SlideShare a Scribd company logo

Securing Container Deployments from Build to Ship to Run - August 2017 - Rancher Labs Online Meetup

Download as PPTX, PDF
Shannon Williams
Shannon Williams

Security should be integrated into every phase of the container application development life cycle, from build to ship to run. On August 31st, we hosted an online meetup to discuss the issues that need be addressed to achieve continuous security for containers. The presentation included speakers from Rancher Labs (www.rancher.com), NeuVector (www.neuvector.com) and Black Duck Software (www.blackducksoftware.com) who discussed: - Best practices for preparing your environment for secure deployment - How to secure containers during run-time - Actionable next steps to protect your applications

Technology
1 of 54
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Securing Container Deployments from Build to Ship to Run August 30, 2017 #ranchermeetup
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Shannon Williams Co-Founder/VP Sales @smw355 1 Darren Shepherd Co-Founder/Chief Architect @ibuildthecloud #ranchermeetup
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Bill Maxwell Director of DevOps Rancher @cloudnautique 2 #ranchermeetup Fei Huang CEO NeuVector @NeuVector
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Kaila Gervais Sales Engineer Black Duck Software 3 #ranchermeetup Mike Pittenger VP for Security Strategy Black Duck Software @mwpittenger
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . First things first… This is a not a ! 4 #ranchermeetup
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .5 There are rules for a meetup! • We won’t be done on time • Questions are always welcome • Demo, then demo some more • Things will break, be patient #ranchermeetup
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .6 Join the conversation on Twitter #ranchermeetup
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Agenda • Quick Rancher Intro – Shannon • Best Practices for Securing your Rancher Deployment – Bill • Continuous Security for Containers - Fei • Demo – Deploying NeuVector on Rancher • Demo – Blocking a Dirty Cow exploit • Building Security into Applications - Mike • Demo – Black Duck - Kalia 7 #ranchermeetup
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Rancher Labs 8 #ranchermeetup The most complete container management platform A simplified Linux distribution built from containers, for containers OUR PRODUCTS A project for microservices-based distributed block storage
© 2017 Rancher Labs, Inc. A complete container management platform that makes it easy to… 9 INNOVATE WITH CONTAINERS without compromising flexibility by empowering developers with fast access to the latest tools MANAGE APPLICATIONS by simplifying day to day application lifecycle management RUN CONTAINERS with the most complete set of container and infrastructure management capabilities Production ready ✔ 60 million+ downloads ✔ Open platform for innovating ✔ Easy to use interface ✔ Multi-tenant ✔ Role based access ✔ 24X7 support ✔ And more….
© 2017 Rancher Labs, Inc. Complete Container Management Platform 10 Application Catalog Container Orchestration and SchedulingUser Mgmt RBAC AD/LDAP SAML Ops Mgmt CI/CD Registries Monitoring Networking Multi-tenant Environments Environment 1 Environment N Infrastructure Services Storage ……. ..Environment 2 Security DNS/LB
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .#ranchermeetup Securing Container Deployments from Build to Ship to Run
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Quick tips for securing your Rancher deployment Bill Maxwell
© 2017 Rancher Labs, Inc. Cloud-Native Security Pipeline Image Signing, e.g. Content Trust User access controls, e.g. registries Code analysis Hardening Image Scanning Open Source Auditing and management Host and kernel security SELinux, AppArmor Secure Docker daemon Access Controls Secrets Management Encryption Auditing w/ Docker Bench Orchestrate – network, security containers Network Inspection & Visualization Layer 7-based Application Isolation Threat Detection Privilege Escalation Detection Container Quarantine Run-Time Vulnerability Scanning Process Monitoring Packet Capture & Event Logging
© 2017 Rancher Labs, Inc. Rancher Environment Securing Overlay Networking Limit exposed ports on hosts Layer 7 routing to containers Network Policy Manager Compute NodeCompute NodeCompute Node Load Balancer L B L B L B App A App B Layer 7 routing Overlay Network
© 2017 Rancher Labs, Inc. Automate Delivery Pipeline
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Integrated Secrets Management 16
© 2017 Rancher Labs, Inc. Basics Still Apply Patching OS SE Linux/AppArmor Restrict Host Logins Use Orchestrator RBAC
CONTINUOUS SECURITY FOR CONTAINERS Fei Huang, Co-Founder & CEO, NeuVector Rancher Meetup August 31, 2017
Changing Traffic Patterns – And Risks  Traffic Explosion  Open Source Vulnerabilities  Sophisticated Attacks MICROSERVICES E A S T- W E S T T R A F F I C ! ! ! ! DDoS SambyCry Wanna-Crypt
E A S T- W E S T T R A F F I C ! ! ! ! Traditional Security Tools Are Blind  Can’t See East-West  Can’t Keep Up  Low Accuracy ZERO-DAY ATTACKS INSIDER ATTACKS
Container Network Security  Container-Native ‘Firewall’ - Network Visibility - L7 Inspection  Keeps Pace With Cloud-Native Apps - Scale, Update, New  Fits CI/CD Process, Non-Container Apps & SIEM Tools External & Legacy Apps
