Name: Using eBPF for Container Monitoring, Security, and Forensics
Start: 2019-03-07T18:30:00Z
End: 2019-03-07T19:06:46.000Z
Location: BrightTALK
Rating: 5

As cloud native becomes the standard for application deployment, IT roles must adapt. Cloud teams are taking ownership for security, as well as application performance and availability. Tools must support a secure DevOps workflow to run Kubernetes and containers in production. Sysdig enables companies to confidently run cloud-native workloads in production. With the Sysdig Secure DevOps Platform, cloud teams can embed security, maximize availability, and validate compliance. The Sysdig platform is open by design, with the scale, performance, and usability enterprises demand. The largest companies rely on Sysdig for cloud-native security and visibility. Learn more at www.sysdig.com.

Shifting to containers accelerates application delivery, but tends to complicate security, visibility and compliance. DevOps teams are learning that they can’t solve these new business challenges with traditional approaches. Moving to cloud-native infrastructure brings about critical security issues that can be avoided with the right solutions in place.

In this session, we will discuss and demonstrate how three global companies avoided security and compliance issues using Red Hat® OpenShift® and Sysdig solutions to protect their businesses:

- A payment processing provider deployed image scanning for PCI compliance but found developers drowned in false positives. They needed a way to tune vulnerability detection inside CI/CD pipelines and see beyond OS vulnerabilities to avoid risk.

- Ford, one of the world’s largest automobile manufacturers, faced visibility issues with its rollout of stateful applications on Red Hat OpenShift. To meet security regulations, it needed to see inside containers to detect and stop threats.

- A large credit card company found compliance to be one of the hardest problems to solve in a dynamic environment. With containers living only seconds, how could the firm capture activity data for compliance audits and forensics?

Eric is Director of Product Marketing at Sysdig, focused on joint partner solutions. Prior to Sysdig, Eric led marketing for storage startup, Hedvig. He has also worked at tech companies including Riverbed and EMC. Eric holds a BA in Public Relations from Pepperdine University.

This webinar is co-hosted in partnership with Sysdig and Red Hat. As a result, both Red Hat and Sysdig  are collecting your personal data when you submit such information as part of the registration process above. 
For more information on each party’s privacy practices, please see: 
Red Hat’s Privacy Statement: www.redhat.com/en/about/privacy-policy 
Sysdig’s privacy policy: https://sysdig.com/privacy-policy

Solving Kubernetes security issues using Red Hat OpenShift & Sysdig

Multi-cloud’s time has arrived. According to recent surveys, 85% of organizations are working towards, or already working with, a multi-cloud architecture. What are the benefits multi-cloud can bring to your organization, and what do you need to know to ensure success?

Join this expert panel where cloud leaders from around the globe share insights and tips on how to overcome multi-cloud challenges so that you can reap the benefits - including increased reliability, flexibility and reduced DDoS attacks. 

Points of discussion will include: 
- Knowing which cloud provider is best for your workload
- How to navigate increased operational complexity, including standardization
- Understanding complicated cost models and billing
- Managing and implementing additional security and governance

Speakers: 
Diana Kelley, Partner, Security Curve
Chris Kranz, EMEA SE Manager, Sysdig
Mike Giacometti, Senior Product Manager, CloudHealth by VMware
Mohit Tiwari, CEO and Co-Founder of Symmetry Systems

Thriving in a Multi-Cloud World: Strategies for Success

The growth and adoption of Kubernetes for container orchestration and Prometheus for monitoring have made it easier to grow while monitoring your workloads. However, as you scale your AWS environments, your monitoring capability needs to keep pace. Ongoing maintenance, troubleshooting, and security become more difficult without having robust tools to help provide a centralized view of all the various services and applications.

