Integrating Security Controls into the Development and Delivery Pipeline

•

0 j'aime•272 vues

Akamai Developers & Admins

Integrating Security Controls into the Development and Delivery Pipeline - Atlanta DevOps World Tour

Technologie

DevOps- Integrating Security Controls into the
Development and Delivery Pipeline
Emad Zand, Senior Product Manager
November 2017

© AKAMAI - 2017
Where are you in your DevOps evolution to integrate
security controls into your pipeline?

© AKAMAI - 2017
For those down the DevOps path, is that
helping or hurting your app sec posture?
What changes have you had to make to
your app sec program as release velocity
has gone up?

© AKAMAI - 2017
Enabling DevOps Practices on Cloud Security Products
Recently Added
SIEM Integration & API for rapid feedback in
the systems, where your team works.
In 2018
Kona Site Defender critical Security
Configuration APIs
Fast Activation of Security Configuration and
Network List changes
“Give me real-time visibility and
insights!”
“I need to use my automation tools on
all components of my infrastructure!”
“Changes have to be fast!”
What are we Hearing?

© AKAMAI - 2017
SIEM Integration Product Concept
SIEM Connector retrieves security events
through OPEN API exposed by the ASEC.
Security events are retrieved in the SIEM
Connector in JSON format.
Once the SIEM Connector retrieves the security
events from ASEC, it process them and sends the
events to the SIEM.
Akamai Security Events Collector
(ASEC)
Customer Fire Wall
Security Events Generated at Akamai
Edge Servers in JSON Format
Pull Request
SIEM Connector
Authenticate
+
REST API
1
3
2
1
2
3
Pull Response

© AKAMAI - 2017
● Retrieve data in one of two modes:
Ø Offset-based:
Ø Time-based:
● SIEM API Specification published on Akamai Developer page1
1. https://developer.akamai.com/api/luna/siem/resources.html
SIEM API Overview
/siem/v1/configs/7777?from=1499835600&to=1499875200&limit=1000
/siem/v1/configs/7777?offset=1500390779

© AKAMAI - 2017
Kona Site Defender Critical Security Configuration APIs
Key Use Cases:
Add a new host for protection
Audit security configurations
Create custom rules as a virtual patch

© AKAMAI - 2017
Kona Site Defender Critical Security Configuration APIs

© AKAMAI - 2017
Fast Activation of Security Configuration and Network List Changes
Key Use Cases:
Fast deployment of security configuration and network list globally
Fast cancellation of my configuration activation that is underway
Fast fallback to previously activated configuration
Completion time estimation prior and during activation process
Automate fast activation of security configuration and network list changes

Contenu connexe

Tendances

Observability Enhancements in Steeltoe

VMware Tanzu

Infrastructure as Code

Prasant Kumar

We had to build a fast and reliable API for a public-facing phone application. Why use a shiny new technology to build this API when there are already proven ways to do it? In this talk I will explore why we decided to use AWS Lambdas and how it was different from developing and deploying a “conventional" API. Hear about lessons learned throughout the journey, from just playing with Lambdas at home through to successfully shipping a functional product. Learning outcomes. - What serverless is - How building a serverless architecture differs from a conventional one. - What kind of projects could benefit from a serverless architecture.

Lessons Learned from building a serverless API

Pam Rucinque

AWS Community Day Bangkok 2019 - Dev Ops Philosophy Increase Productivity

AWS User Group - Thailand

AWS Community Day Bangkok 2019 - DevOps Cost Reduction using Jenkins & AWS Sp...

AWS User Group - Thailand

When we talk about prices, we often only talk about Lambda costs. In our applications, however, we rarely use only Lambda. Usually we have other building blocks like API Gateway, data sources like SNS, SQS or Kinesis. We also store our data either in S3 or in serverless databases like DynamoDB or recently in Aurora Serverless. All of these AWS services have their own pricing models to look out for. In this talk, we will draw a complete picture of the total cost of ownership in serverless applications and present a decision-making list for determining if and whether to rely on serverless paradigm in your project. In doing so, we look at the cost aspects as well as other aspects such as understanding application lifecycle, software architecture, platform limitations, organizational knowledge and plattform and tooling maturity. We will also discuss current challenges adopting serverless such as lack of high latency ephemeral storage, unsufficient network performance and missing security features.