How Can Container Security Keep Up? 1. Containers are Declarative - Names, labels, dependencies, links, ports, deployment options 2. Behavioral / Machine Learning - Network and container inspection enables auto- learning 3. Whitelist, not Blacklist - Policies define trusted behavior
NeuVector Security Container Features  Deploy - Greenfield, Brownfield - Container Visualization  Audit - Docker Bench - Kubernetes CIS Benchmark - Vulnerability scans  Protect - Layer 7 Segmentation / Isolate Applications - Detect Privilege Escalations & Break Outs - Detect Container Threats  Respond - Alert, Block, Quarantine - Capture Sessions & Packets No Agents No Embedding No Coding
NeuVector Architecture
WannaCrypt Example: Detect Ransomware & Port Scanning
Example: Demo / Dirty Cow  Exploits Affect Hosts and Containers CVE-2016-5195 Linux Root Escalation Exploit 1. Attacker exploits vulnerable application to inject code 2. Run Dirty Cow to gain root in container 3. Connect to external host 4. NeuVector detects a) root escalation b) unauthorized connection 5. Attacker breaks out to compromise host Demo ‘Kill Chain‘
THANK YOU For more information contact us at info@neuvector.com http://neuvector.com
Dirty Cow
Demo – “One-Click” Deploy
Demo – “One-Click” Deploy
Demo – “One-Click” Deploy
Demo – Application Visibility
Demo – Application Visibility
Demo – “Break Out” Monitoring
Demo – “Break Out” Prevention
Demo – Logging
Application Security in the age of Open Source © Black Duck Software 2016
8 of the top 10 Software Companies (70 of the top 100) 6 of the top 8 Mobile Handset Vendors 6 of the top 10 Investment Banks 24 Countries 350+ Employees 2,000Customers About Black Duck 40Founded 2002 Of The Fortune 100
Automating Five Critical Tasks and Having a Bill of Materials Provide Distinct Advantage INVENTORY Open Source Software MAP Known Security Vulnerabilities IDENTIFTY License Compliance Risks TRACK Remediation Priorities & Progress ALERT New Vulnerabilities Affecting You Visibility AND Control 1 2 3 4 5
Open Source Changed the Way Applications are Built 10% Open Source 20% Open Source 50% Open Source Up to 90% Open Source 1998 2005 2010 TODAY Open Source is the modern architectureCustom & Commercial Code Open Source Software
Containers can be vulnerable by virtue of the code that runs inside them • OSS components running inside containers represent potential attack vectors • Could cause problems for the application itself • Could cause more problems if the container is running with the –privileged flag set Agile, Containers and DevOps
DockerHub Riddled with Vulnerabilities
Open Source Adoption in Commercial Software 22% of applications had >50% open source
Open Source is Not Risk Free
Why Aren’t We Finding These in Testing? • Static analysis • Testing of source code or binaries for unknown security vulnerabilities in custom code • Advantages in buffer overflow, some types of SQL injection • Provides results in source code • Dynamic analysis • Testing of compiled application in a staging environment to detect unknown security vulnerabilities in custom code • Advantages in injection errors, XSS • Provides results by URL, must be traced to source What’s Missing? All possible security vulnerabilities FREAK! Static Analysis Dynamic Analysis
Black Duck and NeuVector Continuous Network Security for Containers • Network inspection • Network traffic visibility and segmentation • ‘Layer 7’ application isolation & threat detection • Privilege escalation detection • Container quarantine • Run-time vulnerability scan Dev Build/CI Registry Deploy Run-Time Automated Visibility, Intelligence, and Control for Applications and Containers through Secure DevOps • Scanning of applications and containers • Component discovery and identification (“Bill of Materials”) • Analysis of known security vulnerabilities, license risks, and operational risks • Management of risk policies, enforcement, and remediation • Ongoing alerting of new vulnerabilities and policy violations • Knowledge Base of open source components and their risks Secure DevOps Secure in Production
Free Black Duck Container Tools Free Docker Container Security Scanner • https://info.blackducksoftware.com/Security-Scan.html
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Latest Release 48 Rancher 1.6.x Key Features: - Rancher EBS volume is now GA - Support ability to add catalogs per environment - Updated compose for new additional fields - Support to update LDAP without disabling auth - Support for RHEL 7.4 - Support for K8s 1.7.2 - Added more fixes to ipsec overlay networking - Enhanced release notes to include rollback instructions and fixes per infrastructure services https://github.com/rancher/rancher/releases
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Next Release – Rancher 2.0 Tech Preview 49
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Getting Started Rancher and RancherOS are in GitHub – Get Involved! 50 #ranchermeetup http://github.com/rancher
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Even better - try.rancher.com… 51
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Then join a free training class… 52 http://rancher.com/training
© 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Thank you rancher.com #ranchermeetup

