What’s new in RUDDER and future roadmap

Transcript

1. Alexandre BRIANCEAU Business Development Director [email protected] What’s new in RUDDER?

   and future roadmap... CONTINUOUS AUDITING & CONFIGURATION

2. So far so good...

3. RUDDER 5.0 RUDDER 5.0 is the current stable release Main

   focus in the last minor versions: ➔ Adding osquery as variable source ➔ Technique categories can be renamed ➔ Scalability and performance ➔ Bug fixes ➔ Plugin’s architecture stabilization Supported for Community users until March, 9th 2020 Supported for Standard users until June, 9th 2020 Supported for Premium users until September, 9th 2020 - page 3

4. Semantic versioning

5. Semantic versioning We stabilize our versioning, inspired by https://semver.org/ ▪

   Major (example : 6.0.0) - Impactful new features, which may be unstable ▪ Minor (example : 6.1.0) - New features with low production environment risks ▪ Patch (example : 6.1.4) - Only bug & security fix So please be careful with major new releases, and read the changelog before upgrading. - page 5

6. RUDDER 6.0 Enhanced communication protocol (aka Protocol v2) ➔ Syslog

   is no longer used in RUDDER. No more interference with local systems ➔ HTTPS protocol, with compression (TLS 1.2+ forced for all communications) ➔ Reports are signed and inserted in a single transaction ➔ More details and logs from the agent for a better events understanding from the Server (and easier to debug) WARNING: Currently (6.0) HTTP reporting is not compatible with “Change Only” node communication mode (but it will be added in a near future) Technique resources ➔ Adding versioned resources (files) to the Technique Editor ➔ Better traceability and coherence, no more shared files ➔ Only internal (private) API until it is stabilized - page 6

7. RUDDER 6.0 Technique ressources - page 7

8. RUDDER 6.0 Node certificate ➔ Each node has its own

   certificate ◆ Reports are signed ◆ Unique ID for inventory (inventory signed with certificate key) ➔ You can use your own CA too ➔ New API to manage node’s certificate (eg: renewal) RUDDER agent provisioning migrated to bootstrap ➔ Initial promises during agent provisioning bring a lot of issues, now the provisioning is bootstrapped ➔ Lighter and quicker, with defaults parameters pulled from the server, immediate inventory on first run - page 8

9. RUDDER 6.0 Better performance for scalability ➔ HTTP reporting ◆

   Less stress on database: one insert per node run ◆ More efficient network usage (compressed data) ➔ Architectural changes ◆ ZIO - allows for better composability and optimisation ➔ Tuning ◆ Options to set number of threads, which actions, etc ➔ Tests are in progress to identify regressions or bottlenecks Relay API rewritten in Rust ➔ Better performance, more secured, more reliable for the future ➔ New API available (report management & inventory) that will be extend in the future ➔ Run in non-root and read-only (except reports and inventory) - page 9

10. RUDDER 6.0 Enhanced Technique Editor interface - page 10

11. RUDDER 6.0 Per user filter added to Validation Workflow ➔

    “I want to validate all my interns changes in RUDDER before it will be applied to production” AWS properties managed by Inventory Hook ➔ AWS properties as RUDDER Node properties All our services are now systemd units: RUDDER Agent & Server Graphical remote run ➔ Directly through the UI, but network flows need to be opened Python 3 used on server - page 11

12. RUDDER 6.0 For your information: Starting process to package Techniques

    ➔ We want to publish additional Rules and Techniques besides RUDDER “core” - they will be distributed through plugins ➔ These plugins are based on a public import/export techniques API from the Technique Editor ◆ This API is in Alpha, not stable at all ◆ This API is not documented until it will be more stable ➔ This approach allow us to test in real life a first usage of the API through these plugins - page 12

13. RUDDER 6.0 New / updated Generic Methods are available ➔

    Zypper Pattern are now handled in the Technique “Package” ➔ osquery can now being used as variable source in the Technique Editor - page 13

14. RUDDER 6.0 New / updated plugins ➔ Creation node API

    ◆ Register in advance nodes in RUDDER ◆ Useful during automatic provisioning ➔ User management is updated ◆ User can now be managed through the WebUI ◆ No restart needed anymore ➔ Ansible (run a playbook from a Generic Method) ➔ OpenSCAP (execute a policy a get report in node details) ➔ Zabbix & Centreon (auto-registration, applying monitoring templates, monitor RUDDER services) - page 14

15. RUDDER 6.0 Focus on Ansible plugin - page 15

16. RUDDER 6.0 CIS plugin ➔ Distribution of ready-to-use CIS rules

    ➔ Only a subset of CIS currently (~70% from C2S) ➔ Focus on Redhat and Debian (and soon Ubuntu) - page 16

17. RUDDER 6.0 Vulnerability Assessment (CVE) plugin ➔ Based on vendor’s

    CVE (from Vulners API) ➔ First version that list vulnerable nodes to CVE ➔ Filter on CVE severity ➔ Still in active development for vulnerability assessment logs and historization, and automatic remediation - page 17

18. Next releases

19. RUDDER 6.1 ETA: 2020Q2 Stabilize and enhance security plugins ➔

    CIS rules ➔ CVE Assessment ➔ OpenSCAP Technique Editor and Technique Library enhancement ➔ Technique categories in the Technique Editor ➔ Techniques tags (to link a technique to a CIS chapter for example) Other plugins enhancement ➔ Scale out UI (promote a node to relay, node’s list) ➔ Branding can get your logo And probably more but less visible enhancements. - page 19

20. And later? Maybe a 6.2, more probably a 7.0 ➔

    ETA 2020Q4 General strategy for RUDDER ➔ Facilitate interactions between Security & Ops teams ◆ Enhance workflows and risk assessments ◆ Speed up risk mitigation (vulnerability scanners integration…) ◆ Better compliance (observability, historized data accessible through API, SIEM interactions…) ◆ Detecting illegitimate changes ➔ Strengthen large & strategic IT configuration management ◆ Roll out and ramp up ◆ Delegation rights ◆ RUDDER language for a better expert onboarding and a better configuration flexibility ◆ Performance and scalability - page 20
21. None

22. Thank you ! 22