Join AWS and Sysdig to learn:
- How to capture granular system information to troubleshoot outliers in your Kubernetes environments
- How to build robust and meaningful dashboards for all your AWS services
- How to reduce implementation overhead and maintenance for Prometheus exporters

AWS Observability 101: Kubernetes and Prometheus Monitoring with Sysdig

Amazon’s Managed Kubernetes Service (EKS) offers organizations flexibility as teams ramp up containerized applications in production. And yet, managing security risk for the workloads running on EKS is still the customer’s responsibility. To make your teams as productive as possible, you need to automate and merge security and compliance into the DevOps workflow.

In this webinar, we will review how the combination of AWS security controls with open-source and commercial tools from Sysdig can provide comprehensive security for your EKS workloads.

Join us as we share:
- 2019 AWS container survey highlights
- Security best practices for EKS
- How open-source tools like Falco provides runtime detection in EKS
- How customers have used Sysdig Secure to secure their AWS container environments
- Live demo!

AWS Security 101: Securing Amazon EKS with Falco & Sysdig

The evolution of technology presents innovation and challenges, in both public and private sectors. Legacy systems, workforce transformation, technical debt, security updates, infrastructure demands have all become common vernacular. Deciding what to prioritize and how to manage the changes can define the success of technology transformation and set the stage for future improvements. This webinar, featuring Emily Fox, NSA; Loris Degioanni, Sysdig; and Michael Ducy, Red Hat, seeks to identify technology best practices and DevSecOps collaboration. Join us July 7!

Emily Fox, DevOps Security Lead, National Security Agency @TheMoxieFox
Loris Degioanni, Chief Technology Officer and Founder, Sysdig @LorisDegio
Michael Ducy, Cloud Native Transformation Lead, Red Hat @MFDii

DevSecOps: What to focus on first? Harnessing Best Practices & Avoiding Pitfalls

Challenges abound when it comes to securing and monitoring containers, Kubernetes, and cloud-native applications across development and production. Most notably, scaling Prometheus monitoring beyond a few servers and applications presents issues when trying to troubleshoot problems that span multiple applications and clusters. We'll share our experience using Prometheus at scale, providing different solutions and highlighting the challenges to solve in each step.

Cloud Native Monitoring: Scaling Prometheus

With the release of Kubernetes 1.18, we saw 40 features and updates added. In a recent blog post we collated these together in one place so that you can learn what may affect your clusters and prepare for change. Now, we go one step further, inviting Alex Ellis, CNCF Ambassador and Open Source project founder to share his take on the changes.

We saw Alex’s in-depth article on the recent deprecations around “kubectl run” and asked him to pick four of his highlights to share with examples. Join this webinar as Alex covers the following areas and what you should do next:
- What’s the debug command do?
- How is Ingress changing?
- Why keep secrets as immutable?
- What’s going on with “kubectl run”?

Exploring Kubernetes 1.18 with Alex Ellis

Securing Kubernetes requires putting controls in place to detect unexpected behavior that could be malicious. Examples include:

- Exploits of unpatched and new vulnerabilities
- Insecure configurations
- Leaked or weak credentials
- Insider threats

Even when processes are in place for vulnerability scanning and implementing pod security and network policies, not every risk will be addressed. You still need mechanisms to confirm these security barriers are effective and provide a last line of defense when they fail. In order to keep up with threats at runtime, an open-source based approach can help you stay up to date.In this webinar, you will learn how to manage security risk at runtime in your RKE environments using Falco, a CNCF project for runtime security. Falco efficiently leverages Extended Berkeley Packet Filter (eBPF), a secure mechanism, to capture system calls and gain deep visibility. By adding Kubernetes application context and Kubernetes API audit events, teams can understand exactly who did what. We will also cover how Sysdig Secure extends the Falco detection engine and eases the burden of creating and updating Falco rules. It can also generate fewer false positives by tuning Falco-based policies for your own environment.

Kubernetes Master Class: Detecting anomalous activity in Rancher with Falco

Kubernetes Pod Security Policies (PSPs) is an enforcement mechanism to ensure that Pods run only with the appropriate privileges and can solely access the appropriate resources. You can leverage them as a threat prevention mechanism by controlling Pod creation, and limiting the capabilities available to specific users, groups, or applications.