Recommended

Building an Enterprise CaaS with Kubernetes and Rancher 2.0
Building an Enterprise CaaS with Kubernetes and Rancher 2.0Building an Enterprise CaaS with Kubernetes and Rancher 2.0
Building an Enterprise CaaS with Kubernetes and Rancher 2.0Shannon Williams
 
Storage for containers and cloud-native deployments - Rancher Online Meetup -...
Storage for containers and cloud-native deployments - Rancher Online Meetup -...Storage for containers and cloud-native deployments - Rancher Online Meetup -...
Storage for containers and cloud-native deployments - Rancher Online Meetup -...Shannon Williams
 
Introducing Project Longhorn - April 2016 Rancher Online Meetup
Introducing Project Longhorn - April 2016 Rancher Online MeetupIntroducing Project Longhorn - April 2016 Rancher Online Meetup
Introducing Project Longhorn - April 2016 Rancher Online MeetupShannon Williams
 
More tips and tricks for running containers like a pro - Rancher Online MEetu...
More tips and tricks for running containers like a pro - Rancher Online MEetu...More tips and tricks for running containers like a pro - Rancher Online MEetu...
More tips and tricks for running containers like a pro - Rancher Online MEetu...Shannon Williams
 
Introducing Kubernetes Clusters in Rancher - February 2016 Online Meetup
Introducing Kubernetes Clusters in Rancher - February 2016 Online MeetupIntroducing Kubernetes Clusters in Rancher - February 2016 Online Meetup
Introducing Kubernetes Clusters in Rancher - February 2016 Online MeetupShannon Williams
 
Rancher March 2016 Online Meetup Containers-as-a-Service with Rancher 1.0
Rancher March 2016 Online Meetup Containers-as-a-Service with Rancher 1.0Rancher March 2016 Online Meetup Containers-as-a-Service with Rancher 1.0
Rancher March 2016 Online Meetup Containers-as-a-Service with Rancher 1.0Shannon Williams
 
Deploying Containers with Rancher
Deploying Containers with RancherDeploying Containers with Rancher
Deploying Containers with RancherChris Tankersley
 
Introducing Apache Mesos environments in Rancher - June 2016 Online Meetup
Introducing Apache Mesos environments in Rancher - June 2016 Online MeetupIntroducing Apache Mesos environments in Rancher - June 2016 Online Meetup
Introducing Apache Mesos environments in Rancher - June 2016 Online MeetupShannon Williams
 

Recommended

Building an Enterprise CaaS with Kubernetes and Rancher 2.0
Building an Enterprise CaaS with Kubernetes and Rancher 2.0Building an Enterprise CaaS with Kubernetes and Rancher 2.0
Building an Enterprise CaaS with Kubernetes and Rancher 2.0Shannon Williams
 
Storage for containers and cloud-native deployments - Rancher Online Meetup -...
Storage for containers and cloud-native deployments - Rancher Online Meetup -...Storage for containers and cloud-native deployments - Rancher Online Meetup -...
Storage for containers and cloud-native deployments - Rancher Online Meetup -...Shannon Williams
 
Introducing Project Longhorn - April 2016 Rancher Online Meetup
Introducing Project Longhorn - April 2016 Rancher Online MeetupIntroducing Project Longhorn - April 2016 Rancher Online Meetup
Introducing Project Longhorn - April 2016 Rancher Online MeetupShannon Williams
 
More tips and tricks for running containers like a pro - Rancher Online MEetu...
More tips and tricks for running containers like a pro - Rancher Online MEetu...More tips and tricks for running containers like a pro - Rancher Online MEetu...
More tips and tricks for running containers like a pro - Rancher Online MEetu...Shannon Williams
 
Introducing Kubernetes Clusters in Rancher - February 2016 Online Meetup
Introducing Kubernetes Clusters in Rancher - February 2016 Online MeetupIntroducing Kubernetes Clusters in Rancher - February 2016 Online Meetup
Introducing Kubernetes Clusters in Rancher - February 2016 Online MeetupShannon Williams
 
Rancher March 2016 Online Meetup Containers-as-a-Service with Rancher 1.0
Rancher March 2016 Online Meetup Containers-as-a-Service with Rancher 1.0Rancher March 2016 Online Meetup Containers-as-a-Service with Rancher 1.0
Rancher March 2016 Online Meetup Containers-as-a-Service with Rancher 1.0Shannon Williams
 
Deploying Containers with Rancher
Deploying Containers with RancherDeploying Containers with Rancher
Deploying Containers with RancherChris Tankersley
 
Introducing Apache Mesos environments in Rancher - June 2016 Online Meetup
Introducing Apache Mesos environments in Rancher - June 2016 Online MeetupIntroducing Apache Mesos environments in Rancher - June 2016 Online Meetup
Introducing Apache Mesos environments in Rancher - June 2016 Online MeetupShannon Williams
 
Hands-on with Rancher 2.0 and Kubernetes - October 2017 Rancher Online Meetup
Hands-on with Rancher 2.0 and Kubernetes - October 2017 Rancher Online MeetupHands-on with Rancher 2.0 and Kubernetes - October 2017 Rancher Online Meetup
Hands-on with Rancher 2.0 and Kubernetes - October 2017 Rancher Online MeetupShannon Williams
 
Infrasturcure-as-code with Kubernetes and Rancher - September 2019 Online Meetup
Infrasturcure-as-code with Kubernetes and Rancher - September 2019 Online MeetupInfrasturcure-as-code with Kubernetes and Rancher - September 2019 Online Meetup
Infrasturcure-as-code with Kubernetes and Rancher - September 2019 Online MeetupShannon Williams
 
Tips, Tricks and Tools for Running Containers Like a Pro - Rancher Labs April...
Tips, Tricks and Tools for Running Containers Like a Pro - Rancher Labs April...Tips, Tricks and Tools for Running Containers Like a Pro - Rancher Labs April...
Tips, Tricks and Tools for Running Containers Like a Pro - Rancher Labs April...Shannon Williams
 
