Name: MITRE ATT&CK Framework for Kubernetes and Container Runtime Security
Start: 2020-09-23T18:00:00Z
End: 2020-09-23T18:00:56.000Z
Location: BrightTALK
Rating: 5

Portshift is a Kubernetes-native security leader leveraging the power of Kubernetes and Service-Mesh to deliver a single source of truth for containers and cloud-native applications protection. Portshift is the only solution offering an agentless approach, with a single Kubernetes admission controller for seamless integration.

Security is everyone's responsibility. By better integrating information security (InfoSec) objectives into daily work, teams can achieve higher levels of software delivery performance and build more secure systems.
Shifting the security review process "left" or earlier in the software development lifecycle requires several changes from traditional information security methods, on our webinar we will explore what it means to shift-left security for DevOps, and share steps to ensure a successful transition to DevSecOps. 

Our webinar will also focus on how to solve the key challenge of shifting-left: Finding the right AppSec tools. This session is perfect for IT professionals like CTOs, CIOs and DevOps engineers.

In this session, we will discuss:
-  How developers are the new security guards in protecting company information
-  How application security tools can support developers
-  How to develop an automated security testing process throughout the application lifecycle - build, run and deploy
-  Scan and secure the runtime environment
-  What are the tools and best practices you should consider

DevOps Tech: How Can Developers Leverage Shift-Left for Better Security

Human error remains a persistent cause of the majority of container security incidents. According to Gartner, 95% of cloud security failures are rooted in mistakes made by users. As your application workloads become more distributed  and run in containers managed by Kubernetes, the risk of a misconfigured component exposing you to a security incident grows.
In today’s DevOps driven, application development environment, configuration management must be as automated and streamlined as possible for it to be effective. It should be comprehensive, covering not just the pods deployments, but also the Kubernetes objects (e.g. ConfigMap) and settings (Roles, Roles bindning, Security Context, Secrets etc.)

Join our session to learn about configuration management best practices and how to avoid the common misconfiguration pitfalls of containers and Kubernetes.
On our Talk Session, Ariel Shuper and Zohar Kaufnam will discuss - 
* Kubernetes RBAC misconfiguration, detection and mitigation
* Secrets management best practices
* Security Context and Pod Security Policies
* Automated policies generations with Developers manifests 
* Network policies - The good, the bad and the ugly 
* Kubernetes APIs protection

Misconfiguration in Containers Deployment and Kubernetes: Risks and Fixes

Service mesh is a new networking model that is made up by offloading lots of networking aspects from the application stack into sidecar proxies which are managed by a dedicated infrastructure/control-plane.
Service mesh, ideally controls the flow of traffic and API calls between services but when services and resources outside the cluster (which might be crucial for your daily operation) are in the mix, or distributed clusters like multi-clouds, the challenges start to pile-up.

In this webinar we will discuss how to address the daily scenarios of microservices communication inside and outside the mesh/Kubernetes clusters. We will show how Istio simplified their deployment and what is required to make it secure. 

Key Discussion Points and Best Practices:
1. Microservices communication model inside the mesh 
2. Authorization and encryption
3. Multi cluster and multi cloud: secure communication
4. Expanding the cluster with Istio 1.6 and the concept of workload entry
5. Q&As

Service mesh, in and outside of the Kubernetes cluster

Kubernetes is by far the most widely used container orchestrator in the market, and Kubernetes adoption in production environments is rising. According to Gartner, “by 2022, more than 75% of global organizations will be running containerized applications in production.” Security concerns remain one of the leading constraints for using containers and Kubernetes, organizations can’t afford to treat security as an afterthought. 
Kubernetes is a highly flexible platform, allowing users to customize, modify and change almost any workmode and deployment options. Each deployment aspect is treated separately and its declarative nature creates large potential for misconfiguration pitfalls or overlooked definitions. Furthermore, Kuberntes architecture with the separation of the Master node, the API server, etcd from the worker nodes and the application pods, increases the amount of elements that need to be secured. Securing Kubernetes requires you to address the security challenges associated with each of these components.


