Name: Ep 2 - Multi-layer App Security in Kubernetes for DevSecOps
Start: 2022-11-22T10:00:00Z
End: 2022-11-22T11:08:40.000Z
Location: BrightTALK
Rating: 0

F5 application services ensure that applications are always secure and perform the way they should—in any environment and on any device. 

F5 EMEA hosts webinar series on the latest IT industry trends around app services and security, so please stay tuned to this channel to get the latest information.  
 
To learn more about F5, visit f5.com or follow @F5_EMEA on Twitter.

Kubernetes has become the de facto platform standard for modern applications. While it provides tools and capabilities to control network and application security, there are many different ways to implement these.

Your security architecture should aim to provide the best possible protection for your applications, while staying aligned with your organisational structure. A flexible model based on shared responsibilities and cloud-native security solutions is key to a successful Kubernetes journey.

By attending this session, you will:

- Understand the main building blocks for application security in Kubernetes
- Gain insights into how NetOps, DevOps, and SecOps can cooperate
- Discover the shift-left approach to security and why it matters

By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

Ep 13 - Reference Designs for Application Security in Kubernetes

While modern applications are getting more distributed and interconnected, API calls are now representing the majority of requests on the Internet. To manage, expose, and protect APIs involves several teams and requires different technologies.

API gateway and security solutions can be deployed either centrally or distributed, inside or outside a Kubernetes cluster, and managed in-house or consumed as a service.

However, using different deployment models within the same organisation complicates how APIs are managed and governed, and requires new skills if deployed as Kubernetes.

In this session, you will learn about:
- The API ecosystem and protocols used
- The differences between API management, gateway, and security
- Various API gateway and security architectures

By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

Ep 12 - API Governance & Security In the Modern Enterprise

Web Application Firewalls (WAF) have grown to become business-critical to protect web applications. In a new Leadership Compass report, KuppingerCole, an independent analyst firm headquartered in Europe, analyses WAF products to help you find the solution that best meets your needs.

Today’s WAF solutions must provide more advanced capabilities to meet new and emerging IT requirements and protect against the evolving landscape of attacks. Beyond core capabilities, WAFs are now filling the gap with Web Application and API Protection (WAAP) capabilities.

In this interactive session, experts from KuppingerCole and F5 will examine the WAF market and elaborate on:
- The difference between WAF and WAAP and the specific capabilities needed in each
- Securing applications with WAF, API security, bot defence, and DDoS mitigation use cases
- Advanced capabilities for WAFs to protect against complex web attacks
- Deployment options such as on-premises, cloud, multi-cloud, and hybrid
- Protecting container-based platforms (e.g. Kubernetes) or microservices

By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

Ep 11 - WAF Market Trends & Security Analyst Recommendations

AUDI, a leading manufacturer of premium cars, in recent years set out to reinvent the way they create, deploy, run, and optimise their applications. AUDI’s Kubernetes Competence Centre designed a cloud‑independent, OpenShift-based platform operating as a seamless application environment. However, the big challenge was how to secure everything.

In this session, we will look at people, processes, and tools and elaborate on how to successfully create a DevSecOps structure in large enterprises. We will provide strategic input for managers, platform owners, and developers on how to support tough business goals and overcome organisational silos through cultural change.

Our presenters from AUDI and F5 will also cover how to:
- Enforce a security-first strategy, encompassing application and container security, attack mitigation, and data protection
- Secure Kubernetes apps without compromising speed or agility
- Leverage a web application firewall solution to protect the application environment

By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

Ep 10 - How AUDI Boosted Time-to-Market Through Cultural Change & Security First

Automation is a growing security problem that most organisations don’t recognise as many have no way of identifying which “users” are real humans and which are bots. Taking advantage of this blind spot, hackers can easily automate or scale attacks, imitate human mouse usage, or leverage AI tools like ChatGPT to assist in malicious coding and phishing campaigns.

And, because moderate and advanced bots can easily evade your defences by posing as human users, MFA, WAFs, and CAPTCHAs are no longer enough to mitigate this threat.

