OpenShift TV DevSecOps Session

Transcript

1. CONFIDENTIAL Designator
   OpenShift TV
   DevSecOps Session
   Nov 5, 2020
   Aaron Levey
   Dave Meurer
   1
   Red Hat DevSecOps
   

   View Slide

2. CONFIDENTIAL Designator
   2
   Survey of 3800 execs:
   76% plan to prioritize cybersecurity
   … 2x as deploy the technology today.
   60% have accelerated process automation
   ...many will increasingly apply automation across all business functions
   Executives increasingly see platforms, ecosystems,
   and partner networks as key success factors.
   “COVID-19 and the future of business” IBM, Sept 2020
   What we are hearing from you...
   “Security has to be
   integrated into workflows for
   the sake of business agility.
   Even the most advanced
   DevOps organizations cannot
   be both compliant to security
   protocols and responsive to
   customer feedback unless
   there is a unification of IT and
   Security from the start.”
   -Kara Norton, Forbes article 07-2020
   

   View Slide

3. CONFIDENTIAL Designator
   3
   What You are Telling Red Hat Data from The State of Container and Kubernetes Security 2020
   2x as often
   Ranked #1
   Container
   Deployment
   Challenges
   Core areas for
   DevSecOps
   Container
   Security
   Challenges
   Security
   

   View Slide

4. Culture + Process
   Operate and Monitor
   Security across the entire lifecycle with DevSecOps
   Security integrated at every step
   Development (dev)
   Operations (ops)
   4
   PROD
   Environment
   TEST
   Environment
   DEV
   Environment
   Supply chain : Images, Artifacts, Dependencies , Configs
   Automation
   Code
   (infra-as-code)
   Build
   (images)
   Code Build
   Validate
   Change
   Management
   Release
   (package)
   Deploy
   Test
   Deploy
   

   View Slide

5. Modernize & secure your lifecycle with DevSecOps
   5
   Comprehensive DevSecOps with Red Hat
   Infrastructure
   Container and Kubernetes
   Automation and Management
   Application Development
   Hosted Offerings
   Certified Containers and Operators
   Secure the entire lifecycle
   Automate Security Operations Center
   IBM collaboration
   Red Hat Partner Ecosystem
   Enhance & Extend
   Secure Open Hybrid Cloud Technologies
   Red Hat Training and Certifications
   +
   Culture, Process & Implementation
   RH Consulting : Innovation Labs : Managed Services & Partner Consulting : Managed Services
   

   View Slide

6. Enhance and
   Extend Red Hat
   functionality to
   Secure the entire
   DevOps Lifecycle
   Security Partners
   6
   Audit & Logging
   CNI Plugins, Policies, Traffic Controls, Service Mesh
   Compliance
   Data Protection and Encryption
   Identity & Access Management
   Logging, Visibility, Forensics
   Container Contents
   SAST, SCA, IAST, DAST, Image Risk
   Compliance
   RASP, Production Analysis
   Remediation
   Regulatory Compliance, PCI-DSS, GDPR
   Network Controls
   Auth, RBAC, Secrets Vault, Provenance, HSM
   Data Encryption
   SOAR, Automatic resolution
   Application Analysis Identity & Access Mgmt
   Data Controls Runtime Analysis & Protection
   Network Controls
   Remediation
   Audit & Monitoring
   Compliance
   Secure Host, Container Platform, Namespace Isolation, k8s & Container Hardening
   Platform Security
   Network Controls
   Auth, RBAC, Secrets Vault, Provenance, HSM
   Application Analysis Identity & Access Mgmt
   