FaaS or not to FaaS. Visible and invisible benefits of the Serverless paradig...

Vadym Kazulkin

At Fluent Conference 2018, Nic Jansma and Charles Vazac perform an honest audit of several popular third-party libraries to understand their true cost to your site, exploring loading patterns, SPOF avoidance, JavaScript parsing, long tasks, runtime overhead, polyfill headaches, security and privacy concerns, and more. They also share tools to help you decide if a library’s risks and unseen costs are worth it.

Fluent 2018: When third parties stop being polite... and start getting real

Akamai Developers & Admins

Datadog Partner Demo- AWS Container Day 2019 Barcelona

Amazon Web Services

Using Google Cloud Services with Spring Boot and Pivotal Cloud Foundry (Pivot...

VMware Tanzu

Join us to learn how Accenture is using Windows containers on Service Fabric for their existing .NET legacy apps. Containers greatly improve server utilization and management while enabling your developers to spin up an environment to run without the need of infrastructure. In this session, we introduce—through a real-world customer example—the use of containers on Azure Service Fabric to modernize, deploy and operate .NET applications at scale.

Modernize applications and reduce TCO with Windows containers on Azure Servic...

Microsoft Tech Community

Cloud-Native Workshop New York- Pivotal

VMware Tanzu

Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud ...

VMware Tanzu

From AUI to Atlaskit - Streamlining Development for Server & Cloud Apps

Atlassian

PHP as a Service

Paulo Victor Gomes

Redefining cloud native debugging

LibbySchulze

AWS Community Day Bangkok 2019 - Hello ClaudiaJS

AWS User Group - Thailand

Managing the deployment of code to multiple AWS Lambda functions and updating your API Gateway methods can be manual and time consuming. In this session, we will show you how to build a deployment pipeline to AWS Lambda using AWS CodePipeline, a continuous delivery service based on Amazon’s internal release automation tooling. We will discuss how to use versioning, which enables you to better manage the different variations of your Lambda functions and API Gateway methods in your development workflow (e.g., development, staging, and production). We will walk through how to automate the entire release process of your application from development, to staging, and finally to production; performing automated integration tests at each stage. AWS DevDay San Francisco, June 21, 2016. Presenter: Andrew Baird, Solutions Architecture

Managing the Continuous Delivery of Code to AWS Lambda

Amazon Web Services

Signal r core workshop - netconf

Miguel Angel Teheran Garcia

Did your company start down the path of building a cloud native platform using Kubernetes with the goal of enabling developers to innovate faster and increase productivity, but then run into challenges keeping it operating in an optimal way? In this session, Weaveworks will discuss how to migrate from self-managed Kubernetes on EC2 to a GitOps managed Shared Services Platform (SSP) on EKS. A SSP built on EKS and managed with Weave GitOps provides developers and operators with common workflows to update both applications and infrastructure. With every change in version control, full audit trails are available, and security is enforced. While at the same time enabling easier rollbacks and faster mean-time-to-recovery (MTTR). In short, a Weave GitOps managed SSP increases developer velocity while boosting stability. How to operate a hybrid Kubernetes architecture, using managed EKS in the AWS Cloud and EKS-Distro on premises. How to structure your infrastructure repository to efficiently manage multiple teams. How to use Kubernetes RBAC to provide secure cluster multi-tenancy. How to use GitOps to promote releases across a hybrid set of independent clusters. How to accomplish data and operational sovereignty.

Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS

Weaveworks

Serverless Code Deployments in AWS

Marko Tomic

Tendances (20)

Observability Enhancements in Steeltoe

Infrastructure as Code

Lessons Learned from building a serverless API

AWS Community Day Bangkok 2019 - Dev Ops Philosophy Increase Productivity

AWS Community Day Bangkok 2019 - DevOps Cost Reduction using Jenkins & AWS Sp...

FaaS or not to FaaS. Visible and invisible benefits of the Serverless paradig...