Key Discussion Points and Best Practices:
1. Early detection of security risks - Vulnerable images, overly permissive roles, security misconfiguration and access credentials. 
2. Common misconfiguration errors with direct impact on the security posture
3. Zero trust security model
4. Kubernetes RBAC: Overlooked but a powerful tool
5. Pod Security Policy and Pod Security context: Security gold mine
6. Kubernetes Network policies - In cluster and external communication policies.
7. Cluster resources protection

Kubernetes Security: 7 Things You Should Consider

How to Remain Efficient and Secure

Asynchronous messaging brokers like RabbitMQ and Kafka are commonly used for microservices applications. Although KubeMQ is the CNCF option for message broker and message queue, most enterprises still use Kafka and RabbitMQ in their Kubernetes deployments to create a messaging scheme that decouples message production by a producer from its processing by a consumer. 

But message brokers and queues imply a new security challenge for DevSecOps teams, as it eliminates the option to create any level of segmentation between microservices that use the message queues,  classical Kubernetes network policies are useless when all services can communicate with the broker. 

In this webinar we’ll explore microservices deployments in Kubernetes using message brokers like Kafka, examine their deployments options. We’ll also examine the security angle of messaging queues and brokers and show how to create effective security governance for these deployments.

Key Discussion Points:
1.Messaging queues/brokers deployment options in Kubernetes clusters
2.Explore the security challenges of native Kubernetes network policies 
3.Explore different options to implement efficient network security policies that addresses messages queues/brokers

Adding Message Queues to Kubernetes Deployments

An Innovative approach to Kubernetes Security.
With the rising adoption of Kubernetes, the need for security is increasing as well. If the key to your Kubernetes environment falls into the wrong hands, your entire runtime would be in jeopardy. With Kubernetes there are plenty of benefits, but it also brings some risks to consider.
To that end, Kubernetes API-Server resources can be accessed via a set of APIs either by an external user or a pod within the cluster using its service account details and permissions.  
Kubernetes allows defining permissions to access resources using RBAC, where it records which users, groups, service accounts can access targeted resources and to what exact action.  Creating RBAC rules requires complex human operation of mapping service accounts, roles/cluster roles and actions using role/cluster role bindings usually resulting with minimum misconfiguration or even non rules so that privileges are left wide open and cluster admins are left unaware.

Our webinar will review the challenges of setting kubernetes RBAC rules and major security risks that can be caused due to misconfigurations, we will also present ways to overcome these pitfalls.
We will also demo an easy way to review RBAC permissions and their associated risk scope with Portshift, and also cover a runtime audit of API usage and an advanced ,automatic method to enforce API policy for who can access what, where and in which action.  


Key Discussion Points:
1. The importance of securing K8s RBAC permissions 
2. A comparison of current silos offerings 
3. The advantages of having the workload identity at Runtime 
4. Review and live demo of Portshift’s K8s API server protection

How to Address Container Misconfiguration with Kubernetes API Firewall

DevSecOps has become a key term among today’s software developers. CircleCI integrates with tools for vulnerability scanning, secrets management, and policy compliance to help DevOps engineers increase CI/CD maturity. 

CircleCI and Portshift’s integration allows users to quickly identify vulnerabilities and surface dependencies in their application(s). In addition to the classical vulnerabilities scanning, Portshift’s orb creates a unique workload identity to each image which will be used to authenticate and authorize the image when it’ll be used to deploy new pod.

In today’s webinar, we’ll review how to execute pre-configured DevSecOps jobs in your CircleCI pipelines using the Portshift scanner and workload identity orb. We’ll demo how to build secure docker images by including Portshift’s workload identity creation and vulnerability scanner in your container development pipeline. Portshift’s orb allows users to perform vulnerability scans and to collect image identity attributes. Images’ identity is a critical component in Portshift’s runtime authorization.

Secure your CI/CD pipelines with workload identity

An Innovative approach to Kubernetes Security
The Kubernetes Pod Security Policy (PSP), allows users to set fine-grained authorizations for pod creation and update. Pod Security Policy defines a set of conditions (a.k.a Security context) that pods must meet to be accepted by the cluster; when a request to create or update a pod does not meet the conditions in the Pod Security Policy, that request is rejected and an error is returned.
Despite the huge benefits PSP provides Kubernetes users, its adoption is relatively low and even PSP adopters select minimal security context for their pods. Some of the reasons for this anomaly are the complex settings (RBAC mechanism) and the lack of granular implementations (ServiceAccount level). 
On this webinar we explore the benefits and challenges of setting up PSP authorization rules. We will also cover innovative methods Portshift uses to apply PSP without the complex RBAC settings and with fine-grained granular implementation. 

