Hi [[ session.user.profile.firstName ]]

Kubernetes Security Considerations for IDS/IPS in the age of TLS v1.3

TLS v1.3 introduces several new security improvements over TLS 1.2 but some of these enhancements have an impact on network-based security solutions such as IDS/IPS. While the goal is to enhance the overall security at the application level, there are a few scenarios that are not easily solved when introducing the new technology, especially in Kubernetes environments. Watch this webinar to learn about security and compliance considerations for Kubernetes when implementing TLS v1.3.
Recorded Sep 18 2018 48 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Christopher Liljenstolpe, Chief Technical Officer, Solutions at Tigera
Presentation preview: Kubernetes Security Considerations for IDS/IPS in the age of TLS v1.3

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • The Problem With Kubernetes And Firewalls, And How To Solve It Recorded: Oct 10 2019 42 mins
    Andy Wright, Tigera
    Containers and Kubernetes adoption are gaining incredible momentum in enterprise organizations. Gartner estimates that 75% of organizations will be running containerized applications by 2022.

    However, there are many challenges to moving containerized applications to internet-facing environments while maintaining security:

    - Firewalls are necessary but cannot protect Kubernetes pods that keep changing IP addresses
    - Security processes are designed for and rely on a zone-based architecture, but Kubernetes doesn’t fit in that architecture
    - Kubernetes Network Policies are a new concept for network and security teams to learn, but they are stretched too thin and have no time to invest in learning them

    These problems would go away if the security team’s existing tools and processes worked for Kubernetes.

    Attend this webinar and learn how Tigera is the first and only Kubernetes security solution to integrate with the security team’s firewall manager to implement their security controls in Kubernetes. The presentation will include a live demo using Tigera Secure and the Palo Alto Networks Panorama firewall manager.
  • Understanding & Troubleshooting Kubernetes Connectivity Issues Recorded: Sep 12 2019 62 mins
    Karthik Prabhakar, Sr. Director, Solution Architecture, Tigera
    Kubernetes is a robust, stable, and reliable environment to run modern applications. But, like all software, issues can arise that require troubleshooting. When problems occur with the containerized microservices, Kubernetes can reschedule workloads or replace entire nodes with ease, but when connectivity issues arise, you need an understanding of how Kubernetes networking works and the right tools to help identify and solve the issue.

    Join Karthik Prabhakar, Sr. Director, Solutions Engineering with Tigera, for a live webinar on Thursday, September 12 at 10AM PT, 1PM ET where you will learn how to identify, understand, and solve the most common Kubernetes connectivity issues.
  • What’s New in Tigera Calico: An Update on Recent Features & Enhancements Recorded: Aug 7 2019 33 mins
    Eddie Esquivel, Sr. Solutions Engineer with Tigera
    Free and Open Source, Tigera Calico delivers secure networking for the cloud-native era, and 2019 has seen many major enhancements to the most deployed networking and network security solution for Kubernetes.

    From version 3.3 released in November of 2018 all the way through to 3.8 released earlier this July, Calico has advanced significantly with features that our community has requested and needed, such as:

    + IP address management (IPAM) features that make it more configurable and with support to assign a given IP pool to one or more Kubernetes namespaces
    + Features that give more control and allow much finer-grained dynamic IP management vs the static allocation of a fixed set of addresses to each node in native Kubernetes
    + Native support for VXLAN encapsulation
    + Optimized denial-of-service protection for host endpoints using XDP
    + Namespaced NetworkSets
    + And more...

    Join us for a technical webinar to learn more about these new features, with real-world examples of how, and why, you’d want to use them to improve the network security of your Kubernetes environment.
  • Why Can’t We Be Friends? – Kubernetes in a Zone-Based Architecture World Recorded: Jul 10 2019 33 mins
    Eddie Esquivel, Sr. Solutions Engineer with Tigera
    Since practically the beginning of data networks, Network and Security professionals have gravitated towards, and grown to love, Zone-Based network architectures.

    However, with the evolving landscape driven by microservices, containers, and Kubernetes, Zone-Based designs are being challenged to keep networks secure without creating an unreasonable amount of continuous configuration changes to firewalls.

    With this challenge, comes the opportunity to rethink how network security can be delivered more effectively and efficiently. The Cloud and Kubernetes offer a ton of flexibility but how do we achieve security, visibility, and compliance in these new areas.

    This technical webinar will dive into how Tigera can help us answer these challenges and more in the cloud landscape.
  • Kubernetes & Tigera: Network Policies, Security, and Auditing Recorded: Jun 19 2019 50 mins
    Drew Oetzel, Senior Technical Solutions Engineer with Tigera
    Of course, Tigera's ability to provide Kubernetes pod networking and facilitate service discovery is extremely valuable, but its real superpower is that both Tigera's commercial offerings and open-source Tigera Calico can implement network security policies inside a Kubernetes cluster.

    Most external network security operates at the perimeter or at the physical network layer of Kubernetes. Because Tigera runs inside Kubernetes, it can provide policy and security based on Kubernetes structures like namespaces and deployments.