Fluent 2018: When third parties stop being polite... and start getting real

Datadog Partner Demo- AWS Container Day 2019 Barcelona

Using Google Cloud Services with Spring Boot and Pivotal Cloud Foundry (Pivot...

Modernize applications and reduce TCO with Windows containers on Azure Servic...

Cloud-Native Workshop New York- Pivotal

Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud ...

From AUI to Atlaskit - Streamlining Development for Server & Cloud Apps

PHP as a Service

Redefining cloud native debugging

AWS Community Day Bangkok 2019 - Hello ClaudiaJS

Managing the Continuous Delivery of Code to AWS Lambda

Signal r core workshop - netconf

Migrating from Self-Managed Kubernetes on EC2 to a GitOps Enabled EKS

Serverless Code Deployments in AWS

Similaire à Integrating Security Controls into the Development and Delivery Pipeline

Integrating security events from all of your network and security systems is critical to solving problems quickly and keeping your environment secure. The ideal solution puts you in control and continues to work even during a DDoS attack. In this session, you'll learn how you can use the Akamai SIEM Integration product to feed security events from Akamai Cloud Security products into your environment. Also in this session, we’ll demonstrate how to use Luna administration tools to set up user, API, and security settings giving you the benefits of having Akamai security events integrated into your overall security event monitoring solution.

Connecting Your SIEM Tool with Akamai Security Events

Akamai Developers & Admins

Cisco Connect 2018 Singapore - Secure data center building a secure zero trus...

NetworkCollaborators

Building an API Security Strategy

SmartBear

Csa Summit 2017 - Un viaje seguro hacia la nube

CSA Argentina

As companies continue to migrate their applications to the cloud, they need increased levels of infrastructure and application visibility. In this webinar, you’ll learn how to: - Enable your DevOps teams with seamless and instant application and business performance monitoring of apps deployed in Pivotal Cloud Foundry (PCF) - Detect any emerging issue before it becomes a business problem - Ensure every code release drives business outcomes Speakers: Kamala Dasika, Pivotal Mark Prichard & Jonah Kowal, AppDynamics

Cloud-Native Insights: How Platform & App Visibility Drive Business Outcomes

VMware Tanzu

The move to AWS enables new application and architectural patterns that are in a continual state of change. The only way that your infrastructure, security, and operations can keep pace with these changes is with automation. In this session, we discuss the various automation tools that can be used to deploy AWS infrastructure (as code), add the VM-Series to help protect against threats (security as code), and then automatically update the policy based on Amazon GuardDuty or AWS Security Hub findings (operations as code). A brief demonstration concludes this session.

Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...

Amazon Web Services

Richard will look at the reasoning behind the current move towards Cloud-based resource usage and identify the many areas of risk that must be considered when a migration project is being planned. He will look closely at emerging threats and explain how these can be confronted using the appropriate Cloud security strategy and solutions. He will also look at the various different models of Cloud and define methodologies to assist any organisation to be compliant with current and future legislation that governs data usage and protection.

Head in the Clouds? Let’s get serious about how to benefit from Cloud platfor...

Digital Transformation EXPO Event Series

The move to AWS enables new application and architectural patterns that are in a continual state of change. The only way that your infrastructure, security, and operations can keep pace with these changes is with automation. In this session, we discuss the various automation tools you can use to first deploy the AWS infrastructure (as code), add the VM-Series to protect against threats (security as code), and then automatically update the policy based on Amazon GuardDuty or AWS Security Hub finding (operations as code). A brief demonstration concludes the session. This presentation is brought to you by AWS partner, Palo Alto Networks.

Delivering infrastructure, security, and operations as code with AWS - DEM10-...

