Hi [[ session.user.profile.firstName ]]

Sidecar Proxy a Silent Partner for Better Security

Join Ariel Shuper for this webinar to learn more about the benefits and advantages of sidecar proxies.

The usage of sidecar proxies in kubernetes originated from the need to address deployment challenges like traffic management, granular microservices observability and microservices fine-tuned security. Sidecars reduce the complexity in the microservice code by abstracting the common infrastructure-related functionalities to a different layer. Following the introduction of service meshes (e.g. Istio, LinkerD, consul, AppMesh etc) the insertion and configuration of sidecar proxies became easier and simpler leading to proliferation of use-cases and deployment options.
In this webinar we’ll examine how the usage of sidecar proxies in the application design pattern abstracts communications complexities increases the security posture Kubernetes pods and simplifies observability and traffic management.

Join our webinar to learn about:
1.The role of the sidecar
2.The benefit of service mesh for sidecar management
3.Simplifying service-to-service communications policies
4.Enhanced Kubernetes runtime security

The webinar will be hosted by Ariel Shuper, VP Product @Portshift.
Shuper specializes in cloud native identity based security for microservices. Ariel was the head of serverless security offering at Aqua security and prior to that, he spent 5 years in various roles at Check-Point Technologies, focusing on security posture and network security in public clouds. Ariel has been a presenter at events such as Microsoft Tech Summit, Build, KubeCon/CloudNativeCon, and various other serverless events.
Recorded Feb 13 2020 38 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Ariel Shuper, VP Product, Portshift.io
Presentation preview: Sidecar Proxy a Silent Partner for Better Security

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Secure your CI/CD pipelines with workload identity Apr 30 2020 5:00 pm UTC 45 mins
    Sam Olukotun, Solutions Engineer at CircleCI. Ariel Shuper, VP Product at Portshift
    DevSecOps has become a key term among today’s software developers. CircleCI integrates with tools for vulnerability scanning, secrets management, and policy compliance to help DevOps engineers increase CI/CD maturity.

    CircleCI and Portshift’s integration allows users to quickly identify vulnerabilities and surface dependencies in their application(s). In addition to the classical vulnerabilities scanning, Portshift’s orb creates a unique workload identity to each image which will be used to authenticate and authorize the image when it’ll be used to deploy new pod.

    In today’s webinar, we’ll review how to execute pre-configured DevSecOps jobs in your CircleCI pipelines using the Portshift scanner and workload identity orb. We’ll demo how to build secure docker images by including Portshift’s workload identity creation and vulnerability scanner in your container development pipeline. Portshift’s orb allows users to perform vulnerability scans and to collect image identity attributes. Images’ identity is a critical component in Portshift’s runtime authorization.
  • Simplifying Kubernetes Pod Security Policies: Effective Containers Security Apr 16 2020 3:30 pm UTC 45 mins
    Ariel Shuper, VP Product Portshift.io
    An Innovative approach to Kubernetes Security
    The Kubernetes Pod Security Policy (PSP), allows users to set fine-grained authorizations for pod creation and update. Pod Security Policy defines a set of conditions (a.k.a Security context) that pods must meet to be accepted by the cluster; when a request to create or update a pod does not meet the conditions in the Pod Security Policy, that request is rejected and an error is returned.
    Despite the huge benefits PSP provides Kubernetes users, its adoption is relatively low and even PSP adopters select minimal security context for their pods. Some of the reasons for this anomaly are the complex settings (RBAC mechanism) and the lack of granular implementations (ServiceAccount level).
    On this webinar we explore the benefits and challenges of setting up PSP authorization rules. We will also cover innovative methods Portshift uses to apply PSP without the complex RBAC settings and with fine-grained granular implementation.

    Key Discussion Points:
    1.What are Pod Security Profiles
    2. The attack vectors eliminated by PSP
    3. Recommended PSP profiles (strict and flexible profile)
    4. Granular PSP implementations

    Ariel Shuper is VP Product @Portshift, specializing in cloud native based security for microservices. Ariel was the head of serverless security offering at Aqua security and prior to that, he spent 5 years in various roles at Check-Point Technologies, focusing on security posture and network security in public clouds. Ariel has been a presenter at events such as Microsoft Tech Summit, Build, KubeCon/CloudNativeCon, and various serverless events.
  • Do You Know your Kubernetes runtime vulnerabilities? Apr 7 2020 5:00 pm UTC 45 mins
    Zohar Kaufman, VP R&D
    Introducing Kubei Open Source Scanner - Spot, Analyze, Secure.


