DevopsNYC Meetup 4-15-2020

5 Tips for Securing and Monitoring your Microservices With Sysdig
Dan Papandrea Field CTO @popsysdig @sysdig

| Sysdig Inc. Proprietary Information 2 Stay Safe!

| Sysdig Inc. Proprietary Information 3 More Stuff! = More
Stuff to Secure/Monitor • Monitor availability and performance • Manage capacity and cost • Troubleshoot issues • Scan for vulnerabilities • Apply runtime policies • Triage security alerts • Speed up incident response and forensics Secure DevOps Maximize application availability Observability functions Security and compliance functions Secure DevOps converges security and observability functions

| Sysdig Inc. Proprietary Information 4 High Level DevOps Workflow
Developer Source code repository CI/CD Staging/ QA Production Monitoring Application Delivery Lifecycle Security addressed post deployment Causes disruption and delay

| Sysdig Inc. Proprietary Information 5 Secure DevOps workflow -
a start Developer Source code repository CI/CD Staging/ QA Production Monitoring Application Delivery Lifecycle Security teams Block pipeline builds if scan fails Security provides guidelines

But Secure DevOps is not just vulnerability scanning..

| Sysdig Inc. Proprietary Information 7 Embedding security across the
workflow Developer Source code repository CI/CD Staging/ QA Production Monitoring Application Delivery Lifecycle Security teams Block pipeline builds if scan fails Simulate secure by default configs (PSP, network policies) Runtime security and incident response framework Runtime monitoring/visbility

| Sysdig Inc. Proprietary Information 8 5 tips to integrate
Sysdig into your workflows Automate image scanning into build Continuously validate compliance Enforce runtime security Use monitoring data for troubleshooting and security Implement an incident response plan

| Sysdig Inc. Proprietary Information 9 1. Automate Image Scanning
during Build Scan for: • vulnerabilities: ◦ OS packages ◦ 3rd party libraries • Misconfigurations CI/CD integration + registry support Runtime reporting of new vulnerabilities Trigger based alerting and notifications to appropriate teams Registry

| Sysdig Inc. Proprietary Information 10 2. Continuously Validate Compliance
Need to meet multiple regulatory compliance standards (NIST, PCI, etc) Steps to extend compliance across the entire container/k8s lifecycle: 1. Cluster deployment and setup (use CIS Benchmarks) 2. Build time: image scanning (use scanning policies for PCI, NIST) 3. Runtime Compliance (runtime rules based on Falco) 4. Audit activity: i. Host ii. Containers iii. Orchestration: K8s api audit events

| Sysdig Inc. Proprietary Information 11 3. Leverage monitoring data
for troubleshooting and security Look for feedback via runtime monitoring and spot potential attacks: - DoS - Cryptomining - Unexpected POD CRASHLOOP - Unexpected processes - Rogue connection attempts - New deployments, orchestration events - Misconfiguration and software bugs - File Integrity Monitoring

| Sysdig Inc. Proprietary Information 12 4. Enforce Runtime Security
Full stack visibility (Processes, network, file system etc aka every single system call) Runtime Prevention via K8s native controls: - Pod Security Policy - Network Security Policy Runtime Threat Detection (IDS) via Falco + enterprise workflows - Cloud and Kubernetes aware policies - Machine learning profiling - Community contribution

| Sysdig Inc. Proprietary Information 13 5. Implement an Incident
Response Plan Automated response - K8s and container aware - Remediation actions (Alert, Stop, Pause, Quarantine / taint) Full command audit and K8s API events trace Sysdig capture file - Recreate all system activity even if the container is long gone

| Sysdig Inc. Proprietary Information 14 Benefits FOR and Consequences
OF NOT having a Secure Devops Workflow *Sysdig 2019 Container usage report/IDC Report

| Sysdig Inc. Proprietary Information 15 Platform Built on an
Open Foundation Image scanning Vulnerability analysis Monitoring Infrastructure and application metrics Runtime security Detection rules and alerts Forensics/troubleshooting Deep visibility into container activity Sysdig Secure DevOps Platform Adds scale, workflow, K8s, and cloud context Respond Run Build

| Sysdig Inc. Proprietary Information 16 Sign up for a
30 day free trial: https://sysdig.com/company/free-trial/ Monday, April 20 8am PDT / 4pm GMT K8s Security MasterClass Rancher & Sysdig Detecting anomalous activity in Rancher with Falco and Sysdig Secure Tuesday, April 21 10am PDT / 6pm GMT PCI Compliance in Containers & K8s Map PCI processes to containers and walk through a time-saving checklist Thursday, April 30 10am PDT / 6pm GMT Top 5 Cloud Native Pipeline Security Considerations Booz Allen Hamilton experts share best practices in securing software pipelines Register for our upcoming webinars sysdig.com/webinars

Dig deeper

DevopsNYC Meetup 4-15-2020

DevopsNYC Meetup 4-15-2020

Dan POP

More Decks by Dan POP

Other Decks in Technology

Featured

Transcript

5 Tips for Securing and Monitoring your Microservices With Sysdig

| Sysdig Inc. Proprietary Information 2 Stay Safe!

| Sysdig Inc. Proprietary Information 3 More Stuff! = More

| Sysdig Inc. Proprietary Information 4 High Level DevOps Workflow

| Sysdig Inc. Proprietary Information 5 Secure DevOps workflow -

But Secure DevOps is not just vulnerability scanning..

| Sysdig Inc. Proprietary Information 7 Embedding security across the

| Sysdig Inc. Proprietary Information 8 5 tips to integrate

| Sysdig Inc. Proprietary Information 9 1. Automate Image Scanning

| Sysdig Inc. Proprietary Information 10 2. Continuously Validate Compliance

| Sysdig Inc. Proprietary Information 11 3. Leverage monitoring data

| Sysdig Inc. Proprietary Information 12 4. Enforce Runtime Security

| Sysdig Inc. Proprietary Information 13 5. Implement an Incident

| Sysdig Inc. Proprietary Information 14 Benefits FOR and Consequences

| Sysdig Inc. Proprietary Information 15 Platform Built on an

| Sysdig Inc. Proprietary Information 16 Sign up for a

Dig deeper