The ultimate container monitoring bake-off - Rancher Online Meetup October 2016
The ultimate container monitoring bake-off - Rancher Online Meetup October 2016The ultimate container monitoring bake-off - Rancher Online Meetup October 2016
The ultimate container monitoring bake-off - Rancher Online Meetup October 2016Shannon Williams
 
Dear IT...I'd Like A Kubernetes Cluster
Dear IT...I'd Like A Kubernetes ClusterDear IT...I'd Like A Kubernetes Cluster
Dear IT...I'd Like A Kubernetes ClusterShannon Williams
 
Running Rancher and Docker on Dev Machines - Rancher Online Meetup - May 2016
Running Rancher and Docker on Dev Machines - Rancher Online Meetup - May 2016Running Rancher and Docker on Dev Machines - Rancher Online Meetup - May 2016
Running Rancher and Docker on Dev Machines - Rancher Online Meetup - May 2016Shannon Williams
 
Supercharging CI/CD with GitLab and Rancher - June 2017 Online Meetup
Supercharging CI/CD with GitLab and Rancher - June 2017 Online MeetupSupercharging CI/CD with GitLab and Rancher - June 2017 Online Meetup
Supercharging CI/CD with GitLab and Rancher - June 2017 Online MeetupShannon Williams
 
Rancher presentation august 2017
Rancher presentation august 2017Rancher presentation august 2017
Rancher presentation august 2017Sebastiaan van Steenis
 
Building a Scalable CI Platform using Docker, Drone and Rancher
Building a Scalable CI Platform using Docker, Drone and RancherBuilding a Scalable CI Platform using Docker, Drone and Rancher
Building a Scalable CI Platform using Docker, Drone and RancherShannon Williams
 
From Hello World to Real World - Container Days Boston 2016
From Hello World to Real World - Container Days Boston 2016From Hello World to Real World - Container Days Boston 2016
From Hello World to Real World - Container Days Boston 2016Shannon Williams
 
An Introduction to Rancher
An Introduction to RancherAn Introduction to Rancher
An Introduction to RancherConner Swann
 
Rancher Labs - Your own PaaS in action
Rancher Labs - Your own PaaS in actionRancher Labs - Your own PaaS in action
Rancher Labs - Your own PaaS in actionCSUC - Consorci de Serveis Universitaris de Catalunya
 
Rancher 2.0 Technical Deep Dive
Rancher 2.0 Technical Deep DiveRancher 2.0 Technical Deep Dive
Rancher 2.0 Technical Deep DiveLINE Corporation
 
Automate CI/CD with Rancher
Automate CI/CD with RancherAutomate CI/CD with Rancher
Automate CI/CD with RancherNick Thomas
 
Rancher 2.x first step before deep dive
Rancher 2.x first step before deep diveRancher 2.x first step before deep dive
Rancher 2.x first step before deep diveLINE Corporation
 
Why I wish I'd Heard of Docker when I was 12 - Finnian Anderson
Why I wish I'd Heard of Docker when I was 12 - Finnian AndersonWhy I wish I'd Heard of Docker when I was 12 - Finnian Anderson
Why I wish I'd Heard of Docker when I was 12 - Finnian AndersonDocker, Inc.
 
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with Spinnaker
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with SpinnakerSpinnaker Summit 2018: CI/CD Patterns for Kubernetes with Spinnaker
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with SpinnakerAndrew Phillips
 
The Big Cloud Native FaaS Lebowski
The Big Cloud Native FaaS LebowskiThe Big Cloud Native FaaS Lebowski
The Big Cloud Native FaaS LebowskiQAware GmbH
 
The Big Cloud native FaaS Lebowski
The Big Cloud native FaaS Lebowski The Big Cloud native FaaS Lebowski
The Big Cloud native FaaS Lebowski QAware GmbH
 
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusCanary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusKublr
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleRogue Wave Software
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementTim Mackey
 

More Related Content

What's hot

Hands-on with Rancher 2.0 and Kubernetes - October 2017 Rancher Online Meetup
Hands-on with Rancher 2.0 and Kubernetes - October 2017 Rancher Online MeetupHands-on with Rancher 2.0 and Kubernetes - October 2017 Rancher Online Meetup
Hands-on with Rancher 2.0 and Kubernetes - October 2017 Rancher Online MeetupShannon Williams
 
Infrasturcure-as-code with Kubernetes and Rancher - September 2019 Online Meetup
Infrasturcure-as-code with Kubernetes and Rancher - September 2019 Online MeetupInfrasturcure-as-code with Kubernetes and Rancher - September 2019 Online Meetup
Infrasturcure-as-code with Kubernetes and Rancher - September 2019 Online MeetupShannon Williams
 
Tips, Tricks and Tools for Running Containers Like a Pro - Rancher Labs April...
Tips, Tricks and Tools for Running Containers Like a Pro - Rancher Labs April...Tips, Tricks and Tools for Running Containers Like a Pro - Rancher Labs April...
Tips, Tricks and Tools for Running Containers Like a Pro - Rancher Labs April...Shannon Williams
 
The ultimate container monitoring bake-off - Rancher Online Meetup October 2016
The ultimate container monitoring bake-off - Rancher Online Meetup October 2016The ultimate container monitoring bake-off - Rancher Online Meetup October 2016
The ultimate container monitoring bake-off - Rancher Online Meetup October 2016Shannon Williams
 