    In this webinar, Senior Technical Solutions Engineer with Tigera, Drew Oetzel, will show you examples of implementing these types of policies for several common security and compliance use cases.

    He'll also show you why implementing these types of security policies is so important to keeping your ever-expanding Kubernetes workloads secure.
  • Meeting PCI DSS Network Security Requirements in Kubernetes Environments Recorded: Jun 5 2019 50 mins
    Vince Lau, CISSP, Director of Product Marketing at Tigera
    Compliance standards such as PCI DSS have assumed that traditional characteristics and behaviors of the development and delivery model would continue to be constant going forward. With the Container/Kubernetes revolution, that set of assumptions is no longer entirely correct. Attend this webinar and learn about what's changed, how those changes weaken your compliance and control environment, and what you can do to adjust to the new reality.
  • Extending Firewalls to Kubernetes to Not Break Existing Security Architectures Recorded: May 21 2019 42 mins
    Amit Gupta, VP of Product Management, Tigera
    Security teams use firewalls to secure their production environments, often using a zone-based architecture, and Kubernetes does not deploy well to that architecture. Application teams are launching new business-critical applications on Kubernetes and are aggressively moving to production. A clash is bound to happen.

    In this webinar, we will describe an approach to extend firewalls to Kubernetes that will accelerate deployment to production, save time & money, and preserve existing security processes and investments.
  • Securing Kubernetes Applications in Google Cloud with Tigera Recorded: Apr 17 2019 49 mins
    Amit Gupta, VP of Product Management, Tigera
    Calico was just recently embedded into Google GKE-On prem and we will demonstrate how to implement security controls on GKE. Don’t miss this webinar as we will be sharing some common network security challenges in the Kubrnetes environment. In addition, we will explore enterprise-grade Calico features provided in Tigera Secure which enables enterprises to add network security support in hybrid cloud environments with:

    + Network Flow Logs that record accepted and denied traffic, which policies denied the traffic, and workload context such as Kubernetes namespaces, labels, and metadata. Tigera Secure also provides dynamic graphical visualization of network flows.

    + Tiered policy controls with role-based access controls, to enable multiple teams to independently manage their respective security policies within the governance of the security team.

    + Anomaly Detection capabilities that provide insight into unusual behaviors and sophisticated attacks that compromise the security and performance of Kubernetes environments.
  • Istio Traffic Management - Best Practices in Secure Kubernetes Environments Recorded: Apr 3 2019 49 mins
    Christopher Liljenstolpe, CTO, Solutions, Tigera
    Istio’s traffic management decouples traffic flow and infrastructure scaling allowing you to specify what rules to govern traffic rather than which specific pods should receive traffic.

    In this webinar we'll discuss the following traffic management topics:
    · Discovery Load Balancing
    · Failure Handling
    · Fault Injection
  • Kubernetes & Zero Trust Security: Supporting a CARTA with Anomaly Detection Recorded: Mar 20 2019 35 mins
    Christopher Liljenstolpe, CTO, Solutions, Tigera
    Learn how Anomaly Detection supports, what Gartner has termed, a continuous adaptive risk and trust assessment (CARTA) when building a CaaS platform using Kubernetes. Anomaly Detection expands the zero trust network security model and continuously assess the application and network risk that enables adaptive policy adjustments. Anomaly Detection identifies outliers in Kubernetes clusters by building profiles of typical workloads and components to know when they start to deviate from the norm. It also manages network risk by continuously monitoring for activities such as reconnaissance scan, service connections anomaly, service bytes anomaly, and pod outlier activity detection.
  • Kubernetes & Zero Trust Security: Supporting a CARTA Approach Recorded: Mar 6 2019 31 mins
    Christopher Liljenstolpe, CTO, Solutions, Tigera
    Learn how to support a continuous adaptive risk and trust assessment (CARTA) approach leveraging accurate Kubernetes flow logs. 5-tuple logging is commonly used to monitor and detect anomalies and produces unreliable data that cannot accurately identify anomalies nor prove enforcement of security policies. Network flow logs include workload identity and other metadata that help continuously monitor activities within Kubernetes clusters.
  • Top Container Security Lessons from Deploying Kubernetes and Red Hat OpenShift Recorded: Feb 21 2019 63 mins
    Matt Smith, Chief Architect, Red Hat & Christopher Liljenstolpe, CTO, Solutions, Tigera
    Join Red Hat Chief Architect, Matt Smith, along with Tigera CTO, Solutions, Christopher Liljenstolpe, as they share their experience and knowledge helping leading enterprises achieve their key business transformation initiatives around moving to secure cloud-based, containerized microservice applications. In this 60 minute webinar, they will cover their top lessons learned on network security and Red Hat OpenShift.
  • Zero Trust Security: Supporting a CARTA approach with Network Security Recorded: Jan 24 2019 33 mins
    Christopher Liljenstolpe, Chief Technical Officer, Solutions at Tigera
    Learn how to support, what Gartner has termed, a continuous adaptive risk and trust assessment (CARTA) when building a CaaS platform using Kubernetes. Network security enables microsegmentation and is a core component of a zero trust security model. It allows you to protect your workloads against threats without relying on assumptions about the network, infrastructure, and workloads.
  • Kubernetes Ingress & Egress Traffic Management Recorded: Jan 11 2019 38 mins
    Christopher Liljenstolpe, Chief Technical Officer, Solutions at Tigera
    The networking infrastructure within a Kubernetes cluster is usually
    private, or at least internally oriented. So what do you want to do
    when you need to expose your application or services to the public?
    What are your options for connecting to resources outside of your
    cluster? In this webinar we'll discuss:

    * Address cluster endpoints from the outside world
    * Communicate from within the cluster to external resources
    * Load balance services
  • Leveraging Kubernetes Services & DNS Recorded: Dec 19 2018 32 mins
    Christopher Liljenstolpe, Chief Technical Officer, Solutions at Tigera
    The Domain Name System (DNS) is used to associate IP addresses with meaningful names. By default, Kubernetes clusters configure internal DNS to provide for service discovery automatically. This makes it easy for workloads to locate and work with each other on Kubernetes clusters.
    In this webinar, learn:

    * How DNS resolution works in Kubernetes with a network security solution like Tigera

    * How services and pods get assigned fully qualified domain names (FQDN)

    * The relationship between services and pods
  • Istio - Enabling a Defense in Depth Network Security Posture Recorded: Dec 4 2018 61 mins
    Christopher Liljenstolpe, Chief Technical Officer, Solutions at Tigera
    Are you looking into Istio? Many companies are investigating Istio to reduce the challenges of managing microservices as it delivers a uniform way to connect, monitor, and secure environments - especially used in concert with Kubernetes.

    Did you know that Istio is a part of the Tigera Secure solutions, that we play an active role in developing Istio, and we co-chair the Istio security special interest group? We'd like to share our expertise to help you understand how Istio fits into a comprehensive network security model.

    Attend our webinar on Tuesday, December 4 to learn about implementing a defense in depth posture that enables zero-trust network security across L3-L7 and allows Application, DevOps, Platform Engineering, Network, and Security and Compliance teams to seamlessly work together.

    Join Christopher Liljenstolpe, CTO, solutions at Tigera as he discusses strategies and technical details on:

    + Integrating Istio Policy into Kubernetes NetworkPolicy resulting in a single unified policy called application layer policy (ALP)
    + Implementing defense in depth by enforcing policies at multiple points within the infrastructure
    + Authenticating the identity of each request based on multiple criteria
    + Operationalizing ALP across heterogeneous environments
  • Kubernetes: Securing Hybrid and Multi-Cloud Environments Recorded: Nov 15 2018 45 mins
    Christopher Liljenstolpe, Chief Technical Officer, Solutions at Tigera
    Kubernetes is widely used to re-architect traditional applications. Many organizations first set up Kubernetes within their on-prem environment and then later expand to the public cloud. This hybrid environment often creates security and compliance challenges with workloads. Join this webinar to learn how to leverage universal security policy definition that works across a hybrid environment.
  • Enforcing Compliance in Dynamic Kubernetes Environments Recorded: Oct 30 2018 35 mins
    Christopher Liljenstolpe, Chief Technical Officer, Solutions at Tigera
    While the Container/Kubernetes revolution is starting to deliver on its promise of making application development and delivery more agile and responsive, it does so by changing some of the traditional characteristics and behaviors of the development and delivery model. Control and compliance regimes have assumed that these would continue to be constant going forward. That set of assumptions is no longer entirely correct. Attend this webinar and learn about what's changed, how those changes weaken your compliance and control environment, and what you can do to not only adjust to the new reality but actually have your security team being a key enabler of the new agile model.
  • Introduction to Kubernetes Network Policy with Use Cases Recorded: Oct 10 2018 32 mins
    Cody McCain, Senior Solution Architect, at Tigera
    In Kubernetes, Network Policy allows you to define a policy determining what traffic is allowed to flow to and from specific workloads. By default, Kubernetes permits ingress and egress traffic to and from all pods in a namespace. Without correct configuration your risk of a significant security breach is high. Attend this webinar and learn best practices in configuring Kubernetes network security.
  • Improving Security Forensics in Kubernetes Environments Recorded: Sep 27 2018 42 mins
    Christopher Liljenstolpe, Chief Technical Officer, Solutions at Tigera
    The success of Kubernetes has made monitoring and alerting more difficult for traditional Security Information and Event Management (SIEM) tools. Attend this live webinar to learn how implementing the right network security and compliance solution will improve the accuracy and completeness of security forensic monitoring and alerting when using Kubernetes.
Zero Trust Network Security & Compliance for Kubernetes Platforms
Tigera provides zero-trust network security and continuous compliance for Kubernetes platforms that enables enterprises to secure containers and applications with a least privileges model and defense in depth. Tigera’s technology is recognized and trusted as the de facto standard for Kubernetes network security.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Kubernetes Security Considerations for IDS/IPS in the age of TLS v1.3
  • Live at: Sep 18 2018 5:00 pm
  • Presented by: Christopher Liljenstolpe, Chief Technical Officer, Solutions at Tigera
  • From:
Your email has been sent.
or close