Slide 1

Slide 1 text

Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved. Cloud Native - security threat or opportunity? Liz Rice @lizrice | @aquasecteam

Slide 2

Slide 2 text

2 @lizrice What is Cloud Native? Containers ◼ Orchestration ◼ Microservices

Slide 3

Slide 3 text

3 @lizrice Orchestrated, containerized microservices Hundreds of microservices Thousands of containers Average container lifetime < 1 day

Slide 4

Slide 4 text

4 @lizrice Security is a concern when deploying containers 88% agree Sonatype 2017 DevSecOps Survey

Slide 5

Slide 5 text

5 @lizrice Before Cloud Native Create software Deploy Patch Provision servers

Slide 6

Slide 6 text

6 @lizrice Through 2020, zero-day vulnerabilities will play a role in less than 0.1% of attacks Source: Gartner 7 Top Security Predictions for 2017

Slide 7

Slide 7 text

7 @lizrice Applying patches to containers?

Slide 8

Slide 8 text

8 @lizrice

Slide 9

Slide 9 text

9 @lizrice Cloud native process Create software Build images Deploy

Slide 10

Slide 10 text

10 @lizrice Scan for vulnerabilities Create software Build images Deploy

Slide 11

Slide 11 text

11 @lizrice Image policies Create software Build images Deploy ✓ ✓

Slide 12

Slide 12 text

12 @lizrice What about the hosts?

Slide 13

Slide 13 text

13 @lizrice Hosts Host OS Automated testing Recycling Intrusion detection

Slide 14

Slide 14 text

14 @lizrice Wait, there’s more!

Slide 15

Slide 15 text

15 @lizrice Microservice network segmentation ■ Restrict communication between microservices ■ Encrypted connections

Slide 16

Slide 16 text

16 @lizrice Runtime protection ■ Restrict container activity ■ Prevent anomalous / suspicious behaviour

Slide 17

Slide 17 text

Shellshock demo

Slide 18

Slide 18 text

18 @lizrice Cloud Native security advantages ■ Decomposition of the problem ■ Additional layers of defence ■ Continuous deployment ■ Shorter attack window ■ Community best practices

Slide 19

Slide 19 text

19 @lizrice Room for improvement in container security 80% agree Aqua Security 2017 Survey

Slide 20

Slide 20 text

20 @lizrice “Containers … require a more collaborative approach by security and DevOps teams.” Source: Gartner 7 Top Security Predictions for 2017

Slide 21

Slide 21 text

21 @lizrice “Organizations would do well to embed security early into the process” Source: Gartner 7 Top Security Predictions for 2017

Slide 22

Slide 22 text

22 @lizrice Continuous integration Continuous deployment Continuous security

Slide 23

Slide 23 text

Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved. @lizrice | @aquasecteam aquasec.com/survey github.com/aquasecurity/kube-bench