Dear IT...I'd Like A Kubernetes Cluster
Dear IT...I'd Like A Kubernetes ClusterDear IT...I'd Like A Kubernetes Cluster
Dear IT...I'd Like A Kubernetes ClusterShannon Williams
 
Running Rancher and Docker on Dev Machines - Rancher Online Meetup - May 2016
Running Rancher and Docker on Dev Machines - Rancher Online Meetup - May 2016Running Rancher and Docker on Dev Machines - Rancher Online Meetup - May 2016
Running Rancher and Docker on Dev Machines - Rancher Online Meetup - May 2016Shannon Williams
 
Supercharging CI/CD with GitLab and Rancher - June 2017 Online Meetup
Supercharging CI/CD with GitLab and Rancher - June 2017 Online MeetupSupercharging CI/CD with GitLab and Rancher - June 2017 Online Meetup
Supercharging CI/CD with GitLab and Rancher - June 2017 Online MeetupShannon Williams
 
Building a Scalable CI Platform using Docker, Drone and Rancher
Building a Scalable CI Platform using Docker, Drone and RancherBuilding a Scalable CI Platform using Docker, Drone and Rancher
Building a Scalable CI Platform using Docker, Drone and RancherShannon Williams
 
From Hello World to Real World - Container Days Boston 2016
From Hello World to Real World - Container Days Boston 2016From Hello World to Real World - Container Days Boston 2016
From Hello World to Real World - Container Days Boston 2016Shannon Williams
 
An Introduction to Rancher
An Introduction to RancherAn Introduction to Rancher
An Introduction to RancherConner Swann
 
Rancher 2.0 Technical Deep Dive
Rancher 2.0 Technical Deep DiveRancher 2.0 Technical Deep Dive
Rancher 2.0 Technical Deep DiveLINE Corporation
 
Automate CI/CD with Rancher
Automate CI/CD with RancherAutomate CI/CD with Rancher
Automate CI/CD with RancherNick Thomas
 
Rancher 2.x first step before deep dive
Rancher 2.x first step before deep diveRancher 2.x first step before deep dive
Rancher 2.x first step before deep diveLINE Corporation
 
Why I wish I'd Heard of Docker when I was 12 - Finnian Anderson
Why I wish I'd Heard of Docker when I was 12 - Finnian AndersonWhy I wish I'd Heard of Docker when I was 12 - Finnian Anderson
Why I wish I'd Heard of Docker when I was 12 - Finnian AndersonDocker, Inc.
 
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with Spinnaker
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with SpinnakerSpinnaker Summit 2018: CI/CD Patterns for Kubernetes with Spinnaker
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with SpinnakerAndrew Phillips
 
The Big Cloud Native FaaS Lebowski
The Big Cloud Native FaaS LebowskiThe Big Cloud Native FaaS Lebowski
The Big Cloud Native FaaS LebowskiQAware GmbH
 
The Big Cloud native FaaS Lebowski
The Big Cloud native FaaS Lebowski The Big Cloud native FaaS Lebowski
The Big Cloud native FaaS Lebowski QAware GmbH
 
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusCanary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusKublr
 

What's hot (20)

Hands-on with Rancher 2.0 and Kubernetes - October 2017 Rancher Online Meetup
Hands-on with Rancher 2.0 and Kubernetes - October 2017 Rancher Online MeetupHands-on with Rancher 2.0 and Kubernetes - October 2017 Rancher Online Meetup
Hands-on with Rancher 2.0 and Kubernetes - October 2017 Rancher Online Meetup
 
Infrasturcure-as-code with Kubernetes and Rancher - September 2019 Online Meetup
Infrasturcure-as-code with Kubernetes and Rancher - September 2019 Online MeetupInfrasturcure-as-code with Kubernetes and Rancher - September 2019 Online Meetup
Infrasturcure-as-code with Kubernetes and Rancher - September 2019 Online Meetup
 
Tips, Tricks and Tools for Running Containers Like a Pro - Rancher Labs April...
Tips, Tricks and Tools for Running Containers Like a Pro - Rancher Labs April...Tips, Tricks and Tools for Running Containers Like a Pro - Rancher Labs April...
Tips, Tricks and Tools for Running Containers Like a Pro - Rancher Labs April...
 
The ultimate container monitoring bake-off - Rancher Online Meetup October 2016
The ultimate container monitoring bake-off - Rancher Online Meetup October 2016The ultimate container monitoring bake-off - Rancher Online Meetup October 2016
The ultimate container monitoring bake-off - Rancher Online Meetup October 2016
 
Dear IT...I'd Like A Kubernetes Cluster
Dear IT...I'd Like A Kubernetes ClusterDear IT...I'd Like A Kubernetes Cluster
Dear IT...I'd Like A Kubernetes Cluster
 
Running Rancher and Docker on Dev Machines - Rancher Online Meetup - May 2016
Running Rancher and Docker on Dev Machines - Rancher Online Meetup - May 2016Running Rancher and Docker on Dev Machines - Rancher Online Meetup - May 2016
Running Rancher and Docker on Dev Machines - Rancher Online Meetup - May 2016
 
Supercharging CI/CD with GitLab and Rancher - June 2017 Online Meetup
Supercharging CI/CD with GitLab and Rancher - June 2017 Online MeetupSupercharging CI/CD with GitLab and Rancher - June 2017 Online Meetup
Supercharging CI/CD with GitLab and Rancher - June 2017 Online Meetup
 