   View Slide

7. Container
   Image
   Source
   Monitor & Optimize
   Operate
   Deploy
   Release
   Test
   Build
   Code
   DevSecOps Methods & Technologies Framework
   Container
   Orchestration
   Container
   Registry
   Build
   Automation
   Binary
   Repository
   Source Code
   Management
   IDE Cluster
   Phase
   Context
   Tools
   Application Analysis
   Identity & Access
   Compliance
   Network Controls
   Data Controls
   Runtime Analysis
   Remediation
   Audit & Monitoring
   Methods:
   Platform Security
   SCA
   Regulatory
   Network Policies
   DAST
   IAST
   SAST
   SAST
   SCA
   Secrets Vault
   SCA
   Secrets Vault
   Traffic Controls
   SOAR
   SIEM
   Secrets Vault
   DAST
   Secrets Vault
   Network Policies
   Security
   Methods
   Secrets Vault
   Auth / RBAC
   Auth / RBAC
   SCA
   Auth / RBAC
   SCA
   Secrets Vault
   Provenance
   CNI Plugins
   Service Mesh
   CNI Plugins
   Hardening
   HSM
   HSM
   Hardening Regulatory
   Hardening
   Data Encryption
   Data Protection
   Logging
   Forensics
   Logging
   Root Problem Fix
   Data Encryption
   Data Protection
   Hardening
   API Management
   Secrets Vault
   Network Visualization
   GitOps
   SAST
   SCA
   Runtime Protection
   Threat Defense
   Behavioral Analysis
   Secure Host
   Container Platform
   Cluster Hardening
   Isolation
   DAST
   Container Platform
   Isolation
   Image Risk
   Image Risk
   Image Risk
   

   View Slide

8. Container
   Image
   Source
   Monitor & Optimize
   Operate
   Deploy
   Release
   Test
   Build
   Code
   Container
   Orchestration
   Container
   Registry
   Build
   Automation
   Binary
   Repository
   Source Code
   Management
   IDE Cluster
   Phase
   Context
   Tools
   DevSecOps Lifecycle example
   Network Policies
   SCA
   Secrets Vault
   Auth / RBAC
   Secrets Vault
   CNI Plugins
   Compliance Logging
   Container Platform
   Isolation
   Runtime Protection
   Traffic Controls
   SIEM
   Secrets Vault
   Auth / RBAC
   Service Mesh
   CNI Plugins
   Compliance
   Logging
   Forensics
   Threat Defense
   Secure Host
   Container Platform
   API Management
   Cluster Hardening
   Network Visualization
   Isolation
   DAST
   IAST
   SAST
   Secrets Vault
   Network Policies
   SCA
   Provenance
   Compliance
   SCA
   SAST
   Secrets Vault
   SCA
   Secrets Vault
   Auth / RBAC
   Compliance
   Application Analysis
   Identity & Access
   Compliance
   Network Controls
   Data Controls
   Runtime Analysis
   Remediation
   Audit & Monitoring
   Platform Security
   SAST
   Behavioral Analysis
   DAST
   SCA
   SCA
   Secrets Vault
   Methods:
   

   View Slide

9. November 10th
   Modernize & secure your lifecycle with DevSecOps
   Modernize DevOps with
   CyberArk Secrets Management
   and Red Hat OpenShift
   1pm ET - CyberArk
   Solving Kubernetes security
   issues using Red Hat
   OpenShift & Sysdig
   4pm ET - Sysdig
   Security solutions for a
   container-based
   environment
   3pm ET - Synopsys
   DevSecOps for cloud-native
   applications with Prisma
   Cloud
   2pm ET - Palo Alto
   Modernize Kubernetes
   operations using DevSecOps
   12pm ET - Red Hat
   Develop secure
   containerized applications
   using DevSecOps
   11am ET - Red Hat
   Live Q&A after each session! All sessions are available on-demand
   

   View Slide

10. CONFIDENTIAL Designator
    Backup
    

    View Slide

11. 11
    SECURE WEB
    GATEWAYS
    IDPS
    ENDPOINT
    PROTECTION
    PLATFORMS
    SECURE EMAIL
    GATEWAYS
    THREAT
    INTELLIGENCE
    PLATFORMS
    ENTERPRISE
    FIREWALLS
    SIEM
    PAM
    

    View Slide

12. Increasing Scale
    Increasing Complexity
    Security Automation
    Supporting Actor to the DevSecOps Nirvana
    Centralize processes Organization-wide
    Centralization and Orchestration
    Simplify our job
    Ad Hoc / Point Solutions Dept / Small Scale Institutional
    https://www.ansible.com/blog/the-journey-to-security-automation
    DevSecOps
    

    View Slide