tools for exploring the RBAC configuration on your cluster.

Kubernetes RBAC: Getting Permission or Asking for Forgiveness?

Container Security

Aqua Security

Aquasec

Container Images

Cloud Native

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Kubernetes RBAC: Getting Permission or Asking for Forgiveness?

Presented by

About this talk

More from this channel