Rancher presentation august 2017
Rancher presentation august 2017Rancher presentation august 2017
Rancher presentation august 2017
 
Building a Scalable CI Platform using Docker, Drone and Rancher
Building a Scalable CI Platform using Docker, Drone and RancherBuilding a Scalable CI Platform using Docker, Drone and Rancher
Building a Scalable CI Platform using Docker, Drone and Rancher
 
From Hello World to Real World - Container Days Boston 2016
From Hello World to Real World - Container Days Boston 2016From Hello World to Real World - Container Days Boston 2016
From Hello World to Real World - Container Days Boston 2016
 
An Introduction to Rancher
An Introduction to RancherAn Introduction to Rancher
An Introduction to Rancher
 
Rancher Labs - Your own PaaS in action
Rancher Labs - Your own PaaS in actionRancher Labs - Your own PaaS in action
Rancher Labs - Your own PaaS in action
 
Rancher 2.0 Technical Deep Dive
Rancher 2.0 Technical Deep DiveRancher 2.0 Technical Deep Dive
Rancher 2.0 Technical Deep Dive
 
Automate CI/CD with Rancher
Automate CI/CD with RancherAutomate CI/CD with Rancher
Automate CI/CD with Rancher
 
Rancher 2.x first step before deep dive
Rancher 2.x first step before deep diveRancher 2.x first step before deep dive
Rancher 2.x first step before deep dive
 
Why I wish I'd Heard of Docker when I was 12 - Finnian Anderson
Why I wish I'd Heard of Docker when I was 12 - Finnian AndersonWhy I wish I'd Heard of Docker when I was 12 - Finnian Anderson
Why I wish I'd Heard of Docker when I was 12 - Finnian Anderson
 
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with Spinnaker
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with SpinnakerSpinnaker Summit 2018: CI/CD Patterns for Kubernetes with Spinnaker
Spinnaker Summit 2018: CI/CD Patterns for Kubernetes with Spinnaker
 
The Big Cloud Native FaaS Lebowski
The Big Cloud Native FaaS LebowskiThe Big Cloud Native FaaS Lebowski
The Big Cloud Native FaaS Lebowski
 
The Big Cloud native FaaS Lebowski
The Big Cloud native FaaS Lebowski The Big Cloud native FaaS Lebowski
The Big Cloud native FaaS Lebowski
 
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusCanary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
 

Similar to Securing Container Deployments from Build to Ship to Run - August 2017 - Rancher Labs Online Meetup

Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleRogue Wave Software
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementTim Mackey
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementBlack Duck by Synopsys
 
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...CA Technologies
 
AWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSAWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSEric Smalling
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryTim Mackey
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliveryBlack Duck by Synopsys
 
Securing Red Hat OpenShift Containerized Applications At Enterprise Scale
Securing Red Hat OpenShift Containerized Applications At Enterprise ScaleSecuring Red Hat OpenShift Containerized Applications At Enterprise Scale
Securing Red Hat OpenShift Containerized Applications At Enterprise ScaleDevOps.com
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliveryBlack Duck by Synopsys
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliveryTim Mackey
 
Executive Briefing: The Why, What, and Where of Containers
Executive Briefing: The Why, What, and Where of ContainersExecutive Briefing: The Why, What, and Where of Containers
Executive Briefing: The Why, What, and Where of ContainersNVISIA
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsTim Mackey
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSAWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSEric Smalling
 
Tech Talk - Cloud Transformation in 2017
Tech Talk - Cloud Transformation in 2017Tech Talk - Cloud Transformation in 2017
Tech Talk - Cloud Transformation in 2017Alex Rhea
 
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeOpen DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeEmerasoft, solutions to collaborate
 
Cncf checkov and bridgecrew
Cncf checkov and bridgecrewCncf checkov and bridgecrew
Cncf checkov and bridgecrewLibbySchulze
 
SecurifyLabs & Tiki @ Countermeasure 2014
SecurifyLabs & Tiki @ Countermeasure 2014SecurifyLabs & Tiki @ Countermeasure 2014
SecurifyLabs & Tiki @ Countermeasure 2014securifylabs
 
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...Synopsys Software Integrity Group
 
The Dev, Sec and Ops of API Security - API World
The Dev, Sec and Ops of API Security - API WorldThe Dev, Sec and Ops of API Security - API World
The Dev, Sec and Ops of API Security - API World42Crunch
 

Similar to Securing Container Deployments from Build to Ship to Run - August 2017 - Rancher Labs Online Meetup (20)

Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycle
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
 
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
 
AWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWSAWS live hack: Docker + Snyk Container on AWS
AWS live hack: Docker + Snyk Container on AWS
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 
Securing Red Hat OpenShift Containerized Applications At Enterprise Scale
Securing Red Hat OpenShift Containerized Applications At Enterprise ScaleSecuring Red Hat OpenShift Containerized Applications At Enterprise Scale
Securing Red Hat OpenShift Containerized Applications At Enterprise Scale
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 
Secure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous DeliverySecure Application Development in the Age of Continuous Delivery
Secure Application Development in the Age of Continuous Delivery
 
Executive Briefing: The Why, What, and Where of Containers
Executive Briefing: The Why, What, and Where of ContainersExecutive Briefing: The Why, What, and Where of Containers
Executive Briefing: The Why, What, and Where of Containers
 