Watch this Fireside Chat featuring David Warburton, Director at F5 Labs, the threat research division of F5, and Brian McKenna, EMEA Regional Director, Analyst Services, ESG to access an in-depth discussion on the state of attacker automation and learn how to shore up your app vulnerabilities against emerging threats.
 
Additional items to be discussed will include:

• The type of attacks bots and automation are capable of
• Future trend predictions for AI-based attacks
• Why cloud migration complicates the bot defence process

The Future of Attacker Automation & AI

Join us for an exclusive myForum event where we explore and debate the most pressing cybersecurity concerns of 2022, and more importantly how organisations can fight back.

Today's cybercriminals vary wildly by motivation, sophistication, level of resources, and depth of specialisation. At the same time, applications are becoming increasingly distributed and decentralised, creating a whole new world of challenges and pain.

Cybersecurity is an infinite game where no organisation or vendor can ever claim outright victory. Staying in that game is only achievable with a long-term strategy, relentless persistence, and constant innovation.

Drawing on the latest research and insights, Bryan Glick (Editor in Chief, Computer Weekly) will be moderating a panel consisting of Lisa Forte (Cybersecurity Expert and Top 100 Women in Tech award winner), David Warburton (Threat Research Manager, F5 Labs), and Matthieu Dierick (Solutions Architect, F5).

By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

Ep 9 - Biggest Cybersecurity Challenges of 2022: Are You Prepared?

Automation is a growing security problem that most organisations don’t recognise as many have no way of identifying which “users” are real humans and which are bots. Taking advantage of this blind spot, hackers can easily automate or scale attacks, imitate human mouse usage, or leverage AI tools like ChatGPT to assist in malicious coding and phishing campaigns.
 
And, because moderate and advanced bots can easily evade your defences by posing as human users, MFA, WAFs, and CAPTCHAs are no longer enough to mitigate this threat.

Watch this Fireside Chat featuring David Warburton, Director at F5 Labs, the threat research division of F5, and Editor in Chief at ComputerWeekly Bryan Glick to access an in-depth discussion on the state of attacker automation and learn how to shore up your app vulnerabilities against emerging threats.
 
Additional agenda items include:
 
• The type of attacks bots and automation are capable of
• Future trend predictions for AI-based attacks
• Why cloud migration complicates the bot defence process

The Future of Attacker Automation and AI

When an application enters production as a container, it arrives as a changeless artifact. The first few moments of its existence are spent communicating and learning through the platform API, DNS services, settings, and volumes. The question is, at what stage was the application most vulnerable and when was it compromised?

In this session you will learn more about emerging attack vectors targeted at applications deployed inside Kubernetes platforms, and how you can protect both the application and Kubernetes from being compromised. Discover how to:
• Monitor your Kubernetes platform for risky behaviours and signs of compromise
• Secure the API with Kubernetes Role-Based Access Control (RBAC)
• Protect the runtime with Kubernetes security policies
• Use ingress controllers to enhance data plane security
• Leverage network policies and service mesh to protect and restrict internal traffic


By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

Ep 8 - Securing Apps Starts with Securing Kubernetes

With cloud architectures, protecting both the application business logic and the underlying application infrastructure is paramount. However, as applications are deployed across multiple cloud environments, they often fail to deliver the desired app-to-app connectivity and security.  To simplify and secure your applications in an increasingly complex infrastructure, you need to deploy a Web Application and API Protection (WAAP) solution that enables consistent security across multi-cloud environments.

In this session, you will learn how you can:

•    Deploy WAF, DDoS, bot defence, and API security functions across multiple clouds
•    Combine WAAP with cloud workload protection to secure the cloud-native infrastructure
•    Gain valuable insights into application threats by leveraging AI and ML capabilities

By watching this webinar, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time.

Protect Your Apps and APIs to Thrive in a Multi-Cloud World

The fact that application attacks are on the rise is a growing concern for business leaders, as applications are the gateway to an organisation's most valuable assets – the data.

With the right web application firewall (WAF), you can block the relentless attacks that aim to take down your services and exfiltrate your data. Application and DevOps teams adopting agile methodologies are now building and deploying new apps at a speed that is difficult for security teams to keep up with.