Join this Kubernetes Security Master Class to learn:
- How to get started with Pod Security Policies (PSPs) and how they implement robust security for your Kubernetes clusters
- Key challenges of using PSPs today
- Best practices for using PSPs in production
- How Sysdig Secure can help you adopt PSPs in your environment

Prevention in Kubernetes: Getting Started with Pod Security Policies

Ensuring application security and compliance is one of the biggest challenges for any organization deploying applications in production. You need to detect and block vulnerabilities, quickly respond to incidents, and meet compliance standards and policies.

With the Sysdig Secure DevOps Platform, you can embed security, maximize availability, and validate compliance—transforming your DevOps workflow into a secure DevOps workflow.

In this session, you’ll hear about the Falco open source project, use cases for security in Red Hat OpenShift, and see a real-world demo for securing your OpenShift environment without disrupting application deployments.

Join us to see how to:
- Integrate vulnerability management across your CI/CD pipeline
- Manage regulatory compliance, audit, and risk
- Define security policies for detecting and blocking threats in real time
- Maintain visibility into containerized apps for reliable performance and operations

DevOps Security, Monitoring and Compliance with OpenShift and Sysdig

Financial institutions are being attacked at an alarming rate. In July 2019, Accenture reported that the average annual cost of cybercrime for a financial service company reached $18.5 million. And that includes only the cost of the incident -- not remediation. In order to gain agility benefits of the cloud DevOps teams need to manage risk, mitigate breaches, and gain visibility, without slowing down the CI/CD pipeline. What solutions help deliver for both DevOps and security professionals?

Join us as we share real-world experiences from financial services firms that are grappling with the complicated tasks of securing containers and Kubernetes. We’ll address why understanding application behavior and capturing detailed health, risk, and performance data is so critical. We’ll also demonstrate how Red Hat OpenShift and the Sysdig Secure DevOps Platform deliver unique capabilities so you can focus on supporting your customers during this critical time, including:
- Cloud-Native Host infrastructure security and observability
- Comprehensive vulnerability scanning
- Pod security context and pod security policy
- Compliance for organization-specific standards, as well as regulatory standards like PCI
- Runtime defense to block attacks and implement zero-day threat protection
- Container forensics and incident response based on deep system call visibility

Moving Applications to the Cloud? How Top Financials Reduced their Security Risk

In this webinar, we’ll take a deep dive into Booz Allen Hamilton’s award-winning ways of securing modern software development. Specifically, we’ll share strong learnings and best practices to confidently protect your pipeline at each stage.

Join us to learn more about these top five (5) cloud-native security considerations:
- Turnkey security for your pipelines
- Container/host configuration management policies
- Protection against runtime threats
- Automating rule changes
- Post-mortem and prevention

Top 5 Cloud Native Pipeline Security Considerations

Many of your applications are now starting to run on containers in the cloud. This means compliance and managing risk are top priorities. Your security teams understand PCI guidelines, but the challenge is a clear mapping of those PCI controls to container/Kubernetes environments. Ultimately, you need to ensure compliance is not blocking your code from going into production.

After this webinar, you will understand how other organizations are validating PCI container compliance for their cloud applications. Join us to learn:
- Changes to PCI compliance processes for containers and Kubernetes
- How to validate PCI compliance in the CI/CD pipeline and at runtime
- 12 step PCI Checklist for DevOps teams to save time implementing security guidelines

PCI Compliance in Containers & Kubernetes

Your developers need to be productive as you ramp containers and Kubernetes in production — without security being a blocker. With several software updates a day in a cloud-native environment, legacy tools can’t keep up. Running reliable and secure containers requires that security and DevOps work better together.

We’ve got some great tips to share about automating and integrating security and compliance into the DevOps workflow, so your cloud applications ship faster.

