OpenShift TV DevSecOps Session

Transcript

1. CONFIDENTIAL Designator OpenShift TV DevSecOps Session Nov 5, 2020 Aaron

   Levey Dave Meurer 1 Red Hat DevSecOps

2. CONFIDENTIAL Designator 2 Survey of 3800 execs: 76% plan to

   prioritize cybersecurity … 2x as deploy the technology today. 60% have accelerated process automation ...many will increasingly apply automation across all business functions Executives increasingly see platforms, ecosystems, and partner networks as key success factors. “COVID-19 and the future of business” IBM, Sept 2020 What we are hearing from you... “Security has to be integrated into workflows for the sake of business agility. Even the most advanced DevOps organizations cannot be both compliant to security protocols and responsive to customer feedback unless there is a unification of IT and Security from the start.” -Kara Norton, Forbes article 07-2020

3. CONFIDENTIAL Designator 3 What You are Telling Red Hat Data

   from The State of Container and Kubernetes Security 2020 2x as often Ranked #1 Container Deployment Challenges Core areas for DevSecOps Container Security Challenges Security

4. Culture + Process Operate and Monitor Security across the entire

   lifecycle with DevSecOps Security integrated at every step Development (dev) Operations (ops) 4 PROD Environment TEST Environment DEV Environment Supply chain : Images, Artifacts, Dependencies , Configs Automation Code (infra-as-code) Build (images) Code Build Validate Change Management Release (package) Deploy Test Deploy

5. Modernize & secure your lifecycle with DevSecOps 5 Comprehensive DevSecOps

   with Red Hat Infrastructure Container and Kubernetes Automation and Management Application Development Hosted Offerings Certified Containers and Operators Secure the entire lifecycle Automate Security Operations Center IBM collaboration Red Hat Partner Ecosystem Enhance & Extend Secure Open Hybrid Cloud Technologies Red Hat Training and Certifications + Culture, Process & Implementation RH Consulting : Innovation Labs : Managed Services & Partner Consulting : Managed Services

6. Enhance and Extend Red Hat functionality to Secure the entire

   DevOps Lifecycle Security Partners 6 Audit & Logging CNI Plugins, Policies, Traffic Controls, Service Mesh Compliance Data Protection and Encryption Identity & Access Management Logging, Visibility, Forensics Container Contents SAST, SCA, IAST, DAST, Image Risk Compliance RASP, Production Analysis Remediation Regulatory Compliance, PCI-DSS, GDPR Network Controls Auth, RBAC, Secrets Vault, Provenance, HSM Data Encryption SOAR, Automatic resolution Application Analysis Identity & Access Mgmt Data Controls Runtime Analysis & Protection Network Controls Remediation Audit & Monitoring Compliance Secure Host, Container Platform, Namespace Isolation, k8s & Container Hardening Platform Security Network Controls Auth, RBAC, Secrets Vault, Provenance, HSM Application Analysis Identity & Access Mgmt

7. Container Image Source Monitor & Optimize Operate Deploy Release Test

   Build Code DevSecOps Methods & Technologies Framework Container Orchestration Container Registry Build Automation Binary Repository Source Code Management IDE Cluster Phase Context Tools Application Analysis Identity & Access Compliance Network Controls Data Controls Runtime Analysis Remediation Audit & Monitoring Methods: Platform Security SCA Regulatory Network Policies DAST IAST SAST SAST SCA Secrets Vault SCA Secrets Vault Traffic Controls SOAR SIEM Secrets Vault DAST Secrets Vault Network Policies Security Methods Secrets Vault Auth / RBAC Auth / RBAC SCA Auth / RBAC SCA Secrets Vault Provenance CNI Plugins Service Mesh CNI Plugins Hardening HSM HSM Hardening Regulatory Hardening Data Encryption Data Protection Logging Forensics Logging Root Problem Fix Data Encryption Data Protection Hardening API Management Secrets Vault Network Visualization GitOps SAST SCA Runtime Protection Threat Defense Behavioral Analysis Secure Host Container Platform Cluster Hardening Isolation DAST Container Platform Isolation Image Risk Image Risk Image Risk

8. Container Image Source Monitor & Optimize Operate Deploy Release Test

   Build Code Container Orchestration Container Registry Build Automation Binary Repository Source Code Management IDE Cluster Phase Context Tools DevSecOps Lifecycle example Network Policies SCA Secrets Vault Auth / RBAC Secrets Vault CNI Plugins Compliance Logging Container Platform Isolation Runtime Protection Traffic Controls SIEM Secrets Vault Auth / RBAC Service Mesh CNI Plugins Compliance Logging Forensics Threat Defense Secure Host Container Platform API Management Cluster Hardening Network Visualization Isolation DAST IAST SAST Secrets Vault Network Policies SCA Provenance Compliance SCA SAST Secrets Vault SCA Secrets Vault Auth / RBAC Compliance Application Analysis Identity & Access Compliance Network Controls Data Controls Runtime Analysis Remediation Audit & Monitoring Platform Security SAST Behavioral Analysis DAST SCA SCA Secrets Vault Methods:

9. November 10th Modernize & secure your lifecycle with DevSecOps Modernize

   DevOps with CyberArk Secrets Management and Red Hat OpenShift 1pm ET - CyberArk Solving Kubernetes security issues using Red Hat OpenShift & Sysdig 4pm ET - Sysdig Security solutions for a container-based environment 3pm ET - Synopsys DevSecOps for cloud-native applications with Prisma Cloud 2pm ET - Palo Alto Modernize Kubernetes operations using DevSecOps 12pm ET - Red Hat Develop secure containerized applications using DevSecOps 11am ET - Red Hat Live Q&A after each session! All sessions are available on-demand

10. CONFIDENTIAL Designator Backup

11. 11 SECURE WEB GATEWAYS IDPS ENDPOINT PROTECTION PLATFORMS SECURE EMAIL

    GATEWAYS THREAT INTELLIGENCE PLATFORMS ENTERPRISE FIREWALLS SIEM PAM

12. Increasing Scale Increasing Complexity Security Automation Supporting Actor to the

    DevSecOps Nirvana Centralize processes Organization-wide Centralization and Orchestration Simplify our job Ad Hoc / Point Solutions Dept / Small Scale Institutional https://www.ansible.com/blog/the-journey-to-security-automation DevSecOps