In this session our experts will explain how you can reduce time-to-market for your new apps by:
• Harmonising your WAF deployment with your DevOps practices to reduce friction between application and security teams
• Integrating your WAF security policies into the developers’ CI/CD pipelines
• Adopting a security-as-code methodology by integrating security policies in a repository, such as Git

By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

Ep 7 - Integrating WAF into DevSecOps Practices

With cloud architectures, protecting both the application business logic and the underlying infrastructure is paramount. With the F5 Distributed Cloud platform, your business logic is secured by comprehensive WAAP functions, providing WAF, DDoS, bot defence, and API security capabilities, while your cloud workloads are kept safe with Application Infrastructure Protection.

In the sessions, you will learn how easily you can:

• Protect your applications with state-of-the-art WAAP capabilities
• Combine WAAP with cloud workload protection to secure the cloud-native infrastructure
• Enhance application performance, availability, and user experience with advanced DNS and CDN capabilities

Missed session 1? Click the link below to sign-up.

Learn more and watch the App Success series about how the F5 Distributed Cloud platform can not only protect but also connect and deploy your apps: https://www.f5.com/c/emea-2023/webinar/app-success

By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

Session 2: Protect Your Apps and APIs across a Distributed Cloud

A challenge that many organisations face today is the ability to scale out their application delivery infrastructure to accommodate a short-term, unforeseen, or planned increase in traffic and users. Scaling out doesn’t have to take days or weeks, nor does it have to be a tedious time-consuming process. Automation is the key to simplifying the scaling process and making it repeatable. 

In this session, you can learn how infrastructure as a code can help you seamlessly scale up your application delivery infrastructure to unparalleled levels. Through use cases, we’ll show how you can:

• Leverage HashiCorp Terraform to deploy your app delivery infrastructure across multiple clouds 
• Utilise declarative API interfaces to help provision and configure your infrastructure more efficiently 
• Automatically configure services through service discovery 

Watch the other episodes of the series: 

Ep 1: Modernising and Securing Your API Architecture 
Ep 2: Multi-layer App Security in Kubernetes for DevSecOps 
Ep 3: How Smarter Bot Mitigation with Machine Learning Can Reduce Business Risks and Costs 
Ep 4: Why You Need Observability Beyond Monitoring Apps 
Ep 5: Top 5 Pitfalls to Avoid in Client-Side Security 

By watching this webinar, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

Ep 6 - Scaling Your App Delivery Infrastructure in Minutes not Days

With cloud architectures, protecting both the application business logic and the underlying application infrastructure is paramount. With the F5 Distributed Cloud platform, your business logic is secured by comprehensive Web Application and API Protection (WAAP) functions, providing WAF, DDoS, bot defence, and API security capabilities, while your cloud workloads are kept safe with the Application Infrastructure Protection components of the platform.

In the sessions you will learn how easily you can:

• Protect your applications with state-of-the-art WAAP capabilities
• Combine WAAP with cloud workload protection to secure the cloud-native infrastructure
• Enhance application performance, availability, and user experience with advanced DNS and CDN capabilities

Don't miss out and click the link below to sign up to watch session 2.

Learn more and watch the App Success series about how the F5 Distributed Cloud platform can not only protect but also connect and deploy your apps: https://www.f5.com/c/emea-2023/webinar/app-success

By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

Session 1: Protect Your Apps and APIs across a Distributed Cloud

As you secure your applications and protect them from security breaches and fraud events, you've likely turned to preventative and detective controls on the server side. 

On the other hand, client-side threats such as malicious JavaScript, formjacking, data exfiltration, digital skimming, and Magecart make up a significant portion of attacks across all industries. Those attacks can lead to customer data theft, regulatory scrutiny, compromised user experience, lack of trust, stuck sales cycles, and revenue loss. 

