Agenda | August 26,2022 | 10:30 AM - 1:00PM EDT
Schedule | Description |
---|---|
10:30 AM | Welcome & Opening RemarksMagno Logan, SANS Instructor & Subject Matter Expert |
10:45 AM | Block the Drift, Prevent the Attack at RuntimeGiven the dynamic nature of cloud-native environments and the inadequacy of legacy security tools and practices carried over to the cloud, teams often are blind to container drift, especially at scale. Drift Control closes the dangerous security gaps created by modifications in running containers by automatically flagging and denying deviations from the trusted original container. Participants will leave the session with a clear understanding how to: - Move away from legacy practices that don’t work in cloud-native environments - Prevent attacks by blocking container drift in production - Enforce immutability best practice - Enable easy and effective security
Daniella Pontes, Security Product Marketing Manager, Sysdig |
11:20 AM | Dynamic Authorization and Policy Control for Your Kubernetes ClusterWhen you adopt Kubernetes for production, how do you, a cluster administrator, enforce requirements from security and compliance teams, and how do you allow for differing levels of developer expertise? Like most systems, you put guardrails on the cluster to limit how teams (ab)use the cluster, but with Kubernetes those guardrails look quite different because Kubernetes differentiates runtime-state (what is actually happening) and desired-state (what is supposed to happen). Treating desired-state as separate from runtime-state enables you to put guardrails on the instructions developers give to Kubernetes and in so doing avoid runtime problems even before they happen. Dozens of companies have found that enforcing desired-state security policies is crucial for putting Kubernetes into production; Kubernetes is simply too flexible and too powerful to hand over to even relatively small teams without basic guardrails like ensuring images are pulled from trusted repositories and avoiding network configurations where one application steals another application’s traffic.
Ash Narkar, Software Engineer, Open Source |
11:55 AM | Break |
12:10 PM | Automating Kubernetes Security and Protecting Your Applications from the UnknownWith the common pace of application release and development in containerized environments it becomes increasingly difficult for organizations to catch up with the security part, in this presentation we will show you how easy it is to go beyond traditional methods to mitigate security risks in kubernetes environments and protect your running container applications by integrating SUSE NeuVector into your CI/CD pipeline and using its application behavior learning capabilities to create security policies that can protect from zero-day exploits and unexpected application behaviors in your whole kubernetes infrastructure, all this without compromising the speed of your development. Raul Mahiques Martinez, Security Technical Marketing Manager, SUSE |
12:45 PM | Why High Fidelity Visibility Matters in KubernetesKubernetes adoption is outpacing the expertise in the area, and security practitioners are dealing with new threats. Coupling this with little visibility into their own infrastructure, oftentimes teams don’t know who is in their cloud and what they are doing. In this talk, we will discuss how to get a clear understanding of these concepts and how to best detect and prevent unwanted activity or use of Kubernetes. Scott Holt, Senior Solutions Architect, Elastic |
1:20 PM | Wrap-Up and Closing RemarksMagno Logan, SANS Instructor & Subject Matter Expert |