Automating Security for DevOps Workflows

Are your Kubernetes applications not performing well enough? Is your infrastructure oversized? Kubernetes limits and requests dictate the resources available to your applications, so when they aren’t set correctly your cluster suffers from CPU throttling and Out Of Memory Kills. Oversizing your infrastructure is an easy, but expensive, solution — there must be a better way.

Prometheus metrics give you insight on your Kubernetes limits and requests, helping detect and troubleshoot common issues. Learn how to maximize the availability and performance of your Kubernetes infrastructure with proven examples.

K8s Limits and Requests: Monitoring and Troubleshooting by example

Getting visibility into containers and Kubernetes is hard. The environment is dynamic, as most containers live less than five minutes. Developers are adopting Prometheus as an open standard for monitoring, but scaling is challenging. 

Join us for a real-world perspective on monitoring cloud application health and performance. Plus, be the first to hear about new ways to scale Prometheus monitoring and see a demo.

You’ll hear:
- Best practices and new capabilities for monitoring cloud applications at scale 
- Straight talk based on experience scaling Prometheus-compatible monitoring
- Ways DevOps pros are monitoring performance, capacity and security
- Tips for efficient troubleshooting in containerized applications

Scaling Prometheus Monitoring, the No-Hacks Way

As cloud-native becomes the standard for application deployment, modern app development and the move to hybrid cloud architectures create new operational challenges. What’s more, DevOps teams are being asked to take ownership of security and compliance along with application performance and availability.

Join us to hear how this is being addressed by Google and Sysdig customers across the Kubernetes lifecycle. We’ll discuss approaches for adopting hybrid cloud and best practices for vulnerability management, runtime security, monitoring, and forensics with Google Cloud’s Anthos and GKE.

Owning Secure DevOps for Google’s Anthos & GKE

Ensuring application security and compliance is one of the biggest challenges for any organization deploying applications in production. You need to detect and block vulnerabilities, quickly respond to incidents, and meet compliance standards and policies.

With the Sysdig Secure DevOps Platform, you can embed security, maximize availability, and validate compliance—transforming your DevOps workflow into a secure DevOps workflow.

In this webinar, you’ll hear about the Falco open source project, use cases for security in Red Hat OpenShift, and see a real-world demo for securing your OpenShift environment without disrupting application deployments.

Join us to see how to:

- Integrate vulnerability management across your CI/CD pipeline.
- Manage regulatory compliance, audit, and risk.
- Define security policies for detecting and blocking threats in real time.
- Maintain visibility into containerized apps for reliable performance and operations.

This session is moderated by Aaron Levey, Head of the Global Partner Security Segment at Red Hat.

About the speaker:

Eric Carter is Director of Product Marketing at Sysdig. He’s been helping enterprises optimize and accelerate systems and applications for more than two decades. 

About Sysdig:

Sysdig enables companies to confidently run cloud-native workloads in production. With the Sysdig Secure DevOps Platform, cloud teams embed security, maximize availability, and validate compliance. The Sysdig platform is open by design with the scale, performance, and usability enterprises demand. The largest companies rely on Sysdig for cloud-native security and visibility. Learn more at www.sysdig.com.

Sysdig and Red Hat: Bringing together security and DevOps with OpenShift

Modern apps built from isolated and often short-lived processes can leave blind spots in security and performance visibility. Join Sysdig to learn how tapping into Linux-native eBPF helps enable deep observability for your containers, hosts, networks, and more. 

In this session we’ll discuss: 
--What eBPF is and how it’s being used to deliver insight into cloud-native environments
--How Sysdig uses eBPF for deep views into your containers, infrastructure, applications and events
--Capturing detailed system activity for performing forensics and troubleshooting 
--Why eBPF is key to securing and monitoring purpose-built container platforms like Container-Optimized OS (COS) from Google Cloud and Project Atomic Host

Using eBPF for Container Monitoring, Security, and Forensics

#eBPF

#security

#forensics

#visibility

#troubleshooting

#monitoring

#googlecloud

#containers

#cloudnative

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Using eBPF for Container Monitoring, Security, and Forensics

Presented by

About this talk

More from this channel