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptionsSecurity in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptions
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSAWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWS
 
Tech Talk - Cloud Transformation in 2017
Tech Talk - Cloud Transformation in 2017Tech Talk - Cloud Transformation in 2017
Tech Talk - Cloud Transformation in 2017
 
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - SonatypeOpen DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
Open DevSecOps 2019 - Securing the Software Supply Chain - Sonatype
 
Cncf checkov and bridgecrew
Cncf checkov and bridgecrewCncf checkov and bridgecrew
Cncf checkov and bridgecrew
 
SecurifyLabs & Tiki @ Countermeasure 2014
SecurifyLabs & Tiki @ Countermeasure 2014SecurifyLabs & Tiki @ Countermeasure 2014
SecurifyLabs & Tiki @ Countermeasure 2014
 
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
 
The Dev, Sec and Ops of API Security - API World
The Dev, Sec and Ops of API Security - API WorldThe Dev, Sec and Ops of API Security - API World
The Dev, Sec and Ops of API Security - API World
 

Recently uploaded

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Recently uploaded (20)

Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Securing Container Deployments from Build to Ship to Run - August 2017 - Rancher Labs Online Meetup

  • 1. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Securing Container Deployments from Build to Ship to Run August 30, 2017 #ranchermeetup
  • 2. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Shannon Williams Co-Founder/VP Sales @smw355 1 Darren Shepherd Co-Founder/Chief Architect @ibuildthecloud #ranchermeetup
  • 3. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Bill Maxwell Director of DevOps Rancher @cloudnautique 2 #ranchermeetup Fei Huang CEO NeuVector @NeuVector
  • 4. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Kaila Gervais Sales Engineer Black Duck Software 3 #ranchermeetup Mike Pittenger VP for Security Strategy Black Duck Software @mwpittenger
  • 5. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . First things first… This is a not a ! 4 #ranchermeetup
  • 6. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .5 There are rules for a meetup! • We won’t be done on time • Questions are always welcome • Demo, then demo some more • Things will break, be patient #ranchermeetup
  • 7. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .6 Join the conversation on Twitter #ranchermeetup
  • 8. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Agenda • Quick Rancher Intro – Shannon • Best Practices for Securing your Rancher Deployment – Bill • Continuous Security for Containers - Fei • Demo – Deploying NeuVector on Rancher • Demo – Blocking a Dirty Cow exploit • Building Security into Applications - Mike • Demo – Black Duck - Kalia 7 #ranchermeetup
  • 9. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Rancher Labs 8 #ranchermeetup The most complete container management platform A simplified Linux distribution built from containers, for containers OUR PRODUCTS A project for microservices-based distributed block storage
  • 10. © 2017 Rancher Labs, Inc. A complete container management platform that makes it easy to… 9 INNOVATE WITH CONTAINERS without compromising flexibility by empowering developers with fast access to the latest tools MANAGE APPLICATIONS by simplifying day to day application lifecycle management RUN CONTAINERS with the most complete set of container and infrastructure management capabilities Production ready ✔ 60 million+ downloads ✔ Open platform for innovating ✔ Easy to use interface ✔ Multi-tenant ✔ Role based access ✔ 24X7 support ✔ And more….
  • 11. © 2017 Rancher Labs, Inc. Complete Container Management Platform 10 Application Catalog Container Orchestration and SchedulingUser Mgmt RBAC AD/LDAP SAML Ops Mgmt CI/CD Registries Monitoring Networking Multi-tenant Environments Environment 1 Environment N Infrastructure Services Storage ……. ..Environment 2 Security DNS/LB
  • 12. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .#ranchermeetup Securing Container Deployments from Build to Ship to Run
  • 13. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Quick tips for securing your Rancher deployment Bill Maxwell
  • 14. © 2017 Rancher Labs, Inc. Cloud-Native Security Pipeline Image Signing, e.g. Content Trust User access controls, e.g. registries Code analysis Hardening Image Scanning Open Source Auditing and management Host and kernel security SELinux, AppArmor Secure Docker daemon Access Controls Secrets Management Encryption Auditing w/ Docker Bench Orchestrate – network, security containers Network Inspection & Visualization Layer 7-based Application Isolation Threat Detection Privilege Escalation Detection Container Quarantine Run-Time Vulnerability Scanning Process Monitoring Packet Capture & Event Logging
  • 15. © 2017 Rancher Labs, Inc. Rancher Environment Securing Overlay Networking Limit exposed ports on hosts Layer 7 routing to containers Network Policy Manager Compute NodeCompute NodeCompute Node Load Balancer L B L B L B App A App B Layer 7 routing Overlay Network
  • 16. © 2017 Rancher Labs, Inc. Automate Delivery Pipeline
  • 17. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Integrated Secrets Management 16
  • 18. © 2017 Rancher Labs, Inc. Basics Still Apply Patching OS SE Linux/AppArmor Restrict Host Logins Use Orchestrator RBAC
  • 19. CONTINUOUS SECURITY FOR CONTAINERS Fei Huang, Co-Founder & CEO, NeuVector Rancher Meetup August 31, 2017
  • 20. Changing Traffic Patterns – And Risks  Traffic Explosion  Open Source Vulnerabilities  Sophisticated Attacks MICROSERVICES E A S T- W E S T T R A F F I C ! ! ! ! DDoS SambyCry Wanna-Crypt
