Secure your container within 30 minutes
0 likes128 views
This document summarizes a presentation about securing containers within 30 minutes using Aqua Security. The presentation covers 6 top container security concerns like open source supply chain attacks and infrastructure flaws. It demonstrates how Aqua Security addresses these concerns through controls like container immutability, dynamic analysis, and admission control. Key takeaways are getting immediate value from Aqua in 30 minutes through environment discovery and runtime security, while maintaining developer flexibility. Attendees are encouraged to try free Aqua security tools.
Secure your container within 30 minutes
- 1. 1 PAGE 1 DEVOPS INDONESIA Zhihao Tan DevOps Community in Indonesia Jakarta, 20 April 2020 Secure your Containers within 30 minutes
- 2. © 2019 Aqua Security Software Ltd., All Rights Reserved Zhihao TAN - Senior Solution Architect, Aqua Security Secure your containers in 30 minutes!
- 3. 3 Container Security Landscape 6 top container security concerns How Aqua addresses these concerns Q&A Agenda
- 6. 6 And DevOps agree… Source: Portworx & Aqua survey, May 2019 (n=501)
- 8. 8 Problem #1 Open Source Supply Chain Attacks
- 9. 9 Problem #2 Built-in Weaknesses
- 10. 10 Problem #3 Infrastructure Flaws
- 11. 11 Problem #4 The Hidden Network Existing Network Defenses
- 12. Infrastructure / Security Admins Multiple CI/CD SIEM / Analytics Kubernetes Clusters CaaS Services Linux/WindowsOS Azure AKS Google GKE ContainerEngine Workloads (e.g. AWS / Azure / Google) Azure ACI Container AWS ECS / Fargate Container Public Registry Private Registry Problem #5 Multi-Cloud / Multi-Platform Challenges AWS EKS Serverless Functions Azure Functions AWS Lambda Functions Center Enterprise Cloud
- 14. 14 Specific controls Stacking controls over time Secure the Infrastructure Baseline Environment Secure the build Secure the workloads • Secure the cloud infrastructure • Understand current state • Container Immutability • Virtual Patching • Image Hygiene • Dynamic Analysis • Admission Control • Container firewall • Secrets management General controls Continuous Security & Continuous Compliance InfrastructureandWorkloadSecurity
- 15. DEMO
- 16. 16 Get immediate value from Aqua in the first 30 minutes Environment Discovery Container Immutability with Drift Prevention vShield Developer flexibility and velocity Discovery of the unknown Dynamic scanning with Dynamic Threat Analysis (Ultrabox) Automate admission control Security of workloads with fine-grained runtime controls Key take-aways
- 17. 17 DevSecOps!
- 18. NEXT STEPS? Use free Aqua tools!
- 19. 19 Aqua OpenSource - With free stuff! Scans Kubernetes nodes against the CIS benchmark checks github.com/aquasecurity/kube- bench CIS benchmark for K8S Scan Docker build for known vulnerabilities Plugs easily into CI/CD tools github.com/aquasecurity/trivy Docker image scanner K8S penetration testing Tests K8s clusters against known attack vectors github.com/aquasecurity/kub e-hunter ZHIHAO.TAN@AQUASEC.COM Scan cloud accounts for vulnerabilities Opensource / Open-core https://cloud.aquasec.com/signup Infrastructure scanner
- 20. Stay Connected @devopsindonesia http://www.devopsindonesia.com @IDDevOps @DevOpsIndonesia @IDDevOps Zhihao Tan Mail : zhihao.tan@aquasec.com
- 21. Alone We are smart, together We are brilliant THANKYOU ! Quote by Steve Anderson