Amazon Web Services

Micro-segmentation protects your workloads and applications against lateral movement of malware and limits the spread of insider threats, yet successfully implementing a defense-in-depth strategy using micro-segmentation is complicated. In this technical webinar, Jothi Prakash Prabakaran, Senior Product Manager at Cisco, and Yoni Geva, Product Manager at AlgoSec, will provide a step-by-step blueprint to implementing this strategy using the micro-segmentation capabilities of Cisco Tetration and network security policy management capabilities of AlgoSec. They will demonstrate how to tighten your security posture within the data center using an allow-list approach. They will also show how to enforce these granular micro-segmented policies enforced on the workloads with Cisco Tetration and a coarse grain policy enforced across the infrastructure through AlgoSec network security policy management. Join our live webinar to learn how to: • Understand your business applications to create your micro-segmentation policy • Validate your micro-segmentation policy is accurate • Enforce these granular policies on workloads and summarized policies across your infrastructure • Use risk and vulnerability analysis to tighten your workload and network security • Identify and manage security risk and compliance in your micro-segmented environment Save your seat!

Build and enforce defense in depth - an algo sec-cisco tetration webinar

AlgoSec

As companies employ DevOps practices to push applications faster into production through better collaboration and automated testing, security is often seen as an inhibitor to speed. The challenge for many organizations is getting applications delivered at a fast pace while embedding security at the speed of DevOps. In this session, learn how AWS Marketplace products and customers help make DevSecOps a well-orchestrated methodology to ensure the speed, stability, and security of your applications.

Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...

Amazon Web Services

[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...

Amazon Web Services

vSEC: bezpečnostní platforma pro privátní a veřejné cloudové služby

MarketingArrowECS_CZ

Cloud adoption is driving digital business growth and enabling companies to shift to processes and practices that make innovation continual. As with any paradigm shift, cloud computing requires different rules and a different way of thinking. This presentation will highlight best practices to build and secure scalable systems in the cloud and capitalize on the cloud with confidence and clarity. In this session we will cover: Key market drivers and advantages for leveraging cloud architectures. Foundational design principles to guide strategy for securely leveraging the cloud. The “Defense in Depth” approach to building secure services in the cloud, whether it’s private, public, or hybrid. Real-world customer insights from organizations who have successfully adopted the ""Defense in Depth"" approach. Session sponsored by Sumo Logic.

(SEC202) Best Practices for Securely Leveraging the Cloud

Amazon Web Services

Brisbane AWS Meetup: OpsWorks for Chef Automate

Matt Ray

This slide deck focuses on a deep dive into cloud application integration – specifically how SnapLogic accelerates the integration of Workday applications into modern enterprise environments. Watch the live demo here: https://youtu.be/vFa06tvEkHM Join featured speaker, Ohad Yehudai, senior solutions engineer at SnapLogic and learn why hundreds of customers across the Global 2000 – rely on SnapLogic to automate business processes, accelerate analytics, and drive digital transformation.

Live Demo: Accelerate the integration of workday applications

SnapLogic

Sisir Chowdhury and Subhas Bothra selected Panoptica following a rigorous evaluation of cloud native application security vendors. “Panoptica scored highly on every aspect of the proof of concept,” emphasizes Subhas. “By closely evaluating all the container security and vulnerability management capabilities offered in the Panoptica solution, we came to the conclusion that it was the perfect security solution to SMC, our private 5G network application.

Forging a Secure Path to Private 5G Networks for Enterprises

Panoptica

Security and compliance automation have become the most important drivers for IT Transformation to the cloud. Foundational cloud security services provide an unprecedented capability to ensure your cloud platform is secure, programmatically monitored, and adaptive. This session will demonstrate how Federal and Enterprise customers are embracing adaptive techniques in managing their most critical application workloads.

Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...

Amazon Web Services

The move to AWS enables new application and architectural patterns that are in a continual state of change. The only way that your infrastructure, security, and operations can keep pace with these changes is with automation. In this session, we discuss the various automation tools you can use to first deploy the AWS infrastructure (as code), add the VM-Series to protect against threats (security as code), and then automatically update the policy based on Amazon GuardDuty or AWS Security Hub findings (operations as code). We conclude with a brief demonstration.

Delivering infrastructure, security, and operations as code - DEM06 - Santa C...

Amazon Web Services

A Discussion of Automated Infrastructure Security with a Practical Example

Deborah Schalm

A Discussion of Automated Infrastructure Security with a Practical Example

DevOps.com

Similaire à Integrating Security Controls into the Development and Delivery Pipeline (20)