    Easy, quick scanning of relevant runtime images. All and only runtime images.
    For container security, there are plenty of open-source tools that can help prevent another cyber security fiasco.
    Container image scanning should be a core part of your security strategy. Although image scanning won't protect you from all possible security vulnerabilities, it's the primary means of defense against security flaws or insecure code within container images.
    Image scanning is usually integrated with the CI/CD or the image registry. Portshift’s open source solution - Kubei, takes another approach and scans the containers that actually run in production.
    On our webinar we will review the capabilities of some open-source scanning solutions and introduce you to the unique benefits of Runtime Kubernetes Scanning with Kubei. Know immediately which containers have vulnerabilities, where these vulnerabilities exist (pod, container and namespace), and what needs to be patched or replaced. Kubei couples your Kubernetes information with the vulnerability information for a quick, easy remediation

    Key Discussion Points:
    1. The importance of container image scanning
    2. A comparison of Open-Source tools for image scanning solutions -
    Clair, Anchore, KubeXRay, Snyk, Trivy
    3. The advantages of Runtime Image Scanning
    4. Review and live demo of Kubei - Kubernetes Runtime Image Scanner

    Zohar Kaufman is Portshift’s Co-Founder and VP R&D. As a vateran in cyber security, Zohar spent 20 years managing software, networking and embedded system development teams and was previously the founder and VP of R&D at CTERA Networks and VP of R&D at SofaWare technologies.
  • Istio Service Mesh from GA to istiod, Where Do We Go From Here Recorded: Mar 23 2020 36 mins
    Alexei Kravtsov, R&D Team Lead
    Cloud-native applications can include thousands of clustered containers, distributed components, and complex interactions. To build them effectively, developers need a new approach to infrastructural concerns like monitoring, storage, scaling, orchestration, and security. The Istio service mesh offers a configurable infrastructure layer that reliably and efficiently manages service discovery, load balancing, encryption, authentication and authorization, circuit breakers, and more.
    On our webinar we will explore the main features of istio, the architectural overview, what is new with istiod (1.5), and review additional open source tools to help you manage Istio.

    Key Discussion Points:
    1. Istio’s features overview
    2. Architectural overview
    3. Features added between Istio 1.0 and 1.5
    4. Architectural changes between Istio 1.0 and 1.5
    5. New Istio control plane: istiod (1.5+)
    6. Istio’s direction in the near future

    Alexei is the Cloud Security Infrastructures Team Lead at Portshift, leading on Zero Trust authorization solutions in multi-cloud environments, using open source projects customization such as Envoy and Istio. Alexei has worked in enterprise software for 5+ years, and was formerly a Senior Architect of Network Security CheckPoint, working on DPI data-path acceleration using HW.
  • Sidecar Proxy a Silent Partner for Better Security Recorded: Feb 13 2020 38 mins
    Ariel Shuper, VP Product, Portshift.io
    Join Ariel Shuper for this webinar to learn more about the benefits and advantages of sidecar proxies.

    The usage of sidecar proxies in kubernetes originated from the need to address deployment challenges like traffic management, granular microservices observability and microservices fine-tuned security. Sidecars reduce the complexity in the microservice code by abstracting the common infrastructure-related functionalities to a different layer. Following the introduction of service meshes (e.g. Istio, LinkerD, consul, AppMesh etc) the insertion and configuration of sidecar proxies became easier and simpler leading to proliferation of use-cases and deployment options.
    In this webinar we’ll examine how the usage of sidecar proxies in the application design pattern abstracts communications complexities increases the security posture Kubernetes pods and simplifies observability and traffic management.

    Join our webinar to learn about:
    1.The role of the sidecar
    2.The benefit of service mesh for sidecar management
    3.Simplifying service-to-service communications policies
    4.Enhanced Kubernetes runtime security

    The webinar will be hosted by Ariel Shuper, VP Product @Portshift.
    Shuper specializes in cloud native identity based security for microservices. Ariel was the head of serverless security offering at Aqua security and prior to that, he spent 5 years in various roles at Check-Point Technologies, focusing on security posture and network security in public clouds. Ariel has been a presenter at events such as Microsoft Tech Summit, Build, KubeCon/CloudNativeCon, and various other serverless events.
Identity-Based Workload Protection from CI/CD to Runtime
Portshift is a Kubernetes security leader, our innovative digital identity-based solution creates a unique, signed identity for each workload at the CI/CD pipeline stage, that is then used to enforce runtime security policies.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Sidecar Proxy a Silent Partner for Better Security
  • Live at: Feb 13 2020 5:00 pm
  • Presented by: Ariel Shuper, VP Product, Portshift.io
  • From:
Your email has been sent.
or close