Key Discussion Points:
1.What are Pod Security Profiles
2. The attack vectors eliminated by PSP
3. Recommended PSP profiles (strict and flexible profile)
4. Granular PSP implementations 

Ariel Shuper is VP Product @Portshift, specializing in cloud native based security for microservices. Ariel was the head of serverless security offering at Aqua security and prior to that, he spent 5 years in various roles at Check-Point Technologies, focusing on security posture and network security in public clouds. Ariel has been a presenter at events such as Microsoft Tech Summit, Build, KubeCon/CloudNativeCon, and various serverless events.

Simplifying Kubernetes Pod Security Policies: Effective Containers Security

Introducing Kubei Open Source Scanner - Spot, Analyze, Secure. 


Easy, quick scanning of relevant runtime images. All and only runtime images.
For container security, there are plenty of open-source tools that can help prevent another cyber security fiasco.
Container image scanning should be a core part of your security strategy. Although image scanning won't protect you from all possible security vulnerabilities, it's the primary means of defense against security flaws or insecure code within container images.
Image scanning is usually integrated with the CI/CD or the image registry. Portshift’s open source solution - Kubei, takes another approach and scans the containers that actually run in production.
On our webinar we will review the capabilities of some open-source scanning solutions and introduce you to the unique benefits of Runtime Kubernetes Scanning with Kubei. Know immediately which containers have vulnerabilities, where these vulnerabilities exist (pod, container and namespace), and what needs to be patched or replaced. Kubei couples your Kubernetes information with the vulnerability information for a quick, easy remediation

Key Discussion Points:
1. The importance of container image scanning
2. A comparison of Open-Source tools for image scanning solutions - 
    Clair, Anchore, KubeXRay, Snyk, Trivy
3. The advantages of Runtime Image Scanning
4. Review and live demo of Kubei - Kubernetes Runtime Image Scanner

Zohar Kaufman is Portshift’s Co-Founder and VP R&D. As a vateran in cyber security, Zohar spent 20 years managing software, networking and embedded system development teams and was previously the founder and VP of R&D at CTERA Networks and VP of R&D at SofaWare technologies.

Do You Know your Kubernetes runtime vulnerabilities?

The MITRE ATT&CK framework provides a threat matrix that guides administrators, developers, DevOps, security teams and others in protecting their networks, systems and endpoints from undesirable access and manipulation.

But what about Kubernetes? What we are missing is a MITRE ATT&CK matrix that is interpreted for the Kubernetes environment – a matrix that connects the dots and provides the missing security context for Kubernetes security best-practices.

At Portshift, we’ve brought this matrix to life. We’ve taken the concepts presented by Microsoft and the theory of a threat-based model from MITRE and implemented a matrix that is tailored for Kubernetes, helping our users actively detect potential threats in their Kuberetes clusters but also to create, implement and monitor their defense strategies and the security of their applications and deployments.  With our K8SHIELD™ Framework, we’ve also released a graphical view that connects the dots for you with the familiar ATT&CK matrix, displaying the risks and their applicability to deployed clusters.
This session is perfect for IT professionals like CTOs, CIOs and DevOps engineers.

In this session we will discuss:
-  Tactics – the attack vector; the ultimate objective of an attacker
-  Documented attacks describing how adversaries achieved these tactics by using the associated techniques
-  Recommendations for remediation - a prioritized list of mitigation steps you should apply to give you the broadest protection

MITRE ATT&CK Framework for Kubernetes and Container Runtime Security

Kubernetes

Mitigation

Cyber Attacks

Cloud Native

DevOps

CISO

CICD

Microservices

Cyber Defence

Cloud Architecture

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

MITRE ATT&CK Framework for Kubernetes and Container Runtime Security

Presented by

About this talk

More from this channel