  • 21. E A S T- W E S T T R A F F I C ! ! ! ! Traditional Security Tools Are Blind  Can’t See East-West  Can’t Keep Up  Low Accuracy ZERO-DAY ATTACKS INSIDER ATTACKS
  • 22. Container Network Security  Container-Native ‘Firewall’ - Network Visibility - L7 Inspection  Keeps Pace With Cloud-Native Apps - Scale, Update, New  Fits CI/CD Process, Non-Container Apps & SIEM Tools External & Legacy Apps
  • 23. How Can Container Security Keep Up? 1. Containers are Declarative - Names, labels, dependencies, links, ports, deployment options 2. Behavioral / Machine Learning - Network and container inspection enables auto- learning 3. Whitelist, not Blacklist - Policies define trusted behavior
  • 24. NeuVector Security Container Features  Deploy - Greenfield, Brownfield - Container Visualization  Audit - Docker Bench - Kubernetes CIS Benchmark - Vulnerability scans  Protect - Layer 7 Segmentation / Isolate Applications - Detect Privilege Escalations & Break Outs - Detect Container Threats  Respond - Alert, Block, Quarantine - Capture Sessions & Packets No Agents No Embedding No Coding
  • 27. Example: Demo / Dirty Cow  Exploits Affect Hosts and Containers CVE-2016-5195 Linux Root Escalation Exploit 1. Attacker exploits vulnerable application to inject code 2. Run Dirty Cow to gain root in container 3. Connect to external host 4. NeuVector detects a) root escalation b) unauthorized connection 5. Attacker breaks out to compromise host Demo ‘Kill Chain‘
  • 28. THANK YOU For more information contact us at info@neuvector.com http://neuvector.com
  • 33. Demo – Application Visibility
  • 34. Demo – Application Visibility
  • 35. Demo – “Break Out” Monitoring
  • 36. Demo – “Break Out” Prevention
  • 38. Application Security in the age of Open Source © Black Duck Software 2016
  • 39. 8 of the top 10 Software Companies (70 of the top 100) 6 of the top 8 Mobile Handset Vendors 6 of the top 10 Investment Banks 24 Countries 350+ Employees 2,000Customers About Black Duck 40Founded 2002 Of The Fortune 100
  • 40. Automating Five Critical Tasks and Having a Bill of Materials Provide Distinct Advantage INVENTORY Open Source Software MAP Known Security Vulnerabilities IDENTIFTY License Compliance Risks TRACK Remediation Priorities & Progress ALERT New Vulnerabilities Affecting You Visibility AND Control 1 2 3 4 5
  • 41. Open Source Changed the Way Applications are Built 10% Open Source 20% Open Source 50% Open Source Up to 90% Open Source 1998 2005 2010 TODAY Open Source is the modern architectureCustom & Commercial Code Open Source Software
  • 42. Containers can be vulnerable by virtue of the code that runs inside them • OSS components running inside containers represent potential attack vectors • Could cause problems for the application itself • Could cause more problems if the container is running with the –privileged flag set Agile, Containers and DevOps
  • 43. DockerHub Riddled with Vulnerabilities
  • 44. Open Source Adoption in Commercial Software 22% of applications had >50% open source
  • 45. Open Source is Not Risk Free
  • 46. Why Aren’t We Finding These in Testing? • Static analysis • Testing of source code or binaries for unknown security vulnerabilities in custom code • Advantages in buffer overflow, some types of SQL injection • Provides results in source code • Dynamic analysis • Testing of compiled application in a staging environment to detect unknown security vulnerabilities in custom code • Advantages in injection errors, XSS • Provides results by URL, must be traced to source What’s Missing? All possible security vulnerabilities FREAK! Static Analysis Dynamic Analysis
  • 47. Black Duck and NeuVector Continuous Network Security for Containers • Network inspection • Network traffic visibility and segmentation • ‘Layer 7’ application isolation & threat detection • Privilege escalation detection • Container quarantine • Run-time vulnerability scan Dev Build/CI Registry Deploy Run-Time Automated Visibility, Intelligence, and Control for Applications and Containers through Secure DevOps • Scanning of applications and containers • Component discovery and identification (“Bill of Materials”) • Analysis of known security vulnerabilities, license risks, and operational risks • Management of risk policies, enforcement, and remediation • Ongoing alerting of new vulnerabilities and policy violations • Knowledge Base of open source components and their risks Secure DevOps Secure in Production
  • 48. Free Black Duck Container Tools Free Docker Container Security Scanner • https://info.blackducksoftware.com/Security-Scan.html
  • 49. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Latest Release 48 Rancher 1.6.x Key Features: - Rancher EBS volume is now GA - Support ability to add catalogs per environment - Updated compose for new additional fields - Support to update LDAP without disabling auth - Support for RHEL 7.4 - Support for K8s 1.7.2 - Added more fixes to ipsec overlay networking - Enhanced release notes to include rollback instructions and fixes per infrastructure services https://github.com/rancher/rancher/releases
  • 50. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Next Release – Rancher 2.0 Tech Preview 49
  • 51. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Getting Started Rancher and RancherOS are in GitHub – Get Involved! 50 #ranchermeetup http://github.com/rancher
  • 52. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Even better - try.rancher.com… 51
  • 53. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Then join a free training class… 52 http://rancher.com/training
  • 54. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Thank you rancher.com #ranchermeetup