In this session, we'll explore the challenges involved in client-side security. We'll cover: 

• The complexities and challenges involved in client-side security 
• How enterprises can avoid common pitfalls when addressing client-side security 
The benefits of looking at the client-side environment to mitigate risk 

Watch the other episodes of the series: 

Ep 1: Modernising and Securing Your API Architecture 

Ep 2: Multi-layer App Security in Kubernetes for DevSecOps 

Ep 3: How Smarter Bot Mitigation with Machine Learning Can Reduce Business Risks and Costs 

Ep 4: Why You Need Observability Beyond Monitoring Apps 

Ep 6: Scaling Your App Delivery Infrastructure in Minutes not Days 

By watching this webinar, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

Ep 5 - Top 5 Pitfalls to Avoid in Client-Side Security

In this session, you will learn how to leverage collected metrics and pre-defined alerts to visualise application condition through open-source tools such as Elasticsearch, Kibana, and Prometheus. 

Using real-life use cases, we'll discuss how you can: 

• Control every deployed application 
• Visualise automatically deployed applications 
• Enable your existing solutions to drive observability for your deployed applications 
Reveal illegal or malicious behaviour towards your published services 

Watch the other episodes of the series: 

Ep 1: Modernising and Securing Your API Architecture 

Ep 2: Multi-layer App Security in Kubernetes for DevSecOps 

Ep 3: How Smarter Bot Mitigation with Machine Learning Can Reduce Business Risks and Costs 

Ep 5: Top 5 Pitfalls to Avoid in Client-Side Security 

Ep 6: Scaling Your App Delivery Infrastructure in Minutes not Days 

 

By watching this webinar, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time

Ep 4 - Why You Need Observability Beyond Monitoring Apps

Over 50% of web traffic today is generated by bots. As bad bots are involved in nearly every attack, it's critical to be able to identify bad bots and protect against them. But how can you distinguish between good bots, bad bots, and humans?

In this session, you will learn:
- What types of application attacks are commonly performed by bots
- How bots infect, propagate, and attack your applications
- Which technologies are available to distinguish between valid traffic and bad bots
- How you can defend against bad bots without disrupting the good ones
- How reducing bot traffic will reduce your total cost

Ep 3 - Smarter Bot Mitigation with Machine Learning Can Reduce Risks and Costs

Modern applications are complex, consisting of multiple software elements that are developed and upgraded separately. Studies from Cloud Native Computing Foundation and others show that containers and container orchestration platforms are now the “new normal” for application development and scaling.

In this session, we will focus on security services that can be deployed and scaled in orchestration platforms like Kubernetes.

You will learn how you can:
- Protect your applications against app-layer attacks
- Easily deploy and operate app protection with an ingress controller inside your Kubernetes cluster
- Evolve and scale add-on services, protecting your applications at the pace of your traffic
- Provide additional services like DDoS protection to not only secure your applications, but also your clusters


By watching this podcast, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time.

Ep 2- Multi-layer App Security in Kubernetes for DevSecOps

With the API market growing and evolving fast, apps and APIs are increasingly under attack. Gartner predicts that by 2022, API abuses will be the attack vector most frequently resulting in data breaches for enterprise web applications.

With the shift to microservices, the centralised API gateway architecture is evolving towards a more distributed model with micro API gateways embedded within microservices environments.

In this session, you will learn how to:
- Publish, manage, and secure your APIs from the latest attack vectors
- Integrate your API gateway in your application lifecycle
- Introduce DevSecOps methodologies in your API projects

Ep 1 - Modernising and Securing Your API Architecture

How AUDI Boosted Time-to-Market Through Cultural Change & Security First - Ep 10

Reference Designs for Application Security in Kubernetes - Ep 13

API Governance & Security In the Modern Enterprise - Ep 12

WAF Market Trends & Security Analyst Recommendations - Ep 11

Ep 3 - Smarter Bot Mitigation with Machine Learning

MyForum Series

Ep 2 - Multi-layer App Security in Kubernetes for DevSecOps

Cyber Security

Cloud

Cyber Attacks

Cloud Security

Digital Transformation

IT Security

Security

Information Security

Cyber Defence

Network Security

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Ep 2 - Multi-layer App Security in Kubernetes for DevSecOps

Presented by

About this talk

More from this channel